ICANN to be told to stop pussyfooting on new gTLDs

The GNSO Council is expected to tell ICANN’s board of directors that it needs to stop lollygagging and set the wheels in motion for the next round of new gTLDs.

The Council plans to send a letter to the board ahead of its retreat this weekend, urging it to approve the GNSO’s new gTLD policy recommendations — the so-called SubPro Final Report — which turn two years old today.

There may also be some harsh critique of ICANN’s Operational Design Assessment for the program, which put an unexpectedly enormous price tag and years-long runway on the next round.

An early draft of the letter urges the board to approve the SubPro report “as soon as practicable” and “quickly” form an Implementation Review Team, which is the next stage of turning policy recommendations into systems and processes.

The ODA had provided two options for the next round. One would take five years and cost $125 million before a single application fee is collected. The second would cost about half as much and take 18 months.

The key differences were that Option 1 would see a lot of automation, with ICANN scratch-building systems for handling applications, objections, contention resolution and such, whereas Option 2 would cut some corners and rely more on manual processing.

But the GNSO, at least judging by the early draft of its letter, seems to regard this as a false dichotomy, instead proposing a third way, leaning on configurable third-party software and existing ICANN systems.

Option 1 is “overly aggressive… overly complex, time and resource intensive, and much more expensive than is necessary”, the draft letter says.

There wasn’t enough information in the ODA for the Council to figure out exactly how the two options differ, it says.

The letter is expected to tell the board that it doesn’t need to pick between the two options. Rather, it should just approve the SubPro’s recommendations and leave it to the ICANN staff and community members on the IRT to work out the details.

While the letter doesn’t come out and say it outright, the subtext I infer is that the ODA, which took a year and cost $9 million, was a waste of time and money. If the Council can’t figure out what it means, how is the board (its intended audience) supposed to?

The Council also expresses bafflement that the proposed Registry Services Providers Pre-Evaluation program, which was meant to streamline the program by accrediting RSPs in advance of the application window opening, is predicted by the ODA to be incredibly expensive and time-consuming, the exact opposite of its intended purpose.

The letter was composed by a “small team” subset of the Council and is likely to be edited over the next few days as other members weigh in. The Council is expected to discuss it at its monthly meeting tomorrow and send it to the board before it discusses the ODA on Sunday.

New ICANN boss makes encouraging noises on new gTLDs

ICANN’s new interim CEO Sally Costerton addressed the community in her new role for what I believe was the first time last Thursday, in a call with the GNSO Council.

The hour-long call was meant to discuss the outcomes of the Council’s Strategic Planning Session a month ago, but it also served as a Q&A between councilors and Costerton.

The last 15 minutes are of particular interest, especially if you’re one of the people concerned about ICANN’s devolution into a “do-nothing” organization over the last several years.

At that mark, Thomas Rickert of the trade group eco addressed the issue in a lengthy comment in which he pointed out that ICANN has been moving so slowly of late that even lumbering governmental institutions such as the European Union have come to realize that it’s faster to legislate on issues such as Whois than to wait for ICANN to sort it out.

He also pointed to the community’s pain of waiting a year for the recent Operational Design Assessment for the next round of new gTLDs, and its shock that the ODA pointed to an even more-expensive round that could take five years or more to come to fruition.

“I’ve heard many in the community say that the operational design reports come up with a level of complexity and diligence that stands in the way of being efficient,” he said. “So maybe the perfect is the enemy of the good.”

ICANN should be brave, dig its heels in, and get stuff done, he remarked.

Costerton seemed to enjoy the critique, suggesting that the recording of Rickert’s comments should be circulated to other ICANN staff.

She described herself as a “pragmatist rather than an ideologue”.

“I so want to say you’re absolutely right, Thomas, I completely agree with you 100%, we should just get it done,” she said. “Good is good enough. Perfect is the enemy of the good — I like that expression, I think it very often is.”

But.

Costerton said she has to balance getting stuff done with threats from governments and the risk of being “overwhelmed by aggressive litigation”. She said that ICANN needs “a framework around us that protects us”.

Getting that balance right is the tricky bit, she indicated.

Costerton, who took her new role at the end of last year following Göran Marby’s unexpected resignation, did not tip her hand on whether she plans to apply to have the “interim” removed from her job title. It is known that she has applied at least once before.

Wanted: a gTLD to ban

ICANN may have failed so far to deliver a way for the world to create any more gTLDs, but it’s about to pick a string that it will resolve to never, ever delegate.

It’s going to designate an official “private use” string, designed for organizations to use behind their own firewalls, and promise that the chosen string will never make it to the DNS root.

IP lawyers and new gTLD consultants might want to keep an eye on this one.

The move comes at the prompting of the Security and Stability Advisory Committee, which called for ICANN to pick a private-use TLD in a September 2020 document (pdf).

ICANN hasn’t picked a string yet, but it has published its criteria for public comment:

1. It is a valid DNS label.
2. It is not already delegated in the root zone.
3. It is not confusingly similar to another TLD in existence.
4. It is relatively short, memorable, and meaningful.

The obvious thing to do would be to pick one of the 42 strings ICANN banned in the 2012 new gTLD round, which includes .example, .test and .invalid, or one of the three strings it subsequently decided were too risky to go in the root due to their extensive use on private networks — .corp, .mail and .home.

The SSAC notes in its document that ICANN’s two root server constellations receive about 854 million requests a day for .home — the most-used invalid TLD — presumably due to leaks from corporate networks and home routers.

But .homes (plural) is currently in use — XYZ.com manages the registry — so would .home fail the “confusingly similar” test? Given that it’s already established ICANN policy that plurals should be banned in the next round, .home could be ruled out.

ICANN’s consultation doesn’t make mention of whether gTLDs applied for in subsequent rounds would be tested for confusing similarity against this currently theoretical private-use string, but it seems likely.

Anyone considering applying for a gTLD in future will want to make sure the string ICANN picks isn’t too close to their brands or gTLD string ideas. Its eventual choice of string will also be open for public comment.

There don’t seem to be a massive amount of real-world benefits to designating a single private-use TLD string.

Nobody would be obliged to use it in their kit or on their networks, even if they know it exists, and ICANN’s track record of reaching out to the broader tech sector isn’t exactly stellar (see: universal acceptance). And even if everyone currently using a different TLD in their products were to switch to ICANN’s choice, it would presumably take many years for currently deployed gear to cycle out of usage.

IRP panel tells ICANN to stop being so secretive, again

ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.

The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.

This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.

Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.

But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.

Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.

The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.

But Namecheap succeeded on the second count.

The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.

Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”

As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.

ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.

As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.

ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…

ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.

The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.

Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.

The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.

The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.

“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.

Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.

The .org contract was ultimately signed June 30, without a formal board resolution.

(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)

The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.

The panel in conclusion issued a series of “recommendations” to ICANN.

It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.

The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”

Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.

If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.

Finally, the panel wrote:

the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.

ICANN is on the hook to pay the panel’s fees of $841,894.76.

ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.

Namecheap says it won legal fight over .org price caps

Namecheap claims to have won a fight against ICANN over the lifting of contractual price caps in .org and .info back in 2019.

The two parties have been battling it out for almost three years in an Independent Review Process case over ICANN’s decision to allow the .info and .org registries to increase their prices by as much as they want.

Namecheap now claims the decision has been delivered and “the IRP panel decided that ICANN had, indeed, violated its Bylaws and Articles of Incorporation and that ICANN’s decision to remove the price caps was invalid.”

The registrar also says it failed in its attempt to have a similar ruling with regrds the .biz TLD, but it’s not clear why.

Neither party has yet published the decision in full (ICANN is likely redacting it for publication as I type), and ICANN has yet to make a statement, so we only have Namecheap’s interpretation to go on.

It seems the IRP panel disagreed with ICANN that it was within its staff’s delegated powers to renegotiate the price provisions of the contracts without input from the board of directors.

Rather, there should be a open and transparent process, involving other stakeholders, for making such changes, the panel said according to Namecheap.

What the panel does not appear to have said is that the price caps can be unilaterally restored to the contracts. Rather, it seems to suggest a combination of voluntary reinstatements, expert competition reviews, and bilateral renegotiations.

The decision also seems to say that price controls are more important in .org than .info, due to its not-for-profit nature, which flies in the face of ICANN’s long-term push to standardize its contracts to the greatest extent possible.

The row over .org pricing emerged shortly before the ultimately unsuccessful takeover attempt of Public Interest Registry by for-profit private equity firm Ethos Capital was announced. Ethos had planned to raise prices, but PIR, still a non-profit owned by the Internet Society, to date has not.

Namecheap’s IRP claims related to ICANN’s handling of that acquisition attempt were thrown out in 2021.

.info was an Afilias TLD when the IRP was filed but is now Ethos-owned Identity Digital’s biggest gTLD following consolidation.

I’ll have more on this story after the full decision is made public.

More details on ICANN’s CEO handover

ICANN has published more information on its change of CEO, which saw Göran Marby’s shock resignation last week.

Interim CEO Sally Costerton has been employed on an automatically renewing six-month contract that will only end if she quits, is fired, or a permanent replacement is found.

The ICANN board of directors has approved a “monthly stipend”, a bonus payment while she holds the interim position, but the amount, based on advice from compensation consultancy Willis Towers Watson, was not disclosed.

In fact, Costerton’s salary has never been disclosed in the decade she has worked for the Org. It is assumed that she is paid via the UK-based company she set up with her husband around the same time she was hired by ICANN.

That company, Sally Costerton Advisory Ltd, had about £1.3 million ($1.6 million) in net assets as of March, company records, which include no income statement, show. ICANN’s tax returns, which report executive salaries, do not reflect any payments to the company.

The board’s resolutions also confirm that Marby, who will stay as a consultant until May 2024, has will have his contract renegotiated, but the terms were redacted.

Merry Christmas! Marby finally out as ICANN CEO

Göran Marby has “resigned” as the CEO of ICANN.

Chair Tripti Sinha informed staff of his departure last night, saying Marby had been working with the board “over the past few days” to ensure a “smooth transition” that will see him stay on the payroll as a consultant until May 23, 2024.

That’s the date his employment contract was due to expire anyway. There’s no word yet on whether his eye-watering salary will be reduced.

Sinha herself is a new installation, taking over after the board ousted Maarten Botterman a few months ago.

Sally Costerton, senior vice president of global stakeholder engagement, has taken over on an interim basis, while ICANN recruits a successor, but she has an added bonus of being likable and one assumes she’s a leading candidate to take over on a permanent basis.

Costerton, a British former PR professional, has been itching for the gig for over a decade, first applying after Rod Beckstrom quit in 2012 and immediately brought into the senior ranks by Fadi Chehadé, who hired both of his unsuccessful fellow short-listers.

A CEO with a background in public relations in theory is good news for ICANN transparency. The Org has been criticized for ignoring the media and other transparency obligations under its current leadership.

Marby’s achievements in his six and a half years as CEO include being the first person to persuade the board to pay him over a million dollars a year and

ICANN loses another dot-brand, this one in use

Linde, a German chemicals company, has asked ICANN to terminate its gTLD registry contract.

Unusually, the dot-brand was actually in use, with many .linde domains still in its zone file, many of which were indexed by search engines.

It seems the company was using two-letter country-specific domains such as cz.linde and feature-oriented names such as socialmedia.linde to redirect to pages on linde.com or even the godawful the-linde-group.com.

But whatever Linde was trying, it didn’t live up to expectations, so .linde is set to be added to the funeral pyre of 100+ dead dot-brands.

Abuse crackdown likely in next gTLD registrar contract

ICANN and its accredited registries and registrars have formally kicked off contract renegotiations designed to better tackle DNS abuse.

The aim is to create a “baseline obligation” for contracted parties to “take reasonable and appropriate action to mitigate or disrupt malicious registrations engaged in DNS Abuse”, according to recent correspondence.

This may close the loophole in the contracts identified this year that hinder ICANN Compliance’s ability to take action against registrars that turn a blind eye to abuse.

The current contracts require registrars to “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse”, which lacks clarity because there’s no agreement on what an appropriate response is.

The registries and registrars stakeholder groups (RySG and RrSG) note that there won’t be an expansion of the term “DNS abuse” to expand into web site content, nor will the talks cover Whois policy.

As is the norm for contract negotiations, they’ll be bilateral between ICANN and a select group of representative contracted parties, and conducted in private.

Talks are expected to take three to six months and the resulting amendments to the Registrar Accreditation Agreement and base Registry Agreement will be published for 30 days of public comment.

It’s been almost 10 years since the RAA was last updated.

ICANN expects to approve Whois Disclosure System next month

ICANN could be offering a centralized system for requesting private domain registration data as early as a year from now, a mere five and a half years after GDPR ruined the global Whois system for many.

The Org recently alluded to its “board’s anticipated January 2023 vote to move forward in implementing the new system to streamline the intake and routing of requests for access to nonpublic gTLD registration data” in a blog post.

It has previously stated that it will take nine months to develop and roll out the system, along with a three-month “ramp-up period”, but that preparatory work may have already started.

The system will be based on CZDS, the service that currently allows people to request zone file data from registries, and cost $3.3 million to develop and run for its anticipated two-year trial period.

Don’t expect it to be called the Whois Disclosure System though. Community feedback has been pretty clear that “disclosure” is an inappropriate word because the system merely manages requests and does not actually disclose anything.

It’s also going to be voluntary for both requesters and registrars/registries for now.

The system was previously known as SSAD Lite, a cut-down version of the community-recommended System for Standardized Access and Disclosure, which ICANN estimated would have cost infinity dollars and take a century to implement.