Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
ICANN would reject call for “diversity” office
ICANN’s board of directors would reject a call for an “Office of Diversity”, due to its current budget crunch.
The board said as much in remarks filed to a public comment period that got its final report this week.
The report of the CCWG-Accountability Work Stream 2 working group had recommended several potential things ICANN could do to improve diversity in the community, largely focused on collecting and publishing data on diversity.
“Diversity” for the purposes of the recommendations does not have the usual racial connotations of the word. Instead it means: geography, language, gender, age, physical disability, skills and stakeholder group.
Some members of the working group had proposed an independent diversity office, to ensure ICANN sticks to diversity commitments, but this did not gain consensus support and was not a formal recommendation.
Some commenters, including (in a personal capacity) a current vice chair of the Governmental Advisory Committee and a former ICANN director, had echoed the call for an office of diversity.
But ICANN’s board said it would not be able to support such a recommendation:
Given the lack of clarity around this office, lack of consensus support within the subgroup (and presumably within the CCWG-Accountability and the broader community), and noting the previously-mentioned budget and funding constraints and considerations, the Board is not in a position to accept this item if it were to be presented as a formal consensus-based recommendation
In general terms, it encouraged the working group to consider ICANN’s “limited funding” when it makes its final recommendations.
It added that it may be difficult for ICANN to collect personal data on community members, in light of the General Data Protection Regulation, the EU privacy law that kicks in this May.
All the comments on the report can be found here.
Registries reject lower fees for anti-abuse prowess
Registries have largely rejected a proposal for them to be offered financial incentives to lower the amount of abuse in their gTLDs.
That’s despite the idea gaining broad support from governments, intellectual property interests and restricted-registration registries.
The concept of ICANN offering discounted fees to registries that proactively fight abuse was floated by the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) back in November.
It recommended in its draft report, among other things:
Consider directing ICANN org, in its discussions with registries, to negotiate amendments to existing Registry Agreements, or in negotiations of new Registry Agreements associated with subsequent rounds of new gTLDs to include provisions in the agreements providing incentives, including financial incentives for registries, especially open registries, to adopt proactive anti-abuse measures.
“Proactive” in this case would mean measures such as preventing known bad actors from registering domains, rather than just waiting for complaints to be filed.
Given that registries have been calling for lower ICANN fees in other instances, one might expect to see support from that constituency.
However, the Registries Stakeholder Group said in a document filed to ICANN’s public comment period on the CCT’s latest recommendations that, it “opposes” the idea of such financial incentives. It said:
The RySG supports recognizing and supporting the many [registry operators] that take steps to discourage abuse, but opposes amending the RA as recommended, to mandate or incentivize ‘proactive’ anti-abuse measures.
The RySG complained that such a system would require lots of complex work to arrive at a definition of abuse and what kinds of measures would qualify as “proactive”.
Even if such definitions could be found, and amendments to the standard RA successfully negotiated, there’s still no guarantee that bad registries would sign up for the incentives or stick to their promises, “resulting in no net improvement to the current situation”, the RySG said.
The group is also concerned that adding more anti-abuse clauses to the RA could increase registries’ risk of liability should they be sued over abuse carried out by their customers.
Not all registries agreed with the RySG position, however.
The informal Verified Top-Level Domains Consortium, which comprises the two registries behind .bank, .insurance and .pharmacy, filed comments supporting the proposal.
It said that gTLDs with vetted eligibility requirements see no abuse but have lower registration volumes and therefore pay higher ICANN fees on a per-domain basis. It said:
ICANN should help to offset these costs to create a more level playing field with high-volume unrestricted registries, i.e., to enhance competition as well as consumer trust. If ICANN made it more financially advantageous to verify eligibility, other registries may be encouraged to adopt this model. The outcome would be the elimination of abuse in these verified TLDs.
Outside of the industry itself, the Governmental Advisory Committee and IP interests such as the Intellectual Property Constituency and INTA, filed comments supporting anti-abuse incentives.
The IPC “strongly” supported the recommendation, but added that the finer details would need to be worked out to ensure that lower ICANN fees did not translate automatically to lower registration fees and therefore more abuse.
Shocking nobody, it added that “abuse” should include intellectual property infringements.
Conversely, the Non-Commercial Stakeholders Group said it “strongly” opposes the recommendation, on the basis that it would push ICANN into a “content policeman” role in violation of its technical mandate:
ICANN is not a US Federal Trade Commission or an anti-fraud unit or regulatory unit of any government. Providing guidance, negotiation and worse yet, financial incentives to ICANN-contracted registries for anti-abuse measures is completely outside of our competence, goals and mandates. Such acts would bring ICANN straight into the very content issues that passionately divide countries — including speech laws, competition laws, content laws of all types. It would invalidate ICANN commitments to ourselves and the global community. It would make ICANN the policemen of the Internet, not the guardians of the infrastructure. It is a role we have sworn not to undertake; a role beyond our technical expertise; and a recommendation we must not accept.
Also opposed to incentivizing anti-abuse measures was the Messaging, Malware and Mobile Anti-Abuse Working Group (an independent entity, not an ICANN working group), which said there’s no data to support such a recommendation.
The reports provide no data that showcase what the implications of altering the economic underpinnings of a highly competitive market may entail, including inadvertent side effects such as registries that already sell low price domains being rewarded with lower ICANN fees. In fact, it may ultimately result in a race to the bottom and higher rates of domain abuse.
Instead, M3AAWG said that ICANN should concentrate is contractual compliance efforts on those registries that the data shows already have large amounts of abuse — presumably meaning the likes of .top, .gdn and the Famous Four Media stable.
ICANN itself filed a comment on the proposal, pointing out that it is not able to unilaterally impose anti-abuse measures into registry agreements.
One imagines that lowering fees at a time when its own budget is under a lot of pressure would probably not be something ICANN would be eager to implement.
These comments and more were summarized in ICANN’s report on the CCT public comment period, published yesterday. The comments themselves can be found here.
The comments feed back into the CCT review team’s work ahead of its final report, which is due to be published some time during Q1.
Under its bylaws, the CCT review is one of the things that ICANN has to complete before it opens the next round of new gTLD applications.
ICANN chief to lead talks over blocked .amazon gTLD
ICANN CEO Goran Marby has been asked to help Amazon come to terms with several South American governments over its controversial bid for the .amazon gTLD.
The organization’s board of directors passed a resolution last week accepting the suggestion, which came from the Governmental Advisory Committee. The board said:
The ICANN Board accepts the GAC advice and has asked the ICANN org President and CEO to facilitate negotiations between the Amazon Cooperation Treaty Organization’s (ACTO) member states and the Amazon corporation
Governments, prominently Peru and Brazil, have strongly objected to .amazon on the grounds that the “Amazon” river and rain-forest region, known locally as “Amazonas” should be a protected geographic term.
Amazon’s applications for .amazon and two Asian-script translations were rejected a few years ago after the GAC sided with its South American members and filed advice objecting to the gTLDs.
A subsequent Independent Review Process panel last year found that ICANN had given far too much deference to the GAC advice, which came with little to no evidence-based justification.
The panel told ICANN to “promptly” take another look at the applications and “make an objective and independent judgment regarding whether there are, in fact, well-founded, merits-based public policy reasons for denying Amazon’s applications”.
Despite this, the .amazon application is still classified as “Will Not Proceed” on ICANN’s web site. That’s basically another way of saying “rejected” or “denied”.
Amazon the company has promised to protect key domains, such as “rainforest.amazon”, if it gets to run the gTLDs. Governments would get to help create a list of reserved, sensitive domains.
It’s also promised to actively support any future bids for .amazonas supported by the governments concerned.
.amazon would be a dot-brand, so only Amazon would be able to register names there.
Economist would sue ICANN if it publishes private emails
The Economist Intelligence Unit has threatened to sue ICANN if it publishes emails related to its evaluations of “community” gTLDs.
That’s according to a document published by ICANN this week, in which the organization refused to reveal any more information about a controversial probe into the Community Priority Evaluations the EIU conducted on its behalf.
EIU “threatened litigation” should ICANN publish emails sent between the two parties, the document states.
New gTLD applicant DotMusic, which failed its CPE for .music but years later continues to fight for the decision to be overturned, filed a Documentary Information Disclosure Policy request with ICANN a month ago.
DIDP is ICANN’s equivalent of a Freedom of Information Act.
DotMusic’s request among many other items sought the release of over 100,000 emails, many sent between ICANN and the EIU, that ICANN had provided to FTI Consulting during FTI’s investigation into whether the CPEs were fair, consistent and absent ICANN meddling.
But in its response this week, ICANN pointed out that its contract with EIU, its “CPE Provider”, has confidentiality clauses:
ICANN organization endeavored to obtain consent from the CPE Provider to disclose certain information relating to the CPE Process Review, but the CPE Provider has not agreed to ICANN organization’s request, and has threatened litigation should ICANN organization breach its contractual confidentiality obligations. ICANN organization’s contractual commitments must be weighed against its other commitments, including transparency. The commitment to transparency does not outweigh all other commitments to require ICANN organization to breach its contract with the CPE Provider.
DotMusic’s DIDP sought the release of 19 batches of information, which it hopes would bolster its case that both the EIU’s original reviews and FTI’s subsequent investigation were flawed, but all requests were denied by ICANN on various grounds.
In more than one instance, ICANN claims attorney-client privilege under California law, as it was actually ICANN’s longstanding law firm Jones Day, rather than ICANN itself, that contracted with FTI.
The FTI report cleared ICANN of all impropriety and said the EIU’s CPE process had been consistent across each of the gTLD applications it looked at.
The full DIDP request and response can be found here.
ICANN has yet to make a decision on .music, along with .gay, .hotel, .cpa, and .merck, all of which were affected by the CPE reviews.
Full $185,000 refunds offered to risky new gTLD applicants
ICANN is to offer applicants for three new gTLDs identified as too risky to go live full refunds of their application fees.
Its board of directors acknowledged at its weekend retreat that it has no intention of delegating .corp, .home and .mail, and that each applicant should be able to get their entire $185,000 application fee back.
The applicants will have to withdraw their applications in order to get the refund.
Ordinarily, withdrawing an application would only qualify the applicants for a partial refund.
The ICANN board said in its resolution that it “does not intend to delegate the strings .CORP, .HOME, and .MAIL in the 2012 round of the New gTLD Program”.
It added that “the applicants were not aware before the application window that the strings .CORP, .HOME, and .MAIL would be identified as high-risk, and that the delegations of such high-risk strings would be deferred indefinitely.”
The three strings are considered risky because they already receive vast amounts of “name collision” traffic, largely from DNS queries that leak out from private networks.
There’s a concern that delegating any of them would create a big security risk in terms of confidential data leakage and stuff just generally breaking.
It’s been six years since the last new gTLD application window was open, and some applicants for the strings abandoned their bids years ago.
There are five remaining .corp applicants (and one withdrawal), five for .mail (two withdrawals) and ten for .home (one withdrawal).
The refunds will be taken from ICANN’s separate new gTLD program budget so presumably will not have an impact on its current operating budget woes.
The board noted that technically it did not have to give full refunds, under the terms of the Applicant Guidebook, but that it was doing so in the interest of “fairness”.
This may come as little comfort to applicants whose money has been tied up in limbo for the last six years.
dotgay lawyer insists it is gay enough for .gay gTLD
What do Airbnb, the Stonewall riots and the 2016 Orlando nightclub shooting have in common?
They’re all cited in a lengthy, somewhat compelling memo from a Yale law professor in support of dotgay LLC’s argument that it should be allowed to proceed with its .gay gTLD application unopposed by rival applicants.
The document (pdf), written by William Eskridge, who has decades of publications on gay rights under his belt, argues that dotgay’s Community Priority Evaluation and the subsequent review of that evaluation were both flawed.
At the crux of the dispute is whether the word “gay” can also be used to describe people who are transgender, intersex, and “allied” straight — dotgay says it can, but the Economist Intelligence Unit, which carried out the CPE, disagreed.
dotgay scored 10 out of 16 points on its CPE, four shy of a passing grade. An acceptance of dotgay’s definition of the “gay” community could have added 1 to 4 extra points to its score.
The company also lost a point due to an objection from a gay community center, despite otherwise broad support from gay-oriented organizations.
Eskridge spends quite a lot of time on the history of the word “gay”, from Gertrude Stein and Cary Grant using it as a wink-wink code-word in less-tolerant times, via the 1969 Stonewall riots, to today’s use in the media.
The argument gets a bit grisly when it is pointed out that some of the 49 people killed in the 2016 mass shooting at the Pulse nightclub in Orlando, Florida — routinely described as a “gay” club in the media — were either transgender or straight.
My research associates and I read dozens of press and Internet accounts of this then-unprecedented mass assault by a single person on American soil. Almost all of them described Pulse as a “gay bar,” the situs for the gay community. But, like the Stonewall thirty-seven years earlier, Pulse was a “gay bar” and a “gay community” that included lesbians, bisexual men and women, transgender persons, queer persons, and allies, as well as many gay men.
Eskridge argues that EIU erred by applying an overly strict definition of the applied-for string with dotgay, but not with successful community applicants for other strings.
For example, he argues, a manufacturer of facial scrubs would qualify for a “.spa” domain, and Airbnb and the Orient Express train line would qualify for “.hotel” domains under that applicant’s definition of its community, even though it could be argued that they do not fit into the narrow categories of “spas” and “hotels”.
Similarly, a transgender person may not consider themselves “gay” and a straight person certainly would not, but both might feel a part of the broader “gay community” when they get shot at a gay nightclub.
It’s an unpleasant way to frame the argument, but in my view it’s compelling nevertheless.
Eskridge also thinks that dotgay should have picked up an extra point or two in the part of the CPE dealing with community support.
It dropped one point there because the Q Center, a community center for LGBTQ people in Portland, Oregon, sent a letter objecting to the dotgay application (an objection apparently later revoked, then reinstated).
Eskridge spend some time questioning the Q Center’s bona fides as a big-enough organization to warrant costing dotgay a point, noting that it was the only member of a 200-strong umbrella organization, CenterLink, to object. CenterLink itself backed the bid.
He then goes on to cite articles seemingly showing that Q Center was in the midst of some kind of liberal paranoia meltdown — accused of racial insensibility and “transphobia” — and allegations of mismanagement at about the same time as it was objecting to dotgay’s application.
He also insinuates that Q’s base in Portland is suspicious because it’s also where rival applicant Top Level Design is based.
In summary, Eskridge reckons the EIU CPE and FTI Consulting’s subsequent investigation were both flimsy in their research, unfairly applying criteria to .gay that they did not apply to other strings, and that dotgay should have picked up enough points to pass the CPE.
It’s important to remember that this is not a case of ICANN getting decide whether the gTLD .gay gets to exist — it’s going to exist one way or the other — but rather whether the winning registry is selected by auction or not.
If dotgay wins either by getting another CPE or winning the auction then .gay will be restricted to only vetted members of the “gay” community. This could mean less homophobic abuse in .gay domains but probably also less opportunity for self expression.
If it goes to Top Level Design, MMX or Donuts, it will be open to all comers. That could increase cyber-bulling with .gay domains, but would remove barriers to entry to those who would otherwise be excluded from registering a domain.
ICANN has had .gay on hold for years while the dispute over the CPE has worked itself out, and it now has a piece of paper from FTI declaring the result hunky-dory. I doubt there’s any appetite to reopen old wounds.
My feeling is that we’re looking at an auction here.
Root crypto rollover now slated for October
ICANN has penciled in October 11 as the new date for rolling the DNS root’s cryptographic keys, a delay of a year from its original plan.
The so-called KSK rollover will see ICANN remove the deprecated 2010 Key Signing Key, leaving only the 2017 KSK active.
The KSK acts as the “trust anchor” for DNSSEC across the whole internet.
After the rollover, any network not configured to use the latest KSK would see a service interruption.
This could mean many millions of internet users being affected, but ICANN doesn’t know the extent of the possible impact for sure.
ICANN told us in November that it knows of 176 organizations in 41 countries, fairly evenly spread across the globe, that are currently not prepared to handle the new KSK.
But its data is patchy because only a tiny number of DNS resolvers are actually configured to automatically report which KSKs they’re set up to use.
Key rollovers are recommended by DNSSEC experts to reduce the risk of brute force attacks against old keys. At the root, the original plan was to roll the keys every five years.
ICANN had named October 11 2017 as the date for the first such rollover, but this was pushed back to some time in the first quarter after ICANN became aware of the lack of support for the 2017 KSK.
This was pushed back again in December to Q3 at the earliest, after ICANN admitted it still didn’t have good enough data to measure the impact of a premature roll.
Since then, ICANN has been engaged in (not always successful) outreach to networks it knows are affected and has kicked off discussions among network operators (there’s a fairly lively mailing list on the topic) to try to gauge how cautious it needs to be.
It’s now published an updated plan that’s the same as the original plan but with a date exactly one year late — October 11, 2018.
Between now and then, it will continue to try to get hold of network operators not ready to use the new keys, but it’s not expecting to completely eliminate damage. The plan reads:
Implicit in the outreach plan is the same assumption that the community had for the earlier (postponed) plan: there will likely be some systems that will fail to resolve names starting on the day of the rollover. The outreach will attempt to minimize the number of affected users while acknowledging that the operators of some resolvers will be unreachable.
The plan is open for public comment and will require the assent of the ICANN board of directors before being implemented. You have until April 2 to respond.
CPE probe: “whitewash” or “fig leaf”?
A few weeks ago, when I was reporting the conclusions of a probe into ICANN’s new gTLD program, I wrote a prediction on a piece of paper and placed it into a sealed envelope.*
I wrote: “They’re gonna call this a whitewash.”
And I was correct! Ta-dah! I’m here all week.
The lawyer for applicants for .music and .gay gTLDs has written to ICANN to complain that a purportedly independent review of the Community Evaluation Process was riddled with errors and oversights and should not be trusted.
In a letter on behalf of dotgay LLC, Arif Ali calls the report a “whitewash”. In a letter on behalf of DotMusic, he calls it a “fig leaf”.
Both companies think that the CPE probe was designed to give ICANN cover to proceed with auctions for five outstanding gTLD contention sets, rather than to get to the bottom of perceived inconsistencies in the process.
Both of Ali’s clients applied for their respective gTLDs as “community” applicants, trying to avoid auctions by using the Community Priority Evaluation process.
During their CPEs, both carried out by the Economist Intelligence Unit, neither applicant scored highly enough to win the exclusive right to .gay or .music, meaning the next stage was to auction the strings off to the highest bidder.
After repeated complaints from applicants and an Independent Review Process finding that ICANN lacked transparency and that staff may have had inappropriate influence over the EIU, ICANN hired FTI Consulting to look into the whole CPE process.
FTI’s report was finally delivered late last year, clearing ICANN on all counts of impropriety and finding that the EIU’s evaluations had been consistent across each of the applications it looked at.
The remaining gTLDs affected by this are .music, .gay, .hotel, .cpa, and .merck.
ICANN’s board of directors is due to meet to discuss next steps this weekend, but Ali says that it should “critically evaluate the [FTI] Report and not accept its wholesale conclusions”. He wrote, on behalf of DotMusic:
The report reveals that FTI’s investigation was cursory at best; its narrow mandate and evaluation methodology were designed to do little more than vindicate ICANN’s administration of the CPE process.
…
It is evident that FTI engaged in a seemingly advocacy-driven investigation to reach conclusions that would absolve ICANN of the demonstrated and demonstrable problems that afflicted the CPE process.
Among the applicants’ list of complaints: their claim that FTI did not interview affected applicants or take their submissions seriously, and the fact that ICANN was less than transparent about who was conducting the probe and what its remit was.
The same letter quotes ICANN chair Cherine Chalaby, then vice-chair, saying in a January 2017 webinar that he had observed inconsistencies in how the CPEs were carried out; inconsistencies FTI has since found did not occur.
That should be enough to provoke discussion when the board meets to discuss this and other issues in Los Angeles on Saturday.
* I didn’t actually do this of course, I just thought about it, but you get my point.
US and EU call for Whois to stay alive
Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.
The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.
Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.
David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.
Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.
Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”
“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”
He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.
The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.
For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.
It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.
The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.
While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.
Two weeks ago it called for comments on three possible Whois models that could be used from May.
That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.
Is the Trump administration really trying to reverse the IANA transition?
Questions have been raised about the US government’s commitment to an independent ICANN, following the release of letters sent by two top Trump appointees.
In the letters, new NTIA head David Redl and Secretary of Commerce Wilbur Ross expressed an interest in looking at ways to “unwind” the IANA transition, which in 2016 severed the formal ties between ICANN and the US in DNS root zone management.
Responding to questions from senators during his lengthy confirmation process, now National Telecommunications and Information Administration assistant secretary Redl wrote:
I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.
The letters were first obtained by Politico under the Freedom of Information Act. We’re publishing them here (pdf).
They were sent last August, when Redl’s confirmation to the NTIA role was being held up by Senator Ted Cruz, who vehemently opposed the transition because he said he thought it would give more power over online speech to the likes of Russia and China.
He was confirmed in November.
The question is whether Redl was serious about unwinding the transition, or whether he was just bullshitting Cruz in order to remove a roadblock to his confirmation.
Technically, he only promised to “recommend” convening a panel of experts to his boss, Ross.
NTIA declined to comment last week when DI asked whether the department still supports the IANA transition, whether any efforts are underway to unwind it, and whether the panel of experts has already been convened.
Redl’s statements on ICANN since his confirmation have been more or less consistent with his Obama-era predecessor, Larry Strickling, in terms of expressing support for multi-stakeholder models, but with perhaps some causes for concern.
During his first public speech, delivered at the CES show in Las Vegas earlier this month, Redl expressed support for multi-stakeholder internet governance amid pushes for more multi-lateral control within venues such as the International Telecommunications Union.
However, he added:
I’ll also focus on being a strong advocate for U.S. interests within ICANN. We need to ensure transparency and accountability in ICANN’s work. And in light of the implementation of the European General Data Privacy Regulation, or GDPR, we need to preserve lawful access to WHOIS data, which is a vital tool for the public.
In the coming weeks, I’ll be seeking out the views of stakeholders to understand how else NTIA can best serve American interests in these global Internet fora.
Could this be an allusion to the “panel of experts”? It’s unclear at this stage.
One of Redl’s first moves as NTIA chief was to slam ICANN for its lack of accountability concerning the shutdown of a review working group, but that was hardly a controversial point of view.
And in a letter to Senator Brian Schatz, the Democrat ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, sent earlier this month, Redl expressed support for the multi-stakeholder model and wrote:
NTIA will be a strong advocate for US interests with the Governmental Advisory Committee of the Internet Cooperation [sic] for Assigned Names and Numbers (ICANN) in the existing post-transition IANA phase. NTIA will also monitor the [IANA operator] Public Technical Identifiers (PTI) and take action as necessary to ensure the security and stability of the DNS root.
That certainly suggests NTIA is happy to work in the new paradigm, while the promise to “take action as necessary” against PTI may raise eyebrows.
While a lot of this may seem ambiguous, my hunch is that there’s not really much appetite to reverse the IANA transition. Apart from appeasing Cruz’s demons, what could possibly be gained?
Ross, quizzed by Cruz at his own confirmation hearing a year ago, seemed reluctant to commit to such a move.
Recent Comments