Will ICANN swap Hamburg for Zoom for 69?

ICANN’s board of directors is meeting this week to discuss arrangements for ICANN 69, and I think there’s a reasonable chance it will decide to take the meeting online-only.

The last official word from ICANN was that it is working on the assumption that normality will have resumed by September, and that October’s meeting could go ahead in Hamburg, Germany as planned.

But will it?

Current German coronavirus-related travel restrictions, which have been in place since March, forbid non-citizen incoming travelers from pretty much anywhere, even elsewhere in the EU.

Some travelers are being asked to self-quarantine for 14 days upon entry, which is obviously impractical for conference travel.

However, German is loosening its rules next week for EU travelers and will treat countries on a case-by-case basis, based on how many infections they’re recording at the time.

Americans will still not be allowed to travel to Germany and there’s no word on when the ban will be lifted.

German guidelines also currently prohibit any large gatherings of people, including conferences, until at least the end of August.

ICANN’s obviously going to have to do a bit of crystal ball-gazing, to guess whether business travel is going to be safe and permitted in October.

It’s also going to have to guess whether a large enough number of people will actually want to attend to make an in-person meeting worthwhile.

With many medical experts predicting a third-quarter resurgence of the pandemic, the so-called “second wave”, inviting guests from every continent to gather in the same room might be seen as risky.

Conferences in other industries that had been due to take place in Germany in October have been canceled or postponed.

Notably, Oktoberfest in Munich (which starts in September but runs into October) is not going ahead this year, but I’ve found examples of conventions in publishing, gaming and catering sectors that have also been canceled.

However, some events due to take place in March and April have been postponed UNTIL October, suggesting a level of confidence that the virus will be low-risk by that time.

Top-level reshuffle as ICANN loses its COO

ICANN today announced a series of organizational changes at the highest level of management after its COO decided to quit.

Susanna Bennett, senior veep and chief operations officer, will leave July 1 for pastures new after seven years on the job, and her role will be split between other senior figures.

ICANN also said today that Theresa Swinehart has been appointed head of the Global Domains Division, a role she’s been filling on an interim basis since Cyrus Namazi quit a few months back.

She’s also senior VP of multistakeholder strategy and strategic initiatives and CEO Göran Marby’s co-deputy. She’ll be keeping both of those jobs too.

In terms of ops, Bennett’s functions will be split between CFO Xavier Calvez, senior VP of HR Gina Villavicencio, and general counsel John Jeffrey. Calvez will also take on some of the MSSI responsibilities previously held by Swinehart.

The fact that Bennett and Namazi, who together were compensated to the tune of $860,000 in ICANN’s fiscal 2019, had functions that can be easily redistributed among other staffers does rather beg the question of whether ICANN has been spending domain registrants’ money as efficiently as possible.

Still, the rejigger will presumably be welcomed by those who believe that ICANN has in recent years become overly bloated and bureaucratic.

ICANN recently slashed its FY21 budget by 8% due to the expected impact of the coronavirus-related recessions.

Amazon finally gets its dot-brands despite last-minute government plea

Amazon’s three long-sought dot-brand gTLDs were added to the DNS root last night, despite an eleventh-hour attempt by South American governments to drag the company back to the negotiating table.

.amazon, along with the Japanese and Chinese translations — .アマゾン (.xn--cckwcxetd) and .亚马逊 (.xn--jlq480n2rg) — and its NIC sites have already gone live.

Visiting nic.amazon today will present you with a brief corporate blurb and a link to Amazon’s saccharine social-responsibility blog. As a dot-brand, only Amazon will be allowed to use .amazon domains.

The delegations come despite a last-minute plea to ICANN by the eight-government Amazon Cooperation Treaty Organization, which unsuccessfully tried to insert itself into the role of “joint manager” of the gTLDs.

ACTO believes its historical cultural right to the string outweighs the e-commerce giant’s trademark, and that its should have a more or less equal role in the gTLD’s management.

This position was untenable to Amazon, which countered with a collection of safeguards protecting culturally sensitive strings and various other baubles.

Talks fell through last year and ICANN approved the gTLDs over ACTO’s objections.

ACTO’s secretary-general, Alexandra Moreira, wrote to ICANN (pdf) May 21 to take one last stab at getting Amazon back in talks, telling CEO Göran Marby:

the name “Amazon” pertains to a geographical region constituting an integral part of the heritage of its countries. Therefore, we Amazonians have the right to participate in the governance of the “.amazon” TLD.

…

Our side is ready to resume negotiations on the TLD’s governance with the Amazon Corporation., from the point where their side interrupted it, with a view to arriving at a satisfactory agreement.

Her letter came in response to an earlier Marby missive (pdf) that extensively set out ICANN’s case that talks fell apart due to ACTO repeatedly postponing and cancelling scheduled meetings.

Despite the fact that Amazon’s basically got what it wanted, seven years after filing its gTLD applications, ACTO’s members didn’t get nothing.

The contracts Amazon signed with ICANN back in December have Public Interest Commitments in them that allow the governments to reserve up to 1,500 culturally sensitive strings from registration, as well as giving each nation its own .amazon domain.

Is ICANN chickening out of Whois access role?

As talks over a centralized system for Whois access enter their eleventh hour, confusion has been sown over whether ICANN still wants to play ball.

The ICANN working group tasked with creating a “unified access model” for Whois data, currently rendered private by the GDPR privacy law, was forced last week to ask ICANN’s board of directors three blunt questions about how it sees its future role.

The group has been working for two years on a system of Whois access based around a central gateway for requests, which could be made only by those given credentials by an accreditation authority, which would also be able to revoke access rights if abused.

The proposed model as a whole has come to be known as SSAD, for System for Standardized Access/Disclosure.

The assumption has been that ICANN would act in these roles, either hands-on or by subcontracting the functions out to third parties, largely because ICANN has given every indication that it would and is arguably inventor of the concept.

But that assumption was thrown into doubt last Thursday, during a working group teleconference, when ICANN board liaison Chris Disspain worried aloud that the group may be pushing ICANN into areas beyond its remit.

Disspain said he was “increasingly uncomfortable with the stretching of ICANN’s mandate”, and that there was no guarantee that the board would approve a policy that appeared to push it outside the boundaries of its mission statement and bylaws.

“While it may be convenient and it might seem to solve the problem to say ‘Well, let ICANN do it’, I don’t think anyone should assume that ICANN will,” he said.

He stressed that he was speaking in his personal capacity rather on behalf of the board, but added that he was speaking based on his over eight years of experience on the board.

He spoke within the context of a discussion about how Whois access accreditation could be revoked in the event that the user abused their privileges, and whether an ICANN department such as Compliance should be responsible.

Several working group members expressed surprise at his remarks, with Milton Mueller of the Non-Commercial Stakeholders Group later calling it “a sudden and rather suspicious departure from nearly two years of ICANN Org statements and activities”.

The confusion comes at a critical juncture for the working group, which has to wrap up its work before chair Janis Karklins quits on June 30.

Karklins wrote to the board late last week to ask:

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the Accreditation Authority function?

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the central Gateway function?

If SSAD becomes an adopted consensus policy, would ICANN Org enforces compliance of SSAD users and involved parties with its consensus policy?

It’s a kinda important set of questions, but there’s no guarantee ICANN will provide straight answers.

When the working group, known as the EPDP, wraps up, the policy will go to the GNSO Council for approval before it goes to the board.

Irony alert! Data protection agency complains it can’t get access to private Whois data

A European data protection authority has complained to ICANN after a registrar refused to hand over one of its customers’ private Whois records, citing the GDPR data protection regulation, according to ICANN.

Compounding the irony, the DPA wanted the data as part of its probe into an alleged GDPR violation at the domain in question.

This is the frankly hilarious scenario outlined in a letter (pdf) from ICANN boss Göran Marby to Andrea Jelinek, chair of the European Data Protection Board, last week.

Since May 2018, registrars and registries have been obliged under ICANN rules to redact all personally identifiable information from public Whois records, because of the EU’s General Data Protection regulation.

This has irked the likes of law enforcement and intellectual property owners, who have found it increasingly difficult to discover the identities of suspected bad actors such as fraudsters and cybersquatters.

Registrars are still obliged to hand over data upon request in certain circumstances, but the rules are vague, requiring a judgement call:

Registry and Registrar MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR.

While an ICANN working group has been attempting to come up with a clearer-cut set of guidelines, administered by a central body, this so-called SSAD (System for Standardized Access/Disclosure) has yet to come to fruition.

So when an unidentified European DPA recently asked a similarly unidentified non-EU registrar for the Whois data of somebody they suspected of GDPR violations, the registrar told it to get stuffed.

It told the DPA it would “not act against a domain name without any clear and unambiguous evidence for the fraudulent behavior” and said it would respond to legal requests in its own jurisdiction, according to ICANN.

The DPA complained to ICANN, and now ICANN is using that complaint to shame the EDPB into getting off the fence and providing some much-needed clarity about when registrars can declassify Whois data without breaking the law.

Marby wrote that registrars are having to apply their “subjective judgment and discretion” and will most often come down on the side of registrants in order to reduce their GDPR risk. He wrote:

ICANN org would respectfully suggest to the EDPB that a more explicit recognition of the importance of certain legitimate interests, including the relevance of public interests, combined with clearer guidelines on balancing, could address these problems.

…

ICANN org would respectfully suggest to the EDPB to consider issuing additional specific guidance on this topic to ensure that entities with a legitimate interest in obtaining access to non-public gTLD registration data are able to do so. Guidance would in particular be appreciated on how to balance legitimate interests in access to data with the interests of the data subject concerned

ICANN and the EDPB have been communicating about this issue for a couple of years now, with ICANN looking for some clarity on this largely untested area of law, but the EDPB’s responses to data have been pretty vague and unhelpful, almost as if it doesn’t know what the hell it’s doing either.

Will this latest example of the unintended consequences of GDPR give the Board the kick up the bum it needs to start talking in specifics? We’ll have to wait and see.

ICANN dissenter explains why she wanted .org sale approved

ICANN has finally published the dissenting statement made by one of its directors following the vote to deny Ethos Capital the right to acquire Public Interest Registry from the Internet Society.

Avri Doria was one of only two directors to vote against the majority on the April 30 resolution, and the only one to file a written statement for the record, which ICANN has now published (pdf). It reads:

Briefly, I believe that the contractual conditions have been met by PIR and Ethos and that they have gone beyond these required contractual conditions to offer significant public interest commitments currently missing from the current contract.

On balance after intense study of the proposal I have come to conclusion that the Public Interest of registrants and users is better served by the PICs offered by PIR, though they could
be stronger, than by forcing PIR to remain within ISOC without any guarantees on public interest related to data usage and freedom of expression.

In exchange for ICANN approval of the deal, Ethos had promised to cap its price increases at 10% for eight years and to create a largely independent stewardship council to monitor issues related to privacy and free speech in .org.

With ICANN voting to deny the acquisition, PIR is not required to live up to those commitments, but opponents of the deal feel that its not-for-profit status under ISOC control provide stronger protections against bad behavior.

ICANN said it rejected the deal on “public interest” grounds for a variety of reasons including the lack of transparency into Ethos’ ultimate ownership, distrust that Ethos would be able to service its debt, doubt over its management in the long term, and the sheer volume of dissent from the community.

Also playing a strong role was an objection from the California attorney general, who pulled rank and informed ICANN that it should reject the deal, reminding the organization that it was subject to his oversight. This has been described as a dangerous precedent.

CSC removes reference to “retiring” new gTLD domain after retiring new gTLD domain

The corporate registrar and new gTLD management consultant CSC Global has ditched a new gTLD domain in favor of a .com, but edited its announcement after the poor optics became clear.

In a brief blog post this week, the company wrote:

We’re retiring cscdigitalbrand.services to give you a more user-friendly interface at cscdbs.com.

From the trusted provider of choice for Forbes Global 2000 companies, this more user-friendly site is filled with information you need to secure and protect your brand. You’ll experience a brand new look and feel, at-a-glance facts and figures, learn about the latest digital threats, access our trusted resources, and see what our customers are saying.

Visit the site to learn more about our core solutions: domain management, domain security, and brand and fraud protection.

But the current version of the post expunges the first paragraph, referring to the retirement of its .services domain, entirely.

I’m going to guess this happened after OnlineDomain reported the move.

But the original text is still in the blog’s cached RSS feed at Feedly.

It’s perhaps not surprising that CSC would not want to draw attention to the fact that it’s withdrawn to a .com from a .services, the gTLD managed by Donuts.

After all, CSC manages dozens of new gTLDs for clients including Apple, Yahoo and Home Depot, and releases quarterly reports tracking and encouraging activation of dot-brands.

Interestingly, and I’m veering a little off-topic here, there is a .csc new gTLD but CSC does not own it. It was delegated to a company called Computer Sciences Corporation (ironically through an application managed by CSC rival MarkMonitor) which also owns csc.com.

Computer Sciences Corporation never really got around to using .csc, and in 2017 merged with a unit of HP to form DXC Technology.

If you visit nic.csc today, you’ll be redirected to dxc.technology/nic, which bears a notice that it’s the “registry for the .dxc top-level domain”.

Given that the .dxc top-level domain doesn’t actually exist, I think this might make DXC the first company to openly declare its intent to go after a dot-brand in the next round of new gTLDs.

Google launches .meet gTLD after Meet service goes free during lockdown

Google Registry is to launch its .meet gTLD next week with a sunrise period for trademark owners, but, perhaps controversially, it intends to keep the rest of the domains for itself.

It is expected that the company plans to use .meet domains in its Google Meet conferencing service, which was recently revamped and went free-to-use after Google realized that rival Zoom was eating its lunch during the coronavirus lockdown.

Google bought the .meet gTLD from Afilias back in 2015 but has kept it unused so far, even after the Meet service opened in 2017.

But according to ICANN records, it’s due to go into a one-month sunrise period from May 25, with an open-ended Trademark Claims period from June 25.

In a brief statement on its web site Google says:

Google Registry is launching the .meet TLD. This domain is Spec 9/ROCC exempt, which means we will be the registrant for all domains on the TLD and it will not be made generally available. The RRA for the TLD is available upon request, but registrations on behalf of the registry will be processed through a small number of registrars with whom the relevant product teams at Google work.

Translated from ICANN-speak, this means that Google has an exemption from Specification 9 in its .meet registry contract, releasing it from the Registry Operator Code of Conduct, which obliges registries to treat all registrars equally.

This means Google can’t sell the domains to anyone else, nor can it allow them to be controlled by anyone else, and it can use a limited pool of registrars to register names.

Spec 9 is a bit different to Spec 13, which exempts dot-brands from ICANN trademark-protection rules such as sunrise and Trademark Claims. You could argue that Spec 9 is “dot-brand lite”.

But what both Spec 9 and Spec 13 have in common is that they can’t be used in gTLDs ICANN considers a “generic string”, which is defined as:

a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.

Does .meet qualify there? It’s undoubtedly a dictionary word, but does it also describe a class of things? Maybe.

Google’s search engine itself gives one definition of “meet” as “an organized event at which a number of races or other athletic contests are held”, which one could reasonably argue is a class of services.

When Afilias applied for .meet in 2012, it expected it to be used by dating sites.

Google did not addresses the non-genericness of the string in its Spec 9 application. That judgement appears to have been made by ICANN alone.

Previously, requests for Spec 9 exemptions from the likes of .giving, .star, .analytics, .latino, .mutual, and .channel have been rejected or withdrawn.

It seems that Spec 9 exemption is going to somewhat limit .meet’s utility, given that third-parties will not be able to get “control or use of any registrations”.

Spring Break redux! ICANN picks Cancun for 2023 meeting

Having had its plans for a public meeting in Cancun, Mexico concurrent with Spring Break nixed by the nasty coronavirus this March, ICANN has decided to try again not once but twice.

Not only is it planning to hold its Community Forum there next year, but its board of directors has just voted to return in 2023 also, in a meeting that will run from March 11 to 16.

It will be ICANN 76. But the location of ICANN 75, scheduled for September 2022, is still a mystery. The board has authorized negotiations with the proposed venue(s) but has redacted any clues as to where it might be.

We don’t even know which of ICANN’s five rotating geographic regions it will be in, though Asia-Pac seems most likely, given that its last physical meeting there was in March 2019.

ICANN’s .org decision was NOT unanimous, and it was made in secret

When ICANN announced its decision to deny Public Interest Registry’s request to be acquired by Ethos Capital at the end of April, I felt a little foolish.

I’d confidently predicted just days earlier that the decision by the board would not be unanimous, but ICANN, in announcing the decision, said “the entire Board stands by this decision”.

But it turns out I was right after all. Three directors voted against the consensus and one abstained.

The dissenting votes were cast by industry policy consultant Avri Doria, Serbian internet pioneer Danko Jevtović, and former Sudanese ccTLD operator Ihab Osman.

Doria and Jevtović voted against the first resolved clause, which rejected PIR’s request. All three voted against the second resolved clause, which would have allowed PIR to file a second request.

Sarah Deutsch, a private practice lawyer, abstained from both votes, presumably because she also sits on the board of the Electronic Frontier Foundation, the civil liberties group that can, via California’s attorney general, probably be credited most with getting the transaction killed.

All three dissenters and Deutsch are Nominating Committee appointees.

According to the preliminary report of the April 30 meeting, “Doria indicated that she would be voting against the resolution and explained her views about how the public interest would be better served by ICANN granting its consent to PIR’s request.”

What her reasons were are not reflected in the record.

It also seems likely that any substantive minuting of ICANN’s decision is likely to be limited, as it appears to have been made at a different, off-the-books session at an unspecified earlier date.

The preliminary report notes the “the Board discussed and considered alternative draft resolutions for potential Board action as part of an earlier briefing”.

No such earlier meeting is listed on ICANN’s web site. The board’s previous formal meeting, two weeks earlier, had PIR’s request removed from the agenda at the last minute.

So it appears that ICANN’s board decided to reject the deal basically in secret at some point between April 17 and April 29, during a meeting of which ICANN has no obligation to publicly release the minutes.

Nice transparency loophole!

There’s always the Documentary Information Disclosure Policy, I suppose.