ICANN pushes IANA under Conrad

ICANN chief technology officer David Conrad is now “overseeing” the IANA part of the organization, ICANN has announced.
It doesn’t appear to be a promotion or change of job titles as much as a reporting structure adjustment made in the wake of a change of management at the Global Domains Division.
Kim Davies is still vice president of IANA, and president of Public Technical Identifiers, as IANA is often referred to nowadays.
Previously, Davies reported to the president of GDD, now he’s reporting to Conrad.
After Akram Atallah left GDD to run Donuts, Conrad and Atallah’s eventual permanent replacement, Cyrus Namazi, split his duties on an interim basis.
It appears that the announcement of Conrad’s new duties merely formalizes that arrangement.
It makes a lot more sense to have the largely technical IANA functions under the jurisdiction of the CTO, rather than the gTLD-centric Global Domains Division, if you ask me.

UN ruling may put .io domains at risk

The future of .io domains may have been cast into doubt, following a ruling from the UN’s highest court.
The International Court of Justice this afternoon ruled (pdf) by a 13-1 majority that “the United Kingdom is under an obligation to bring to an end its administration of the Chagos Archipelago as rapidly as possible”.
The Chagos Archipelago is a cluster of islands that the UK calls the British Indian Ocean Territory.
It was originally part of Mauritius, but was retained by the UK shortly before Mauritius gained independence in 1968, so a strategic US military base could be built on Diego Garcia, one of the islands.
The native Chagossians were all forcibly relocated to Mauritius and the Seychelles over the next several years. Today, most everyone who lives there are British or American military.
But the ICJ ruled today, after decades of Mauritian outrage, that “the process of decolonization of Mauritius was not lawfully completed when that country acceded to independence in 1968, following the separation of the Chagos Archipelago”.
So BIOT, if the UK government follows the ruling, may cease to exist in the not-too-distant future.
BIOT’s ccTLD is .io, which has become popular with tech startups over the last few years and has over 270,000 domains.
It’s run by London-based Internet Computer Bureau Ltd, which Afilias bought for $70 million almost two years ago.
Could it soon become a ccTLD without a territory, leaving it open to retirement and removal from the DNS root?
It’s not impossible, but I’ll freely admit that I’m getting into heavy, early speculation here.
There are a lot of moving parts to consider, and at time of writing the UK government has not even stated how it will respond to the non-binding ICJ ruling.
Should the UK abide by the ruling and wind down BIOT, its IO reservation on the ISO 3166-1 alpha-2 list could then be removed by the International Standards Organisation.
That would mean .io no longer fits the ICANN criteria for being a ccTLD, leaving it subject to forced retirement.
Retired TLDs are removed from the DNS root, meaning all the second-level domains under them stop working, obviously.
It’s not entirely clear how this would happen. ICANN’s Country Code Names Supporting Organization has not finished work on its policy for the retirement of ccTLDs.
TLDs are certainly not retired overnight, without the chance of an orderly winding-down.
Judging by the current state of ccNSO discussions, it appears that ccTLDs could in future be retired with or without the consent of their registry, with a five-to-10-year clock starting from the string’s removal from the ISO 3166-1 list.
Under existing ICANN procedures, I’m aware of at least two ccTLDs that have been retired in recent years.
Timor-Leste was given .tl a few years after it rebranded from Portuguese Timor, and .tp was removed from the DNS a decade later. It took five years for .an to be retired after the Netherlands Antilles’ split into several distinct territories in 2010.
But there are also weird hangers-on, such as the Soviet Union’s .su, which has an “exceptional reservation” on the ISO list and is still active (and inexplicably popular) as a ccTLD.
As I say, I’m in heavy speculative territory when it comes to .io, but it strikes me that not many registrants will consider when buying their names that the territory their TLD represents may one day simple poof out of existence at the stroke of a pen.
Afilias declined to comment for this article.

Updated: More .amazon delay as governments cancel talks

The future of Amazon’s bid for .amazon has been cast into more doubt after South American governments cancelled talks with ICANN.
The new secretary general of the Amazon Cooperation Treaty Organization, Alexandra Moreira, wrote to ICANN CEO Göran Marby February 13 to call off a meeting that had been planned to take place in Brasilia, February 19.
She blamed unspecified “unavoidable circumstances” for the cancellation, but insisted it was unrelated to the .amazon issue.
“It is necessary to clarify that the above mentioned circumstances have no connection whatsoever with neither the substance nor the agenda of the postponed meeting,” she wrote.
I believe the cancellation is related to the ongoing political instability in ACTO member Venezuela, which has recently spilled onto its borders with fellow members Brazil and Colombia.
Moreira reiterated that ACTO remains committed to talks to get the .amazon impasse resolved.
The cancellation of the February 19 meeting causes timing issues for ICANN’s board of directors, which has promised to vote on the .amazon applications at its meetings in Kobe, Japan, at ICANN 64, which kicks off in less than two weeks.
Brazilian Governmental Advisory Committee representative Achilles Zaluar has meanwhile reached out to Marby to request a delay of this decision until ICANN 65, which takes place in June.
Eight-nation ACTO is unhappy with Amazon’s encroachment onto what it sees as its geographic name rights, even though the Amazon region is typically known as Amazonia locally.
Amazon has offered to protect culturally sensitive terms at the second level and to support future efforts to secure a .amazonia TLD.
But its latest offers have still not been formally presented to and discussed with ACTO.
This post was updated an hour after publication to provide additional context to the cancellation.

Expect more Whois accuracy emails under new ICANN policy

Registrars will be obliged to send out even more Whois accuracy emails, under a set of recommendations being considered in ICANN.
Assuming recent recommendations out of the Whois policy working group are accepted, every registrant of a gTLD domain with something listed in the “Organization” field will receive a one-off mail from their registrar asking them to confirm its accuracy.
It’s Recommendation 12 of the EPDP Team Final Report, which was published last week (pdf) by ICANN’s first Expedited Policy Development Process working group.
In general, the Organization field would be redacted in the public Whois under the proposed policy, but registrants will be proactively asked if they want to opt in to having it published.
While registrars can pick their own methods to conduct this outreach, email seem like the most likely medium in the vast majority of cases.
These mails would be sent out the registrants of the over 192 million gTLD domains (if they have something in their Org field) at some point between May 2019, when ICANN is likely to formally adopt the policy, and February 29, 2020, which is EPDP group’s recommended implementation deadline.
In theory, the Org field is perhaps the main indicator of whether a domain is registered to a natural person (and therefore subject to the General Data Protection Regulation) or a legal person (and therefore not).
But it’s not uncommon for registrants or registrars to simply populate the field with the name of the natural-person registrant, even when there’s no actual organization involved.
That’s a GDPR problem, as it means personally identifiable information could leak into the public Whois.
Under the EPDP’s recommendation, registrars would be obliged to reach out to their customers to confirm whether the contents of their Org field are correct, and to ask whether they want that information to be made public.
Opting in would mean the registrar would begin to publish Org data in the public Whois. Ignoring the email or actively refusing publication would mean your registrar would redact or delete this field.
After this mass outreach has finished, registrars would stop redacting the Org field, unless the registrant has not consented to its publication.
For new registrations, registrars would have to show you a prominent warning that the Org data will be published and get your consent for it to do so.
The recommendation is among 29 that were arrived at following over six months of intensive discussions in the EPDP group.
Others we’ve previously reported on include the total elimination of the Admin Contact, making the Technical Contact both smaller and completely optional, and the mandatory introduction of an anonymous means for Whois users to contact registrants.
The recommendations have been submitted to the GNSO Council, which will vote on them March 4.
The EPDP report will then be opened for 30 days of public comment, before being sent to the ICANN board of directors for a full, final vote.
The policy will replace the current Temporary Specification governing Whois, which the board rushed through on an emergency basis last May in order to make the DNS ecosystem as GDPR-compliant as possible when the EU law came into effect.
The EPDP group is expected to shortly enter “phase two” of its work, which will look at whether there should be a unified access mechanism for security and intellectual property interests to snoop on otherwise private Whois data.

Namazi named new GDD boss

Cyrus Namazi has been appointed as the new head of ICANN’s Global Domains Division.
He’s been in the role on an interim basis since November, when former GDD president Akram Atallah left to lead Donuts.
Namazi won’t be “president” though, his new job title is senior vice president. He was previously VP of DNS industry engagement, having joined ICANN in 2013.
He’ll be on the executive team and report to CEO Göran Marby, ICANN said.
Namazi and Atallah worked together in their pre-ICANN days at technology firm Conexant Systems.
The GDD basically overseas everything related to ICANN’s gTLD contracted parties.

Pritz quits Whois privacy group as work enters impossible second phase

Kurt Pritz has quit as chair of the ICANN group working on Whois policy for the GDPR era.
He informed the Whois Expedited Policy Development Process working group in a notice to its mailing list today, saying he was leaving for “a set of personal and professional reasons”.
He said he will stick around until his replacement is selected.
I understand three people had put themselves forward for the role when Pritz was originally selected last July, so there may be a couple of alternates already waiting in the wings.
The announcement comes at a pivotal time for the EPDP, and whoever takes over is going to have to have some seriously masochistic tendencies.
The 30-odd member group just this week put the finishing touches to its “phase one” initial report, which primarily sets out the formal legal purposes for which Whois data is collected and processed across the domain name ecosystem.
That’s going to be voted on by the GNSO Council in a vote delayed from this week to March 4 at the request of the Intellectual Property Constituency and Business Constituency, which want more time to review and comment on it.
For the EPDP WG, it’s soon time to move on to phase two, which will cover the creation (or not) of a unified access mechanism that trademark owners and the like could use to snoop on redacted Whois data.
Even the relatively easy tasks in phase one have been absolute murder on the volunteers and ICANN staff, who have been putting in four or more hours of teleconferences per week since August.
I’ve just been dipping in and out of the mailing list and listening to the odd teleconference, and the level of nitpicking over language has been agonizing to listen to.
Essentially, virtually every debate comes down to a face-off between the IP interests who want to insert as much language concerning access as possible, and those, such as non-commercial users, who oppose them. It sometimes comes across like a proxy war between Facebook and the Internet Governance Project.
More than once, naturally mild-mannered Pritz has had to delegate control to firm-handed mediators drafted in from a specialist outside agency.
Whoever takes over as chair has got his or her work cut out.

Yanks beat Aussies to accountancy gTLD

The contention set for .cpa has been resolved, clearing the way for a new accountancy-themed gTLD.
The winner is the American Institute of Certified Public Accountants, which submitted two bids for the string — one “community”, one vanilla, both overtly defensive in nature — back in 2012.
Its main rival, CPA Australia, which also applied on a community basis, withdrew its application two weeks ago.
Commercial registries Google, MMX and Donuts all have withdrawn their applications since late December, leaving only the two AICPA applications remaining.
This week, AICPA withdrew its community application, leaving its regular “single registrant” bid the winner.
AICPA is the US professional standards body for accountants, CPA Australia is the equivalent organization in Australia. ACIPA has 418,000 members, CPA Australia has 150,000.
Both groups failed their Community Priority Evaluations back in 2015 on the basis that their communities were tightly restricted to their own membership, and therefore too restrictive.
AICPA later amended its community application to permit CPAs belonging to non-US trade groups to register.
Both organizations were caught up in the CPE review that also entangled and delayed the likes of .music and .gay. They’ve also both appealed to ICANN with multiple Requests for Reconsideration and Cooperative Engagement Process engagements.
CPA Australia evidently threw in the towel after a December 14 resolution of ICANN’s Board Accountability Mechanisms Committee decision to throw out its latest RfR. It quit its CEP January 9.
It’s likely a private resolution of the set, perhaps an auction, occurred in December.
The winning application from AICPA states fairly unambiguously that the body has little appetite for actually running .cpa as a gTLD:

The main reasons for which AICPA submits this application for the .cpa gTLD is that it wants to prevent third parties from securing the TLD that is identical to AICPA’s highly distinctive and reputable trademark

So don’t get too excited if you’re an accountant champing at the bit for a .cpa domain. It’s going to be an unbelievably restrictive TLD, according to the application, with AICPA likely owning all the domains for years after delegation.

Surprise! Most private Whois look-ups come from Facebook

Facebook is behind almost two-thirds of requests for private Whois data, according to stats published by Tucows this week.
Tucows said that it has received 2,100 requests for Whois data since it started redacting records in the public database when the General Data Protection Regulation came into effect last May.
But 65% of these requests came from Facebook and its proxy, AppDetex, that has been hammering many registrars with Whois requests for months.
AppDetex is an ICANN-accredited brand-protection registrar, which counts Facebook as its primary client. It’s developed a workflow tool that allows it, or its clients, to semi-automatically send out Whois requests to registrars.
It sent at least 9,000 such requests between June and October, and has twice sent data to ICANN complaining about registrars not responding adequately to its requests.
Tucows has arguably been the registrar most vocally opposed to AppDetex’s campaign, accusing it of artificially inflating the number of Whois requests sent to registrars for political reasons.
An ICANN policy working group will soon begin to discuss whether companies such as Facebook, as well as security and law enforcement interests, should be able to get credentials enabling them to access private Whois data.
Tucows notes that it sees spikes in Whois requests coinciding with ICANN meetings.
Tucows said its data shows that 92% of the disclosure requests it has received so far come from “commercial interests”, mostly either trademark or copyright owners.
Of this 92%, 85% were identified as trademark interests, and 76% of those were Facebook.
Law enforcement accounted for 2% of requests, and security researchers 1%, Tucows said.

The internet is about to get a lot gayer

Seven years after four companies applied for the .gay top-level domain, we finally have a winner.
Three applicants, including the community-driven bid that has been fighting ICANN for exclusive recognition for years, this week withdrew their applications, leaving Top Level Design the prevailing bidder.
Top Level Design is the Portland, Oregon registry that already runs .ink, .design and .wiki.
The withdrawing applicants are fellow portfolio registries Donuts and MMX, and community applicant dotgay LLC, which had been the main holdout preventing the contention set being resolved.
I do not yet know how the settlement was reached, but it smells very much like a private auction.
As a contention set only goes to auction with consent of all the applicants, it seems rather like it came about after dotgay finally threw in the towel.
dotgay was the only applicant to apply as a formal “community”, a special class of applicant under ICANN rules that gives a no-auction path to delegation if a rigorous set of tests can be surmounted.
Under dotgay’s plan, registrants would have to have been verified gay or gay-friendly before they could register a .gay domain, which never sat right with me.
The other applicants, Top Level Design included, all proposed open, unrestricted TLDs.
dotgay, which had huge amounts of support from gay rights groups, failed its Community Priority Evaluation in late 2014. The panel of Economist Intelligence Unit experts awarded it 10 out the 16 available points, short of the 14-point prevailing threshold.
Basically, the EIU said dotgay’s applicant wasn’t gay enough, largely because its definition of “gay” was considered overly broad, comprising the entire LGBTQIA+ community, including non-gay people.
After dotgay appealed, ICANN a few months later overturned the CPE ruling on a technicality.
A rerun of the CPE in October 2015 led to dotgay’s bid being awarded exactly the same failing score as a year earlier, leading to more dotgay appeals.
The .gay set was also held up by an ICANN investigation into the fairness of the CPE process as carried out by the EIU, which unsurprisingly found that everything was just hunky-dory.
The company in 2016 tried crowdfunding to raise $360,000 to fund its appeal, but after a few weeks had raised little more than a hundred bucks.
Since October 2017, dotgay has been in ICANN’s Cooperative Engagement Process, a form of negotiation designed to avert a formal, expensive, Independent Review Process appeal, and the contention set had been on hold.
The company evidently decided it made more sense to cut its losses by submitting to an auction it had little chance of winning, rather than spend six or seven figures on a lengthy IRP in which it had no guarantee of prevailing.
Top Level Design, in its application, says it wants to create “the most safe, secure, and prideful .gay TLD possible” and that it is largely targeting “gay and queer people as well as those individuals that are involved in supporting gay cultures, such as advocacy, outreach, and civil rights.”
But, let’s face it, there’s going to be a hell of a lot of porn in there too.
There’s no mention in the winning bid of any specific policies to counter the abuse, such as cyberbullying or overt homophobia, that .gay is very likely to attract.
Top Level Design is likely to take .gay to launch in the back end of the year.
The settlement of the contention set is also good news for two publicly traded London companies.
MMX presumably stands to get a one-off revenue boost (I’m guessing in seven figures) from losing another auction, while CentralNic, Top Level Design’s chosen back-end registry provider, will see the benefits on an ongoing basis.

Claims UDRP has cost over $360 million so far

Trademark owners have splashed out over $360 million on UDRP cases over the 20 years the policy has been active, according to an intellectual property trade group.
Marques, a European body representing trademark owners, reckons $360 million is a “conservative” estimate.
It reached the figure by multiplying the number of UDRP complaints filed to the end of 2018 — 72,038 — by the $5,000 estimated total cost of each complaint.
The World Intellectual Property Organization, which handles well over half of all UDRP cases, charges at least $1,500 per case, but trademark owners have other fees, such as paying lawyers to draft the complaints.
WIPO, which basically designed and wrote the UDRP back in 1998, has been paid at least $63.8 million in filing fees to date, Marques calculates.
Across all UDRP providers, well over 100,000 individual domain names have been subject to UDRP. It’s likely much more, but the National Arbitration Forum does not publish data on unique domains.
The Marques claims were made in a letter (pdf) from council member (and Com Laude managing director) Nick Wood to ICANN last week, part of IP lobbying efforts in the face of UDRP reform efforts. He wrote:

This lowest-case estimate of $360m is a very significant financial burden. Registrants, on the other hand, pay only for their own defence, if any. They do not pay damages, or even contribute to the provider fees, if they lose – which across the five active panel providers appears to be majority of the time.

One proposal that has been put forward by IP owners is for registrants to pay a $500 fee when they are hit by a UDRP complaint, which would be refundable if they prevail.
I can see this idea going down like a cup of iced sick in the domainer community.
Rather than lobbying for any specific proposal, however, Marques is asking ICANN to create an “independent expert group” outside of the usual Policy Development Process, to highlight “priority issues and possible solutions” for the PDP to consider.
Marques thinks the group should comprise a small number of trademark interests, registries and registrars, and registrant rights groups. It wants WIPO to chair it.
It also wants ICANN to coordinate UDRP providers in the creation of a unified set of data on UDRP cases processed to date, to help with future reform discussions.
ICANN community volunteers have been working on the “PDP Review of All Rights Protection Mechanisms in All gTLDs” — the RPM WG — since March 2016.
The RPM WG expects to put out its “Phase One” initial report, comprising recommendations for reform of the Trademark Clearinghouse, Trademark Claims and Sunrise policies, in early June this year.
Only then will it turns its attention to UDRP, in “Phase Two”, with talks due to begin at the ICANN 65 meeting in Marrakech later that month.
The working group has been beset by all kinds of personal drama among volunteers recently, which continues to add friction to discussions.