Registrars and ICANN hit impasse on new RAA
ICANN and its accredited domain name registrars have hit a brick wall in their long-running contract negotiations, after ICANN demanded the right to unilaterally amend the deal in future.
Documents published by ICANN this morning reveal that the two sides have reached agreement on almost all of their previous sticking points — including the extremely thorny issue of Whois verification — but have run into some fundamental, eleventh-hour disagreements.
As we’ve been reporting for the last couple of weeks, the big unresolved issue is ICANN’s unilateral right to amend the Registrar Accreditation Agreement in future, which registrars absolutely hate.
Death of the GNSO? Again?
The text of that proposed change has today been revealed to be identical to the text ICANN wants to insert into the Registry Agreement that all new gTLD registries must sign.
It gives ICANN’s board of directors the right, by two-thirds majority, to make essentially any changes they want to the RA and RAA in future, with minimal justification.
Registrars are just as livid about this as new gTLD applicants are.
The proposed change appears to be one of those introduced last month that ICANN said “[stems] from the call by ICANN’s CEO, Fadi Chehadé, to work to improve the image of the domain industry and to protect registrants”.
Chehadé has been on the road for the last couple of months trying to raise ICANN’s profile in various stakeholder groups in the private and public sectors around the world.
One of the memes he’s impressed upon contracted parties and others is that people don’t trust the domain name industry. Part of ICANN’s solution, it seems, is to grant its board more powers over registries and registrars.
But the Registrars Stakeholder Group reckons unilateral amendments would torpedo the multistakeholder process by emasculating the Generic Names Supporting Organization. It said:
The effect of such a clause in the primary agreements between ICANN and its commercial stakeholders would be devastating to the bottom-up, multi-stakeholder model.
First, it will effectively mean the end of the GNSO’s PDP [Policy Development Process], as the Board will become the central arena for all controversial issues, not the community.
Second, it creates an imbalance of authority in the ICANN model, with no limits on the scope or frequency of unilateral amendments, and no protections for registrars and more important registrants.
That’s the biggest barrier to an agreement right now, and it’s one shared by the entire contracted parties constituency of ICANN. Expect fireworks in Beijing next month.
Friction over new gTLDs
Registrars and registries are also angry about the fact that ICANN wants to force registrars to adopt the 2013 RAA, even if their 2009 or 2001 deals are still active, if they want to sell new gTLDs.
RrSG secretary Michele Neylon of Blacknight told DI today that it looks like ICANN is trying to “drive a wedge” between registrars and registries.
Here’s why:
ICANN is trying desperately to stick to its new gTLD program timetable, which will see it start signing Registry Agreements with new gTLD applicants in late April.
But it wants the base RA to include a clause obliging registries to only sell via registrars on the 2013 RAA.
Because the 2013 RAA is not yet finalized, registrars could potentially hold up the approval and delegation of new gTLDs if they don’t quickly agree to the changes ICANN wants.
According to Neylon, the documents released today have been published prematurely; with a little more time agreement could be reached on some of the remaining differences.
Again: expect fireworks in Beijing.
Whois records will be verified
But the new RAA is not all friction.
ICANN and registrars have finally come to agreement on important topics where there was previously sharp divergence.
Registrars have agreed to a new Whois Accuracy Program Specification that is a lot weaker than ICANN had, working from a blueprint laid out by governments and law enforcement agencies, first asked for.
Under the 2013 RAA signed-up registrars will have to start verifying certain elements of the contact information submitted by their registrants.
Notably, there’ll be a challenge-response mechanism for first-time registrants. Registrars will ask their customers to verify their email address or enter a code that has been sent to them via SMS text message or phone.
Note the “or” in that sentence. ICANN and law enforcement wanted registrars to do email “and” phone verification, but ICANN appears to have relented after months of registrars yapping about costs.
In future practice, because email verification is far easier and cheaper to implement, I’d be surprised if phone verification is used in anything but the rarest of cases.
Other data points will also be verified, but only to see that they conform to the correct formats.
Registrars will have to make sure that mailing addresses meet the Universal Postal Union standards, and that phone numbers conform to International Telecommunications Union formatting, for example.
They’ll also have to verify that the street address exists (if they have access to that data) but there will be no obligation to make sure that address and phone number actually belong to the registrant.
Registrants that provide patently false information that fails registrar verification will get 15 days to correct it or face the suspension of their domains.
ICANN wants registrars to also verify their customer records (which are usually different to the Whois records and, anecdotally, more accurate anyway) too, but registrars have so far not agreed to do so.
Taken as a whole, at first reading it’s difficult to see how the new Whois verification spec will do anything to prevent fast-turnover abuse such as phishing, but it may go a small way to help law enforcement investigate longer-term scams such as counterfeit goods sites.
The proposed 2013 RAA, along with more explanatory documents than you could possibly read in a coffee break is now open for public comment, with the reply period closing shortly after the Beijing meeting.
ICANN to reveal Registrant Rights & Responsibilities (and here’s a draft copy)
ICANN is set to publish and start promoting a new Registrant Rights & Responsibilities charter at some point over the next couple of days, we hear.
The one-page document is set to become an important part of CEO Fadi Chehade’s plan to make the domain name industry appear more trustworthy and likable in the eyes of the internet-using public.
He first revealed the idea during a meeting with registries and registrars in Amsterdam last month.
An ICANN-commissioned study showed that people have a very low opinion of the industry, he told them.
The new document is designed to address some of those concerns.
While the charter may be presented as originating in the industry, it was first drafted by ICANN and we hear that some registrars have been somewhat reluctant to agree to it.
“It’s like when you’re a kid and your dad gives you a birthday card to sign for your mom,” one registrar told us.
The legalese-stricken document that ICANN originally presented to them over-stretched and could have carried legal exposure, they added.
DI has been sent of copy of what we’re told is a close-to-final draft of the document, which we understand is more agreeable to most registrars. We’ve pasted it below in full.
Registrants’ Rights and Responsibilities
Domain Name Registrants’ Rights:
- Your domain name registration and any privacy services you may use in conjunction with it must be subject to a Registration Agreement with an ICANN Accredited Registrar.
- You are entitled to review this Registration Agreement at any time, and download a copy for your records.
- You are entitled to accurate and accessible information about:
- The identity of your ICANN Accredited Registrar;
- The identity of any privacy service provider affiliated with your Registrar;
- Your Registrar’s terms and conditions, including pricing information, applicable to domain name registrations;
- The terms and conditions, including pricing information, applicable to any privacy services offered by your Registrar;
- The customer support services offered by your Registrar and the privacy services provider, and how to access them;
- How to raise concerns and resolve disputes with your Registrar and any privacy services offered by them; and
- Instructions that explain your Registrar’s processes for registering, managing, transferring, renewing, and restoring your domain name registrations, including through any privacy services made available by your Registrar.
- You shall not be subject to false advertising or deceptive practices by your Registrar or though any privacy services made available by your Registrar. This includes deceptive notices, hidden fees, and any practices that are illegal under the consumer protection law of your residence.
Domain Name Registrants’ Responsibilities:
- You must comply with the terms and conditions posted by your Registrar, including applicable policies from your Registrar, the Registry and ICANN.
- You must review your Registrar’s current Registration Agreement, along with any updates.
- You will assume sole responsibility for the registration and use of your domain name.
- You must provide accurate information for publication in directories such as WHOIS, and promptly update this to reflect any changes.
- You must respond to inquiries from your Registrar within fifteen (15) days, and keep your Registrar account data current. If you choose to have your domain name registration renew automatically, you must also keep your payment information current.
It draws on changes ICANN and registrars have agreed to in the 2013 (hopefully) Registrar Accreditation Agreement, such as registrar commitments to provide basic information about themselves.
As for the 2013 RAA itself, we hear that ICANN wants to present a final version to its board of directors for approval during its public meeting in Beijing in early April.
That would mean opening it up for public comment next week, but registrars and ICANN have not yet agreed to a final draft for publication, despite now-daily negotiation meetings.
The major sticking point, we gather, is an amendment that would give ICANN a unilateral right to change the contract in future — similar to the proposed gTLD Registry Agreement provision currently causing a shitstorm in the new gTLD applicant community.
There’s also controversy about the fact that ICANN wants to restrict new gTLDs to only registrars that sign the new RAA, which is designed to be a carrot to get them to sign up even if their 2009/2001 RAAs are still active.
Another deadline missed in registrar contract talks
ICANN and domain name registrars will fail to agree on a new Registrar Accreditation Agreement by the end of the year, ICANN has admitted.
In a statement Friday, ICANN said that it will likely miss its end-of-year target for completing the RAA talks:
While the registrars and ICANN explored potential dates for negotiation in December 2012, both sides have agreed that between holidays, difficult travel schedules and the ICANN Prioritization Draw for New gTLDs, a December meeting is not feasible. Therefore, negotiations will resume in January 2013, and the anticipated date for publication of a draft RAA for community comment will be announced in January as well.
The sticking point appears to still be the recommendations for strengthening registrars’ Whois accuracy commitments, as requested by law enforcement agencies and governments.
At the Toronto meeting in October, progress appeared to have been made on all 12 of the LEA recommendations, but the nitty-gritty of the Whois verification asks had yet to be ironed out.
Potentially confusing matters, ICANN has launched a parallel root-and-branch Whois policy reform initiative, a community process which may come to starkly different conclusions to the RAA talks.
Before the LEA issues are settled, ICANN doesn’t want to start dealing with requests for RAA changes from the registrars themselves, which include items such as dumping their “burdensome” port 43 Whois obligations for gTLD registries that have thick Whois databases.
ICANN said Friday:
Both ICANN and the registrars have additional proposed changes which have not yet been negotiated. As previously discussed, it has been ICANN’s position that the negotiations on key topics within the law enforcement recommendations need to come to resolution prior to concluding negotiations on these additional areas.
Registrars agreed under duress to start renegotiating the RAA following a public berating from the Governmental Advisory Committee at the ICANN Dakar meeting October 2011.
At the time, the law enforcement demands had already been in play for two years with no substantial progress. Following Dakar, ICANN and the registrars said they planned to have a new RAA ready by March 2012.
Judging by the latest update, it seems quite likely that the new RAA will be a full year late.
ICANN has targeted the Beijing meeting in April next year for approval of the RAA. It’s one of the 12 targets Chehade set himself following Toronto.
Given that the draft agreement will need a 42-day public comment period first, talks are going to have to conclude before the end of February if there’s any hope of hitting that deadline.
ICANN 45: Super-Fadi targets Trademark Clearinghouse and RAA talks
There can be no denying that ICANN’s new CEO was well received at the Toronto meeting last week.
From his opening speech, a sleeves-rolled-up address that laid out his management goals, and throughout the week, Fadi Chehadé managed to impress pretty much everybody I spoke to.
Now Chehadé has turned his attention to the formative Trademark Clearinghouse and the Registrar Accreditation Agreement talks, promising to bring the force of his personality to bear in both projects.
“I’m coming out of Toronto with two priorities for this year,” he said during an interview with ICANN’s media relations chief, Brad White, last Friday.
“The first one is obviously to get the Trademark Clearinghouse to work as best as possible, for all parties to agree we have a mechanism that can satisfy the interests of the parties.”
“The second one is the RAA,” he said. “Without question I’m going to be inserting myself personally into both these, including the RAA.”
These are both difficult problems.
Work on the TMCH hit a snag early last week when ICANN chief strategy officer Kurt Pritz told the GNSO Council that the “community consensus” implementation model proposed by registries presented a big problem.
The “live query model” proposed for the Trademark Claims service, which would require the TMCH to sit in the live domain registration path, should be taken “off the table”, he said.
ICANN is/was worried that putting a live database of trademark checks into the registration model that has functioned fairly well for the last decade is a big risk.
The TMCH would become a single point of failure for the whole new gTLD program and any unanticipated downtime, ICANN has indicated, would be hugely embarrassing for ICANN.
“I’m personally concerned that once you put the Clearinghouse in the path for that it’s very difficult to unring the bell, so I’d rather proceed in a way that doesn’t change that,” Pritz said.
His remarks, October 14, angered backers of the community model, who estimated that the live query model would only affect about 10% to 15% of attempted domain registrations.
“Taking it off the table is a complete mistake,” said Jeff Neuman of Neustar, one of the authors of the alternative “community” TMCH model.
“It is a proven fact that the model we have proposed is more secure and, we believe, actually looks out much more in favor of protecting trademark holders,” he said.
He noted that the community model was created in a “truly bottom-up” way — the way ICANN is supposed to function.
NetChoice’s Steve DelBianco, in a rare show of solidarity between the Business Constituency and the registries, spoke to support Neuman and the centralized community model.
“The BC really supports a centralized Trademark Clearinghouse model, and that could include live query,” DelBianco said. “I’m disturbed by the notion that an executive decision took it off the table.”
“My question is, was that the same executive decision that brought us the TAS and its glitches?” he added. “Was it the same executive decision process that gave us Digital Archery that couldn’t shoot straight?”
Pritz pointed out the logical flaw in DelBianco’s argument.
“The group that brought you TAS and Digital Archery… you want to put that in the critical path for domain names?” he said. “Our job here is to protect trademark rights, not change the way we register domain names.”
But Neuman and DelBianco’s dismay was short-lived. Within a couple of hours, in the same room, Chehadé had told the GNSO Council, in a roundabout sort of way, that the live query model was not dead.
Chehadé’s full remarks are missing from the official transcript (pdf), and what remains is attributed to GNSO Council chair Stephane Van Gelder, but I’ve taken a transcript from my own recording:
The very first week I was on the job, I was presented with a folder — a very nice little folder — and little yellow thing that said “Sign Here”.
So I looked at what I’m signing, as I normally do, and I saw that moving forward with a lot of activities related to the Trademark Clearinghouse as really what I’m being asked to move forward with.
And I’ll be frank with you, my first reaction was: do all the people who will be affected by this agreement… did we hear them all about this before we sign this? Are they all part of the decision-making that led us here?
And the answer was muddled, it was “Yes… and…”. I said: No, I want to make sure that we use the time we have in Toronto make sure we listen to everybody to make sure before I commit any party — any party — to anything, that this party is very much part of the process and part of the solution.
I know I wasn’t the only person in the room to wonder if the anecdote described an incident in which an ICANN executive attempted to pull a fast one on his new, green boss.
A day later, after private discussion with ICANN board and staff, supporters of the community TMCH model told me they were very encouraged that the live query model was still in play.
The problem they still face, however, is that the Intellectual Property Constituency — ostensibly representing the key customers of the TMCH — is publicly still on the fence about which model it prefers.
Without backing from the IPC, any TMCH implementation model would run the risk of appearing to serve contracted parties’ cost and risk requirements at the expense of brand owners.
Getting the IPC to at least take a view will likely be Chehadé’s first priority when it comes to the TMCH.
Finding common ground on the Registrar Accreditation Agreement could be an even more complex task.
While the bulk of the work — integrating requests from certain law enforcement agencies and the Governmental Advisory Committee into the contract — has been completed, Whois remains a challenge.
European registrars claim, in the light of correspondence from a EU privacy watchdogs, that implementing ICANN’s demanded Whois data re-verification and retention rules would make them break the law.
Registrars elsewhere in the world are less than impressed with ICANN’s proposed ‘opt-out’ solution, which would essentially create a two-tier RAA and may, they say, have some impact on competition.
Privacy advocates in Toronto told ICANN that if certain governments (largely, I suspect, the US) want their own local registrars to retain and re-verify Whois data, they should pass laws to that effect, rather than asking ICANN to enforce the rule globally.
The GAC told ICANN’s board of directors last Tuesday that the privacy letters emerging from the EU did not represent the views of the European Commission or the GAC, and nothing more was said on the matter.
How ICANN reacts to the European letters now seems to be rest with ICANN’s executive negotiating team.
While everyone at ICANN 45 seemed to be super-impressed by Chehadé’s competence and vision for sorting out ICANN, the other recurring meme is that actions speak louder than words.
During his first 40 days in the job he managed to persuade India into an about-face on its support for an intergovernmental replacement for ICANN, an impressive feat.
Can he chalk up more early wins by helping resolve the TMCH and RAA deadlocks?
“There’s frankly universal agreement that if I participate personally in these activities I would help these activities come to hopefully a reasonably conclusion that we can bank on,” he said in the White interview.
EU plays down “unlawful” Whois data worries
The European Commission yesterday gave short shrift to recent claims that ICANN’s proposed Whois data retention requirements would be “unlawful” in the EU.
A recent letter from the Article 29 Working Party — an EU data protection watchdog — had said that the next version of the Registrar Accreditation Agreement may force EU registrars to break the law.
The concerns were later echoed by the Council of Europe.
But the EC stressed at a session between the ICANN board of directors and Governmental Advisory Committee yesterday that Article 29 does not represent the official EU position.
That’s despite the fact that the Article 29 group is made up of privacy commissioners from each EU state.
Asked about the letter, the EC’s GAC representative said:
Just to put everyone at ease, this is a formal advisory group concerning EU data privacy protection.
…
They’re there to give advice and they themselves, and we as well, are very clear that they are independent of the European Union. That gives you an idea that this is not an EU position as such but the position of the advisory committee.
The session then quickly moved on to other matters, dismaying privacy advocates in the room.
Milton Mueller of the Internet Governance Project tweeted:
By telling ICANN that it can ignore Art 29 WG opinion on privacy, European commission is telling ICANN it can ignore their national DP [data privacy] laws
Registrars hopeful that the Article 29 letter would put another nail into the coffin of some of ICANN’s more unpalatable and costly RAA demands also expressed dismay.
ICANN’s current position, based on input from law enforcement and the GAC, is that the RAA should contain new more stringent requirements on Whois data retention and verification.
It proposes an opt-out process for registrars that believe these requirements would put them in violation of local law.
But registrars from outside the EU say this would create a two-tier RAA, which they find unacceptable.
With apparently no easy compromise in sight the RAA negotiations, originally slated to be wrapped up in the first half of this year, look set to continue for many weeks or months to come.
ICANN says EU registrars could be exempt from stringent new Whois rules
Registrars based in the European Union could be let off the hook when it comes to the Whois verification requirements currently under discussion at ICANN.
That’s according to ICANN CEO Fadi Chehade, who this week responded to privacy concerns expressed by the Article 29 Working Party, a EU-based quasi-governmental privacy watchdog.
The Working Party said last month that if ICANN forced EU registrars to re-verify customer data and store it for longer than necessary, they would risk breaking EU privacy law.
Those are two of the many amendments to the standard Registrar Accreditation Agreement that ICANN — at the request of governments and law enforcement — is currently pushing for.
In reply, Chehade noted that ICANN currently plans to give registrars an opt-out:
ICANN proposes to adapt the current ICANN Procedures for Handling Whois Conflicts with Privacy Law, to enable registrars to seek an exempton from these new RAA WHOIS and data protection obligations in the even that the obligations would cause registrars to violate their local laws and regulations.
He also said that the Governmental Advisory Committee has “endorsed” the provisions at question, and encouraged the Working Party to work via the GAC to have its views heard.
I understand that registrars based in the US and elsewhere would not respond favorably to what would essentially amount to a two-tier RAA.
Some of the RAA changes would have cost implications, so there’s an argument that to exempt some registrars and not others would create an un-level competitive playing field.
The Article 29 Working Party is an advisory body, independent of the European Union, comprising one representative from the data privacy watchdogs in each EU state.
Some GAC representatives said during the ICANN meeting in Prague this June that they had already factored privacy concerns into their support for the RAA talks.
It’s going to interesting to see how both registrars and the GAC react to the Article 29 developments at the Toronto meeting, which begins this weekend.
Identity checks coming to Whois
Pretty soon, if you want to register a domain name in a gTLD you’ll have to verify your email address and/or phone number or risk having your domain turned off.
That’s the latest to come out of talks between registrars, ICANN, governments and law enforcement agencies, which met last week in Washington DC to thrash out a new Registrar Accreditation Agreement.
While a new draft RAA has not yet been published, ICANN has reported some significant breakthroughs since the Prague meeting in June.
Notably, the registrars have agreed for the first time to do some minimal registrant identity checks — phone number and/or email address — at the point of registration.
Verification of mailing addresses and other data points — feared by registrars for massively adding to the cost of registrations — appears to be no longer under discussion.
The registrars have also managed to win another concession: newly registered domain names will be able to go live before identities have been verified, rather than only after.
The sticking point is in the “and/or”. Registrars think they should be able to choose which check to carry out, while ICANN and law enforcement negotiators think they should do both.
According to a memo released for discussion by ICANN last night:
It is our current understanding that law enforcement representatives are willing to accept post-‐resolution verification of registrant Whois data, with a requirement to suspend the registration if verification is not successful within a specified time period. However, law enforcement recommends that if registrant Whois data is verified after the domain name resolves (as opposed to before), two points of data (a phone number and an email address) should be verified.
Among the other big changes is an agreement by registrars to an ICANN-run Whois privacy service accreditation system. Work is already underway on an accreditation framework.
After it launches, registrars will only be able to accept private registrations made via accredited privacy and proxy services.
Registrars have also agreed to some of law enforcement’s data retention demands, which has been a bone of contention due to worries about varying national privacy laws.
Under the new RAA, they would keep some registrant transaction data for six months after a domain is registered and other data for two years. It’s not yet clear which data falls into which category.
These and other issues outlined in ICANN’s latest update are expected to be talking points in Toronto next month.
It looks like a lot of progress has been made since Prague — no doubt helped by the fact that law enforcement has actually been at the table — and I’d be surprised if we don’t see a draft RAA by Beijing next April.
How long it takes to be adopted ICANN’s hundreds of accredited registrars is another matter.
ICANN threatens to shut down registrar flipper
ICANN has said it will terminate one of its registrars for non-payment of fees, the thirteenth such threatening letter the organization has sent out this year.
The unfortunate recipient is #1 Host Brazil, which has just a couple hundred domains under its belt in the generic top-level domains.
I may be wrong, but based on some cursory research I’m inferring that the registrar is basically a shell accreditation, acquired in order to flip to a larger registrar.
There are 10 other “‘#1 Host” registrars, such as #1 Host Australia and #1 Host Canada, listed on ICANN’s list of accredited registrars, almost all of which were awarded in late 2005 to the same Texan.
They all use the same logos and, due to the hash sign, all appear at the top of alphabetical lists of ICANN-accredited registrars.
Apart from the Brazil and Israel variants, most of the other “#1” accreditations have been acquired by Moniker at various times over the last few years, according to Internic and Whois records.
#1 Host Brazil faces de-accreditation (pdf) on August 24 unless it pays almost $9,000 in ICANN fees and provides evidence of $500,000 in commercial liability insurance.
Recent Comments