This ICANN comment period is a Kafkaesque nightmare

With the deadline for commenting on draft new gTLD program rules rapidly approaching, you may be tempted to visit the ICANN web site to peruse the comments that have already been submitted by others. Good bloody luck.

The way ICANN has chosen to present the comments is so bafflingly opaque, confusing and confounding that I can’t help but conclude it must have been deliberately designed to be as soul-crushing as possible.

Regular comment periods are pretty straightforward: you email your comments as prose to ICANN, ICANN publishes the email and any attachments for others to read. Everyone knows where everyone stands. Job done.

But recently there’s been a worrying trend towards a questionnaire and spreadsheet model based around Google Docs, and that’s the model being used for comments on the final draft report of the new gTLD program working group, known as SubPro.

You can check out the spreadsheet here.

The first thing you’ll notice is that the spreadsheet is 215 columns wide, with each respondent given one row for their responses.

You’ll also notice that the spreadsheet doesn’t seem to understand line breaks. Where the respondent has provided some textual commentary, it’s spread across multiple columns in some cases and not in others.

And then there’s the column headings.

While stumbling randomly through the spreadsheet, I discovered an interesting nugget of information — it seems the new gTLD registry MMX wants the next application round delayed until all of the 2012 round have been launched, which I found a bit surprising.

This nugget can be found under the column heading “Enter your response here”, a heading that is helpfully shared by 90 (ninety) other columns on the same damn page.

The heading “Do you want to save your progress and quit for now? You will be able to return to the form to complete it at a later time” appears 10 times in the document.

No information in adjacent columns sheds any light on what triggered MMX to make its comment.

In order to figure out the question for pretty much any response, the only option appears to be to cross-reference the spreadsheet with the original form questionnaire, which can be found as a PDF here.

But the questionnaire has 234 questions and there’s no straightforward correlation between the question number and the columns on the spreadsheet, which are addressed as AA through IG.

So when you see that European industry group CENTR went to the trouble to “Support Output(s) as written” in column DI, under the heading “If you choose one of the following responses, there is no need to submit comments”, it’s virtually impossible to figure out what it actually supports.

If you are able to figure out which question it was answering, that probably won’t help you much either.

The form merely contains brief summaries of changes the working group has made. To see the “Output(s) as written” you’d have to cross-reference with the 363-page draft final report (pdf).

A lot of you are probably thinking that I should just export the spreadsheet into Excel or OpenOffice and clean it up a bit. But, no, you can’t. ICANN has disabled exporting, downloading, and even copy-pasting.

It’s enough to make one feel like going out and licking the floor on public transport.

Way to go on the transparency, ICANN!

I have to believe that the ICANN staffer responsible for compiling all these comments into the official ICANN summary has some tools at his or her disposal to render this mess decipherable, because otherwise they’ve got a huge, hair-ripping job on their hands.

Of course, since there doesn’t appear to be a way for the rest of us to verify the summary report’s accuracy, they can probably just write whatever they want.

Could .cpa be the most successful new gTLD sunrise yet?

The registry for the new .cpa gTLD reckons it has received “thousands” of applications for domains during its current launch period, potentially making it the most successful gTLD sunrise since 2012.

The American Institute of Certified Public Accountants, which manages the TLD, said today:

Well over half of the 100 biggest U.S. firms — as well as an equally large percentage of the next 400 — have begun advancing their applications as part of the early phase of the .cpa registration process, which launched on Sept. 1.

Assuming “thousands” means at least 2,000, this would make .cpa a top three or four sunrise, judging by figures collected by ICANN showing Google’s .app the current volume leader at 2,908.

But we can’t assume that all the .cpa domains boasted of are trademark-verified sunrise period applications under ICANN’s rules.

AICPA is running a simultaneous Limited Registration Period during which any CPA firm can apply for domains that are “most consistent with their current digital branding” — ie, no trademark required.

Both of these periods end October 31, after which the registry will dole out domains in a batch, presumably giving preference to the sunrise applicants.

We have to assume the amount of purely defensive registrations will be relatively low, due to AICPA’s policies.

Not only are registrants limited to licensed CPA companies and individuals, but registrants have to commit to redirect their .cpa domain to their existing web site within a month and deploy a full web site within a year.

.cpa domains sell for $225 a year, according to the registry. General availability is scheduled for January 15.

ICANN 69 returning to YouTube

ICANN is to make its annual general meeting next month available streaming on YouTube, the org has announced.

That’s in addition to the Zoom rooms that have been used exclusively for meetings since the coronavirus pandemic hit at the start of the year.

The YouTube streams will be listen/view only and will have up to 30 seconds delay compared to the live Zoom rooms, which will of course continue to have interactivity.

The move will be a welcome return for those of us who need to listen in to sessions and not necessarily engage.

Unfortunately, only five “high-interest” sessions will be available, and there won’t be any live interpretation for the non-English speakers.

For the Zoom rooms, they’ll be mandatory registration before you can even view the meeting schedule. The links will be hidden behind a login screen.

This is largely due to repeated incidents of “Zoom-bombing”, where trolls interrupt proceedings with inflammatory off-topic material.

Whois plan approved, but it may be a waste of money

ICANN’s GNSO Council has approved a plan to overhaul Whois and sent it to the ICANN board for the royal assent, alongside a warning that it may be a huge waste of money.

All seven members of the Contracted Parties House voted in favor of the plan, created by the so-called EPDP working group, which would create a centralized System for Standardized Access/Disclosure for Whois records.

In the Non-Contracted Parties House, only the two members of the Intellectual Property Constituency and the two members of the Business Constituency voted against the headline resolution, with the remaining nine voting in favor.

This was sufficient to count as a supermajority, which was the threshold required.

But the board will be receiving the SSAD recommendations alongside a request for a consultation on “whether a further cost-benefit analysis should be conducted”:

Noting some of the questions surrounding the financial sustainability of SSAD and some of the concerns expressed within the different minority statements, the GNSO Council requests a consultation with the ICANN Board as part of the delivery of the GNSO Council Recommendations Report to the ICANN Board to discuss these issues, including whether a further cost-benefit analysis should be conducted before the ICANN Board considers all SSAD-related recommendations for adoption.

The cost of SSAD is currently estimated by ICANN loosely at $9 million to build and $8.9 million a year to run. Under the approved recommendations, it would be paid for by accreditation fees paid by end-user data requestors.

And the benefits?

Well, to listen to the IPC, BC, governments and security experts — collectively the expected customers of SSAD — the system will be a bit rubbish and maybe not even worth using.

They complain that SSAD still leaves ultimate responsibility for deciding whether to grant access to Whois records to trained humans at individual registries and registrars. They’d prefer a centralized structure, with much more automation, more closely resembling the pre-GDPR universe.

Contracted parties counter that if GDPR is going to hold them legally responsible for disclosures, they can’t risk offloading decision-making to a third party.

But this could prove a deterrent to adoption, and if fewer companies want to use SSAD that could mean less revenue to fund it which in turn could lead to even higher prices or the need for subsidies out of ICANN’s budget.

The IPC called the recommendations “an outcome that will not meet the needs of, and therefore will not be used by, stakeholders”.

It’s a tricky balancing act for ICANN, and it could further extend the runway to implementation.

The most likely first chance the ICANN board will get to vote on the recommendations would be the AGM, October 22, but if the GNSO consultation concludes another cost/benefit analysis is due, that would likely push the vote out into 2021.

There’s the additional wrinkle that three of ICANN’s four advisory committees, including the governments, have expressed their displeasure with the EPDP outcome, which is likely to add complexity and delay to the roadmap.

And the GNSO’s work on Whois is not even over yet.

Also during today’s meeting, the Council started early talks on whether to reopen the EPDP to address the issues of data accuracy, whether registrars should be obliged to distinguish between legal and natural persons, and whether it’s feasible to have a uniform system of anonymized email addresses in Whois records.

Should YOU have to pay when lawyers access your private Whois info?

The question of who should shoulder the costs of ICANN’s proposed Whois overhaul is being raised, with governments and others suggesting that the burden should fall on registrants themselves.

In separate statements to ICANN recently, the Governmental Advisory Committee and Security and Stability Advisory Committee both put forward the view that registrants, rather than the trademark lawyers behind most requests for private Whois data, should fund the system.

ICANN currently expects the so-called System for Standardized Access/Disclosure (SSAD), proposed after two years of talks in an ICANN community working group, to cost $9 million to build and another $9 million a year to operate.

The working group, known as the EPDP, has recommended in its final report that registrants “MUST NOT bear the costs for having data disclosed to third parties”.

Instead, it recommended that requestors themselves should pay for the system, probably via an annual accreditation fee.

But now the GAC and SSAC have issued minority statements calling that conclusion into question.

The GAC told ICANN (pdf):

While the GAC recognizes the appeal of not charging registrants when others wish to access their data, the GAC also notes that registrants assume the costs of domain registration services as a whole when they register a domain name.

While the SSAC said (pdf):

Data requestors should not primarily bear the costs of maintaining the system. Requestors should certainly pay the cost of getting accredited and maintaining their access to the system. But the current language of [EPDP Recommendation] 14.2 makes victims and defenders cover the costs of the system’s operation, which is unfair and is potentially dangerous for Internet security…

No previous PDP has protected registrants from having the costs associated with “core” registration services or the implementation of consensus policies being passed on to them. No previous PDP has tried to manipulate the functioning of market forces as is proposed in Recommendation 14.

SSAC suggested instead that registrars should be allowed to pass on the costs of SSAD to their customers, and/or that ICANN should subsidize the system.

Over 210 million gTLD domain names, $9 million a year would work out to less than five cents per domain, but one could argue there’s a principle at stake here.

Should registrants have to pay for the likes of Facebook (probably the biggest requestor of private Whois data) to access their private contact information?

The current proposed system would see the estimated $9 million spread out over a far smaller number of requestors, making the fee something like $450 per year.

EPDP member Milton Mueller did the math and concluded that any company willing to pay its lawyers hundreds of thousands of dollars to fight for greater Whois access in ICANN could certainly swallow a measly few hundred bucks a year.

But the minority objections from the GAC, SSAC and Intellectual Property Constituency do not focus wholly on the costs. They’re also bothered that SSAD doesn’t go nearly far enough to actually provide access to Whois data.

Under the current, temporary, post-GDPR system, registries and registrars basically use their own employees’ discretion when deciding whether to approve a Whois data request.

That wouldn’t change significantly under SSAD, but there would be a huge, multi-tiered system of accreditation and request-forwarding that’s been described as “glorified, overly complex and very expensive ticketing system”.

The GAC wants something much more automated, or for the policy to naturally allow increased automation over time. It also wants increased centralization, taking away much of the human decision-making at registrars out of the equation.

The response from the industry has basically been that if GDPR makes them legally liable for their customers’ data, then it’s the registries and registrars that should make the disclosure decisions.

The GAC has a great deal of power over ICANN, so there’s likely to be a bit of a fight about the EPDP’s outcomes and the future of SSAD.

The recommendations are due to be voted on by the GNSO Council at its meeting tomorrow, and as I’ve noted before, it could be tight.

Council chair Keith Drazek seems to be anticipating some lively debate, and he’s already warned fellow members that’s he’s not minded to approve any request for a delay on the vote, noting that the final report has been available for review for several weeks.

By convention, the Council will defer a vote on the request of any of its constituency groups, but this is sometimes exploited.

Should the Council approve the resolution approving the final report — which contains a request for further financial review of SSAD — then it will be forwarded to the ICANN board of directors for final discussion and approval.

But with the GAC on its case, with its special advisory powers, getting SSAD past the board could prove tricky.

Donuts to launch .contact next week

Almost a year and a half after buying it, Donuts is ready to launch its newest gTLD, .contact.

According to ICANN records, the sunrise period for the domain will run from September 29 to November 28.

Registrars report that general availability will begin December 9. Retail pricing is expected to be competitive with .com.

Donuts will also run its traditional Early Access Period, from December 2, a week during which prices start very high and decline day by day.

It will be an unrestricted space, as it Donuts’ wont, and I imagine the suggested use case is something similar to the .tel model — the publication of contact information.

Donuts acquired .contact from Top Level Spectrum for an undisclosed amount in April 2019.

Is India’s largest registrar about to go titsup? And where the hell is ICANN?

India’s largest independent domain name registrar appears to be “doing an AlpNames”, with many customers complaining about domains going dark, transfer codes not being issued, and customer support being unavailable for weeks.

Net 4 India, which claims to have 400,000 customers, has been in insolvency proceeds for over two years, but it’s only in the last couple months that the complaints have started piling up by the scores from disgruntled customers.

A major complaint is that renewals are not processed even after they are paid for, that transfer authcodes never arrive, that customer support never picks up the phone or replies to emails, and (occasionally) that the Net4 web site itself is down.

As we saw with AlpNames last year and RegisterFly back in the mists of time, These are all the warning signs of a registrar in trouble.

On its web site, Net4 prominently warns customers that its call centers are operating on a skeleton staff due to India’s coronavirus lockdown measures, which may account for the lack of support.

But there are reports that customers have visited the company’s offices in person to find them closed.

There’s been radio silence from the registrar. Even its Twitter account is private.

Many local commentators are pointing to the fact that Net4 is in protracted insolvency proceedings as the true underlying issue.

There have been calls for government intervention, action by .in registry NIXI, ICANN enforcement, and even the Indian equivalent of a class action lawsuit. This local cyber law blogger is all over it.

But what is ICANN doing about it?

Net4 was taken to a quasi-judicial insolvency court in 2017 by a debt-recovery company called Edelweiss over the rupee equivalent of about $28 million of unpaid loans from the State Bank of India.

ICANN has been aware of this fact since at least April 2019, when it started calling the registrar for an explanation.

Under the standard Registrar Accreditation Agreement, being in insolvency for over 30 days is grounds for unilateral termination by ICANN.

ICANN could terminate the agreement and transfer all of Net4’s gTLD domain names to a different registrar pretty much at will — all the registrant data is in escrow. This would not protect Net4’s many thousands of .in registrants of course.

ICANN suspended Net4’s RAA in June last year, but Net4 somehow managed to talk its way out of it. ICANN later rescinded the suspension on the proviso that the registrar provide monthly updates regarding its insolvency.

Net4’s cure period has been extended three times by ICANN. The latest expired July 31 this year.

At least one ICANN staffer is on the case, however. ICANN’s head of India Samiran Gupta has recently been reaching out to customers on Twitter, offering his email address and assistance getting in contact with Net4 staff, apparently with some success.

But Net4 had 95,000 gTLD names under management at the last count (though it’s been hemorrhaging thousands per month) so this individual approach won’t go very far.

No ICANN meetings until 2021

Community members itching to be able to suck up to (or berate) ICANN staffers in person rather than over the phone or videoconferencing will have to wait a little longer.

The Org announced today that all face-to-face meetings have been cancelled until the end of the year due to the ongoing coronavirus pandemic.

It doesn’t affect any of the big public meetings — the AGM in October was relocated from Hamburg to Zoom a few months ago — but regular business travel and intersessional meetings are hit.

It also means ICANN staffers will continue to work from home until January at the earliest, ICANN said.

The health and safety of our community and staff are always our top concern, and we believe it is not prudent to travel or encourage gatherings until at least the end of 2020. The ongoing and long-term health impact of COVID-19 on our community and staff is a risk that we are not willing to take. In addition, the travel landscape has not yet stabilized, which makes any travel complicated and risky.

Call me a pessimist, but I’d be very surprised if this is the last time the travel ban is extended.

Floodgates, open! Trademark Clearinghouse now supports .com

The Trademark Clearinghouse has added .com to the roster of TLDs supported by its infringement notification service.

The Deloitte-managed service recently announced the change to its Ongoing Notification Service, which came into effect late last month.

The update means TMCH subscribers will receive alerts whenever a .com domain is registered that contains their trademark, helping them to decide whether to pursue enforcement actions such as UDRP.

Unlike the ICANN-mandated 90-day Trademark Claims period that accompanies the launch of each new gTLD, the registrant herself does not receive an alert of possible infringement at point of registration.

The service, which is not regulated by ICANN, is still free to companies that have their marks registered in the TMCH, which charges an extra dollar for every variation of a mark the holder wishes to monitor.

Such services have been commercially available from the likes of MarkMonitor for 20 years or more. The TMCH has been offering it for new gTLDs since they started launching at the end of 2013.

With the .com-shaped gaping hole now plugged, two things could happen.

First, clients may find a steep increase in the number of alerts they receive — .com is still the biggest-selling and in volume terms the most-abused TLD.

Second, commercial providers of similar services now find themselves competing against a free rival with an ICANN-enabled captive audience.

The upgrade comes at the tail end of the current wave of the new gTLD program. With the .gay launch out of the way and other desirable open TLDs tied up in litigation, there won’t be much call for TMCH’s core services for the next few years.

It also comes just a couple months after the .com zone file started being published on ICANN’s Centralized Zone Data Service, but I expect that’s just a coincidence.

GoDaddy could lose control of .co this week

It looks like GoDaddy’s recently acquired .co registry could lose formal control of the ccTLD this week.

ICANN’s board of directors has “Transfer of the .CO (Colombia) top-level domain to the Ministry of Information and Communications Technologies” on its agenda for its meeting this Thursday.

Since 2009, IANA record for .co shows the Colombian company .CO Internet as the sponsor, admin contact and tech contact.

.CO Internet was acquired by Neustar for $109 million in 2014. Neustar’s registry business, including the .co contract, was acquired by GoDaddy earlier this year. Most of .CO Internet’s original staff are still with the company.

GoDaddy now has the contract to run .co for the next five years, but as a service provider rather than having full administrative control of the TLD.

A redelegation to the Colombian ministry will not affect that contract, and in fact seems to have been envisaged by it.

Back in April when the renewal was announced, MinTIC said it would in future “be in charge of its [.co’s] administration through a group dedicated to Internet governance with technical personnel with knowledge and ability to manage and administer the domain”.

The new deal also sees Colombia receive 81% of the profits from .co, compared to the 6-7% it received under the old deal.

Assuming the ICANN board gives the redelegation the nod this week, it usually only takes IANA a day or two to make the appropriate updates to its registry.