Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
UDRP comments reveal shocking lack of trust in ICANN process
Is trust in the ICANN community policy-making process on the decline? Submissions to a recent public comment period on UDRP reform certainly seem to suggest so.
Reading through the 41 comments filed, it’s clear that while many community members and constituencies have pet peeves about UDRP as it stands today, there’s a disturbing lack of trust in ICANN’s ability to reform the policy without breaking it, and very little appetite for a full-blown Policy Development Process.
It’s one area where constituencies not traditionally allied or aligned — such as domain investors and intellectual property interests — seem to be on the same page.
Both the Intellectual Property Constituency and the Internet Commerce Association are among those calling for any changes to UDRP to be drafted rapidly by subject-matter experts, rather than being opened to full community discussion.
The IPC called the UDRP “a vital and fundamental tool that has a long and proven track record”, saying it has “generally been consistently and predictably applied over the course of its more than 20-year history”. Its comment added:
it is critically important that future policy work regarding the UDRP not diminish, dilute, or otherwise undermine its effectiveness. Such policy work should be extremely deferential to and reliant on the input of experts who have actual experience working with and within the UDRP system, and resistant to efforts that would weaken the UDRP system; any such work should be based on facts and evidence of problems in need of a systematic policy-level solution, and not merely to address specific edge cases, differences of opinion, or pet issues.
That’s pretty much in line with the ICA’s comments, which state that participants in future UDRP reform talks “should be experts… individuals who have extensive personal and practical knowledge of the UDRP through direct personal involvement”.
That language — in fact several paragraphs of endorsement for an expert-driven effort — appears almost verbatim in the separately filed comments of the Business Constituency, of which the ICA is a member.
The ICA’s reluctance to endorse a full-blown PDP appears to come from the experience of the Review of all Rights Protection Mechanisms in all gTLDs PDP, or “Phase 1”, which ran from 2016 to 2020.
That working group struggled to reach consensus on even basic stuff, and at one point frictions reached a point where allegations of civility rules breaches caused warring parties to lawyer up.
“Phase 1 was lengthy, unproductive, inefficient, and an unpleasant experience for all concerned,” the ICA wrote in its comments.
“Perhaps the biggest problem with Phase 1 was that structurally it was inadvertently set up to encourage disagreements between interest groups rather than to facilitate collaboration, negotiation, and problem solving,” it said.
The BC arguable goes further in its deference to experts, calling on ICANN to invoke section 13.1 of its bylaws and drag the World Intellectual Property Organization — leading UDRP provider and drafter of the original 1999 policy — as an expert consultant.
The BC also wrote:
It is imperative that stakeholders do not unnecessarily open up a can of worms with the UDRP through destabilizing changes; rather, they should take a focused and targeted approach, only entertaining improvements and enhancements which stand a reasonable chance of gaining consensus amongst stakeholders
WIPO itself is thinking along the same lines:
If the choice is made to review the UDRP, the process should be expert-driven and scoped
To avoid undoing the UDRP’s success, ICANN needs to give serious consideration to the weight to be accorded to the various opinions expressed. So-called “community feedback” referred to, for example, in section 4 of the PSR seems to lack specific depth and can seem more ideological or anecdotal
Comments from ICANN’s contracted parties also expressed concerns about a PDP doing more harm than good.
The Registries Stakeholder Group has almost nothing to say about ICANN’s report, but the Registrars Stakeholder Group expressed concerns that “any updates could have unintended consequences resulting in a less effective UDRP”.
It uniquely brought up the issue of volunteer fatigue and ICANN’s cumbersome backlog of work, writing:
Although the RrSG recognizes that there are some minor areas for improvement in the UDRP, it is the position of the RrSG that a full policy development process (PDP) is not necessary. The UDRP was adopted in 1999, and has been utilized for over 60,000 UDRP cases. The RrSG is not aware of any major issues with the UDRP, and is concerned that any updates could have unintended consequences resulting in a less effective UDRP. Additionally, not only is there a backlog of policy recommendations waiting for ICANN Board approval or implementation, but the RrSG is also aware of substantial community volunteer fatigue even for high-priority issues.
These comments were filed in response to a public comment period on an ICANN-prepared policy status report.
Not every comment expressed skepticism about the efficacy of a PDP. Notably, the Non-Commercial Stakeholders Group — the constituency arguably most likely to upset the apple cart if a Phase 2 PDP goes ahead — appears to fully expect that such work will take place.
There were also many comments from individuals, mostly domainers, recounting their own experiences of, and reform wish-lists for, UDRP.
ICANN’s report will be revised in light of these comments and submitted to the GNSO, which will decide what to do with it.
“It’s not our fault!” — ICANN blames community for widespread delays
ICANN may be years behind schedule when it comes to getting things done on multiple fronts, but it’s the community’s fault for making up rubbish policies, bickering endlessly, and attempting to hack the policy-making process.
That’s me paraphrasing a letter sent last week by chair Maarten Botterman to the Registries Stakeholder Group, in which he complained about the community providing “ambiguous, incomplete, or unclear policy recommendations”.
RySG chair Samantha Demetriou had written to Botterman (pdf) in December to lament the Org and board’s lack of timely progress on many initiatives, some of which have been in limbo for many years.
Policies and projects related to Whois, new gTLDs and the Independent Review Process have been held up for a long time, in the latter case since 2013, she wrote, leading to community volunteers feeling “disempowered or discouraged”.
As I recently reported, ICANN has not implemented a GNSO policy since 2016.
The lack of board action on community work also risks ICANN’s legitimacy and credibility, Demetriou wrote.
But Botterman’s response (pdf), sent Thursday, deflects blame back at the community, denying that the delays are “simply because of failure at the level of the organization and Board.”
He wrote:
we need to continue to find our way forward together to address the challenges that affect the efficiency of our current decision-making processes, including, for example, ambiguous, incomplete, or unclear policy recommendations, the relitigation of policy issues during implementation, and the use of the review process to create recommendations that should properly be addressed by policy development
In other words, the community is providing badly thought-out policy recommendations, continuing to argue about policy after the implementation stage is underway, and using community reviews, rather than the Policy Development Process, to create policy.
The RySG, along with their registrar counterparts, put their concerns to the board at ICANN 72 in October, warning of “volunteer burnout” and a “chilling effect” on community morale due to board and Org inaction.
At that meeting, director Avri Doria presented staff-compiled stats showing that across five recent bylaws-mandated community reviews (not PDPs), the board had received 241 recommendations.
She said that 69% had been approved, 7% had been rejected, 18% were placed in a pending status, and 6% were “still being worked on”.
CEO Göran Marby provided a laundry list of excuses for the delays, including: reconciling differing community viewpoints, the large number of recommendations being considered, the potential for some recommendations to break ICANN bylaws, sensitivity to the bottom-up nature of the multi-stakeholder process, lack of staff, and the extra time it takes to be transparent about decision-making.
Just this week, ICANN has posted eight job listings, mostly in policy support.
In his letter last week, Botterman pointed to a “Prioritization Framework”, which is currently being piloted, along with further community conversations at ICANN 73 next month and a “thought paper” on “evolving consensus policies”.
Because why fix something when you can instead create another layer of bureaucracy and indulge in more navel-gazing?
ICANN trying to water down its transparency obligations
ICANN? Trying to be less transparent? Surely not!
The Org has been accused by some of its community members of trying to shirk its transparency obligations with proposed changes to its Documentary Information Disclosure Policy.
The changes would give ICANN “superpowers” to deny DIDP requests, and to deny them without explanation, according to inputs to a recently closed public comment period.
The DIDP is ICANN’s equivalent of a Freedom of Information Act, allowing community members to request documentation that would not be published during the normal course of business.
It’s often used, though certainly not exclusively so, by lawyers as a form of discovery before they escalate their beefs to ICANN accountability mechanisms or litigation.
It already contains broad carve-outs that enable ICANN to refuse disclosure if it considers the requested info too sensitive for the public’s eyes. These are the Defined Conditions for Nondisclosure, and they are used frequently enough that most DIDPs don’t reveal any new information.
The proposed new DIDP broadens these nondisclosure conditions further, to the extent that some commentators believe it would allow ICANN to deny basically any request for information. New text allows ICANN to refuse a request for:
Materials, including but not limited to, trade secrets, commercial and financial information, confidential business information, and internal policies and procedures, the disclosure of which could materially harm ICANN’s financial or business interests or the commercial interests of its stakeholders who have those interests.
The Registries Stakeholder Group noted that this is “broader” than the current DIDP, while the At-Large Advisory Committee said (pdf) it “essentially grants ICANN the right to refuse any and all requests”.
ALAC wrote that “rejecting a request because it includes commercial or financial information or documents an internal policy makes a mockery of this DIDP policy”.
Jeff Reberry of drop-catch registrar TurnCommerce concurred (pdf), accusing ICANN of trying to grant itself “superpowers” and stating:
Extremely generic terms such as “confidential business information” and “commercial information” were added. Frankly, this could mean anything and everything! Thus, ICANN has now inserted a catch-all provision allowing it to disclose nothing.
Other comments noted that the proposed changes dilute ICANN’s responsibility to explain itself when it refuses to release information.
Text requiring ICANN to “provide a written statement to the requestor identifying the reasons for the denial” has been deleted from the proposed new policy.
A collection of six lawyers, all prolific DIDP users, put their names to a comment (pdf) stating that “the change results in less transparency than the current DIDP”.
The lawyers point out that requests that are denied without explanation would likely lead to confusion and consequently increased use of ICANN’s accountability mechanisms, such as Requests for Reconsideration. They wrote:
Simply stated, the Revised Policy allows ICANN to obscure its decision-making and will ultimately cause disputes between ICANN and the Internet community — the complete opposite of the “accountable and transparent” and “open and transparent processes” required by ICANN’s Bylaws.
One change that didn’t get much attention in the public comments, but which certainly leapt out to me, concerns the turnaround time for DIDP responses.
Currently, the DIDP states that ICANN “will provide a response to the DIDP request within 30 calendar days from receipt of the request.”
In practice, ICANN treats this obligation like one might treat a tax return or a college essay — it almost provides its response exactly 30 days after it receives a request, at the last possible moment.
The revised DIDP gives ICANN the new ability to extend this deadline for another 30 days, and I don’t think it’s unreasonable to assume, given past behavior, that ICANN will try to exploit this power whenever it’s advantageous to do so:
In the event that ICANN org cannot complete its response within that 30-calendar-day time frame, ICANN org will inform the requestor by email as to when a response will be provided, which shall not be longer than an additional 30 calendar days, and explain the reasons necessary for the extension of time to respond.
The predictably Orwellian irony of all of the above proposed changes is that they come in response to a community review called the Cross-Community Working Group on Enhancing ICANN Accountability Work Stream 2 (WS2), which produced recommendations designed to enhance accountability and transparency.
Whether they are adopted as-is or further revised to address community concerns is up to the ICANN board of directors, which is of course advised by the staff lawyers who drafted the proposed revisions.
ICANN staff’s summary of the seven comments submitted during the public comment period is due next week.
Domain firms plan “Trusted Notifier” takedown rules
Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.
Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.
Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.
It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.
ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.
The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.
It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.
It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.
Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.
Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.
Is ICANN still over-estimating revenue from “stagnating” gTLD industry?
ICANN may have slashed millions from its revenue estimate for next year, but it has not slashed deeply enough, according to registrars and others.
Industry growth is flat, and below even ICANN’s “worst case” expectations for the fiscal year starting July 1, registrars told the organization in comments filed on its FY19 budget last week.
The Registrars Stakeholder Group said that “the FY 2019 budget fails to recognize that overall industry growth is flat.”
ICANN’s budget foresees FY19 revenue of $138 million, up $3.5 million on the projected result for FY18.
“These revenue projections presume growth in the domain market that is not aligned with industry expectations,” the RrSG said, pointing to sources such as Verisign’s Domain Name Industry Brief, which calculated 1% industry growth last year.
ICANN’s predictions are based on previous performance and fail to take into account historical “one-time events”, such as the Chinese domain speculation boom of a couple years ago, that probably won’t be repeated, RrSG said.
RrSG also expects the number of accredited registrars to decrease due to industry consolidation and drop-catching registrars reducing their stables of shell accreditations.
(I’ll note here that Web.com has added half a dozen drop-catchers to its portfolio in just the last few weeks, but this goes against the grain of recent trends and may be an aberration.)
RrSG said ICANN’s budget should account for reduced or flat accreditation fee revenue (which as far as I can tell it already does).
The comment, which can be read in full here, concludes:
Taken together, these concerns represent a disconnect between ICANN funding projections, and the revenue expectations of Registrars (and presumably, gTLD Registries) from which these funds are derived. In our view, ICANN’s assessment of budgetary “risks” are too optimistic , and actual performance for FY19 will be significant lower.
For what it’s worth, the Registries Stakeholder Group had this to say about ICANN’s revenue estimates:
Reliable forecasts, characterised by their scrutiny and realism, are fundamental to put together a realistic budget and to avoid unpleasant surprises, such as the shortage ICANN is experiencing in the current fiscal year. The RySG advises ICANN to continue to conduct checks on its forecasts and to re-evaluate the methodology used to predict its income in order to prevent another funding shortfall such as that which the organization experienced in FY18.
Community calls on ICANN to cut staff spending
ICANN should look internally to cut costs before swinging the scythe at the volunteer community.
That’s a key theme to emerge from many comments filed by the community last week on ICANN’s fiscal 2019 budget, which sees spending on staff increase even as revenue stagnates and cuts are made in other key areas.
ICANN said in January that it would have to cut $5 million from its budget for the year beginning July 1, 2018, largely due to a massive downwards revision in how many new gTLD domains it expects the industry to process.
At the same time, the organization said it will increase its payroll by $7.3 million, up to $76.8 million, with headcount swelling to 425 by the end of the fiscal year and staff receiving on average a 2% pay rise.
In comments filed on the budget, many community members questioned whether this growth can be justified.
Among the most diplomatic objections came from the GNSO Council, which said:
In principle, the GNSO Council believes that growth of staff numbers should only occur under explicit justification and replacements due to staff attrition should always occur with tight scrutiny; especially in times of stagnate funding levels.
The Council added that it is not convinced that the proposed budget funds the policy work it needs to do over the coming year.
The Registrars Stakeholder Group noted the increased headcount with concern and said:
Given the overall industry environment where organizations are being asked to do more with less, we are not convinced these additional positions are needed… The RrSG is not yet calling for cuts to ICANN Staff, we believe the organization should strive to maintain headcount at FY17 Actual year-end levels.
The RrSG shared the GNSO Council’s concern that policy work, ICANN’s raison d’etre, may suffer under the proposed budget.
The At-Large Advisory Committee said it “does not support the direction taken in this budget”, adding:
Specifically we see an increase in staff headcount and personnel costs while services to the community have been brutally cut. ICANN’s credibility rests upon the multistakeholder model, and cuts that jeopardize that model should not be made unless there are no alternatives and without due recognition of the impact.
…
Staff increases may well be justified, but we must do so we a real regard to costs and benefits, and these must be effectively communicated to the community
ALAC is concerned that the budget appears to cut funding to many projects that see ICANN reach out to, and fund participation by, non-industry potential community members.
Calling for “fiscal prudence”, the Intellectual Property Constituency said it “encourages ICANN to take a hard look at personnel costs and the use of outside professional services consultants.”
The IPC is also worried that ICANN may have underestimated the costs of its contractual compliance programs.
The Non-Commercial Stakeholders Group had some strong words:
The organisation’s headcount, and personnel costs, cannot continue to grow. We feel strongly that the proposal to grow headcount by 25 [Full-Time Employees] to 425 FTE in a year where revenue has stagnated cannot be justified.
…
With 73% of the overall budget now being spent on staff and professional services, there is an urgent need to see this spend decrease over time… there is a need to stop the growth in the size of the staff, and to review staff salaries, bonuses, and fringe benefits.
NCSG added that ICANN could perhaps reduce costs by relocating some positions from its high-cost Los Angeles headquarters to the “global south”, where the cost of living is more modest.
The ccNSO Strategic and Operational Planning Standing Committee was the only commentator, that I could find, to straight-up call for a freeze in staff pay rises. While also suggesting moving staff to less costly parts of the globe, it said:
The SOPC – as well as many other community stakeholders – seem to agree that ICANN staff are paid well enough, and sometimes even above market average. Considering the current DNS industry trends and forecasts, tougher action to further limit or even abolish the annual rise in compensation would send a strong positive signal to the community.
It’s been suggested that, when asked to find areas to cut, ICANN department heads prioritized retaining their own staff, which is why we’re seeing mainly cuts to community funding.
I’ve only summarized the comments filed by formal ICANN structures here. Other individuals and organizations filing comments in their own capacity expressed similar views.
I was unable to find a comment explicitly supporting increased staffing costs. Some groups, such as the Registries Stakeholder Group, did not address the issue directly.
While each commentator has their own reasons for wanting to protect the corner of the budget they tap into most often, it’s a rare moment when every segment of the community (commercial and non-commercial, domain industry and IP interests) seem to be on pretty much the same page on an issue.
Amsterdam refuses to publish Whois records as GDPR row escalates
Two Dutch geo-gTLDs are refusing to provide public access to Whois records in what could be a sign of things to come for the whole industry under new European privacy law.
Both .amsterdam and .frl appear to be automatically applying privacy to registrant data and say they will only provide full Whois access to vetted individuals such as law enforcement officials.
ICANN has evidently slapped a breach notice on both registries, which are now complaining that the Whois provisions in their Registry Agreements are “null and void” under Dutch and European Union law.
FRLregistry and dotAmsterdam, based in the Netherlands, are the registries concerned. They’re basically under the same management and affiliated with the local registrar Mijndomein.
dotAmsterdam operates under the authority of the city government. .frl is an abbreviation of Friesland, a Dutch province.
Both companies’ official registry sites, which are virtually identical, do not offer links to Whois search. Instead, they offer a statement about their Whois privacy policy.
That policy states that Dutch and EU law “forbids that names, addresses, telephone numbers or e-mail addresses of Dutch private persons can be accessed and used freely over the internet by any person or organization”.
It goes on to state that any “private person” that registers a domain will have their private contact information replaced with a “privacy protected” message in Whois.
Legal entities such as companies do not count as “private persons”.
Under the standard ICANN Registry Agreement, all new gTLDs are obliged to provide public Whois access under section 2.5. According to correspondence from the lawyer for both .frl and .amsterdam, published by ICANN, the two registries have been told they are in breach.
It seems the breach notices have not yet escalated to the point at which ICANN publishes them on its web site. At least, they have not been published yet for some reason.
But the registries have lawyered up already, regardless.
A letter from Jetse Sprey of Versteeg Wigman Sprey to ICANN says that the registries are free to ignore section 2.5 of their RAs because it’s not compliant with the Dutch Data Protection Act and, perhaps more significantly, the EU General Data Protection Regulation.
The GDPR is perhaps the most pressing issue for ICANN at the moment.
It’s an EU law due to come into effect in May next year. It has the potential to completely rewrite the rules of Whois access for the entire industry, sidestepping the almost two decades of largely fruitless ICANN community discussions on the topic.
It covers any company that processes private data on EU citizens; breaching it can incur fines of up to €20 million or 4% of revenue, whichever is higher.
One of its key controversies is the idea that citizens should have the right to “consent” to their personal data being processed and that this consent cannot be “bundled” with access to the product or service on offer.
According to Sprey, because the Registry Agreement does not give registrants a way to register a domain without giving their consent to their Whois details being published, it violates the GDPR. Therefore, his clients are allowed to ignore that part of the RA.
These two gTLDs are the first I’m aware of to openly challenge ICANN so directly, but GDPR is a fiercely hot topic in the industry right now.
During a recent webinar, ICANN CEO Goran Marby expressed frustration that GDPR seems to have come about — under the watch of previous CEOs — without any input from the ICANN community, consideration in the EU legislative process of how it would affect Whois, or even any discussion within ICANN’s own Governmental Advisory Committee.
“We are seeing an increasing potential risk that the incoming GDPR regulation will mean a limited WHOIS system,” he said October 4. “We appreciate that for registers and registers, this regulation would impact how you will do your business going forward.”
ICANN has engaged EU legal experts and has reached out to data commissioners in the 28 EU member states for guidance, but Marby pointed out that full clarity on how GDPR affects the domain industry could be years away.
It seems possible there would have to be test cases, which could take five years or more, in affected EU states, he suggested.
ICANN is also engaging with the community in its attempt to figure out what to do about GDPR. One project has seen it attempt to gather Whois use cases from interested parties. Long-running community working groups are also looking at the issue.
But the domain industry has accused ICANN the organization of not doing enough fast enough.
Paul Diaz and Graeme Bunton, chairs of the Registries Stakeholder Group and Registrars Stakeholder Group respectively, have recently escalated the complaints over ICANN’s perceived inaction.
They told Marby in a letter that they need to have a solution in place in the next 60 days in order to give them time to implement it before the May 2018 GDPR deadline.
Complaining that ICANN is moving too slowly, the October 13 letter states:
The simple fact is that the requirements under GDPR and the requirements in our contracts with ICANN to collect, retain, display, and transfer personal data stand in conflict with each other.
…
GDPR presents a clear and present contractual compliance problem that must be resolved, regardless of whether new policy should be developed or existing policy adjusted. We simply cannot afford to wait any longer to start tackling this problem head-on.
For registries and registrars, the lack of clarity and the risk of breach notices are not the only problem. Many registrars make a bunch of cash out of privacy services; that may no longer be as viable a business if privacy for individuals is baked into the rules.
Other interests, such as the Intellectual Property Constituency (in favor of its own members’ continued access to Whois) and non-commercial users (in favor of a fundamental right to privacy) are also complaining that their voices are not being heard clearly enough.
The GDPR issue is likely to be one of the liveliest sources of discussion at ICANN 60, the public meeting that kicks off in Abu Dhabi this weekend.
UPDATE: This post was updated October 25 to add a sentence clarifying that companies are not “private persons”.
Double-charging claims as registries ramp up new gTLD refund demands
Registry operators have stepped up demands for ICANN to dip into its $100 million new gTLD cash pile to temporarily lower their “burdensome” accreditation fees.
A new missive from the Registries Stakeholder Group to ICANN this week also introduces a remarkable claim that ICANN may have “double charged” new gTLD applications to the tune of potentially about $6 million.
The RySG wants ICANN to reduce the quarterly fixed fees new gTLD registries must pay by 75% from the current $6,250, for a year, at a cost to ICANN of $16.87 million.
ICANN still has roughly $96 million in leftover money from the $185,000 per-TLD application fees paid in 2012, roughly a third of which had been earmarked for unexpected expenses.
When Global Domains Division president Akram Atallah refused this request in August, he listed some of the previously unexpected items ICANN has had to pay for related to the program, one of which was “implementation of the Trademark Clearinghouse”.
But in last week’s letter (pdf), the RySG points out that each registry was already billed an additional $5,000 fee specifically to set up the TMCH.
Your letter states that registry operators knew about the fee structure from the start and implies that changes of circumstance should be irrelevant. The TMCH charge, however, was not detailed in the applicant guidebook. ICANN added it on its own after all applications were accepted and without community input. Therefore, ICANN is very much in a position to refund registry operators for this overcharge, and we request that ICANN do so. Essentially, you would be refunding the amounts we paid with our own application fees, which should have been used to set up the TMCH in the first place.
These additional fees could have easily topped $6 million, given that there are over 1,200 live new gTLDs.
Was this a case of double-charging, as the RySG says?
My gut feeling is that Atallah probably just forgot about the extra TMCH fee and misspoke in his August letter. The alternative would be a significant accounting balls-up that would need rectifying.
RySG has asked ICANN for a “detailed accounting” of its new gTLD program expenses to date. If produced, that could clear up any confusion.
Group chair Paul Diaz, who signed the letter, has also asked for a meeting with Atallah at the Abu Dhabi public meeting later this month, to discuss the issue.
The letter also accuses ICANN of costing applicants lost revenue by introducing policies such as the ban on two-letter domains, increased trademark protections, and other government-requested restrictions that were introduced after application fees had already been paid.
The tone of the letter is polite, but seems to mask an underlying resentment among registries that ICANN has not been giving them a fair chance to grow their businesses.
UPDATE: This story was updated October 12 to correct the estimate of the total amount of TMCH setup fees collected.
Pilot program for Whois killer launches
ICANN is to oversee a set of pilot programs for RDAP, the protocol expected to eventually replace Whois.
Registration Data Access Protocol, an IETF standard since 2015, fills the same function as Whois, but it is more structured and enables access control rules.
ICANN said this week that it has launched the pilot in response to a request last month from the Registries Stakeholder Group and Registrars Stakeholder Group. It said on its web site:
The goal of this pilot program is to develop a baseline profile (or profiles) to guide implementation, establish an implementation target date, and develop a plan for the implementation of a production RDAP service.
Participation will be voluntary by registries and registrars. It appears that ICANN is merely coordinating the program, which will see registrars and registrars offer their own individual pilots.
So far, no registries or registrars have notified ICANN of their own pilots, but the program is just a few days old.
It is expected that the pilots will allow registrars and registries to experiment with different types of profiles (how the data is presented) and extensions before ICANN settles on a standard, contractually enforced format.
Under RDAP, ICANN/IANA acts as a “bootstrapping” service, maintaining a list of RDAP servers and making it easier to discover which entity is authoritative for which domain name.
RDAP is basically Whois, but it’s based on HTTP/S and JSON, making it easier to for software to parse and easier to compare records between TLDs and registrars.
It also allows non-Latin scripts to be more easily used, allowing internationalized registration data.
Perhaps most controversially, it is also expected to allow differentiated access control.
This means in future, depending on what policies the ICANN community puts in place, millions of current Whois users could find themselves with access to fewer data elements than they do today.
The ICANN pilot will run until July 31, 2018.
No $17 million rebate for struggling new gTLDs
ICANN has turned down a request for about $17 million to be refunded to under-performing new gTLD registries.
The organization cannot spare the cash from its $96 million new gTLD program war chest because it does not yet know how much it will need to spend in future, Global Domains Division president Akram Atallah told registries this week.
The Registries Stakeholder Group made the request for fee relief back in March, arguing that the $25,000 per-TLD fixed annual fee each registry must pay amounts to an unfair “burden” that has “hampered their success and put them at a competitive disadvantage”.
The RySG proposed that this $6,250 per quarter fee should be reduced by $4,687.50 per quarter for a year, a 75% reduction, at a cost to ICANN of $16.87 million.
The money, they said, should be drawn from the $96.1 million in new gTLD application fees that were still unspent at the time.
The new gTLD program charged each applicant $185,000 per application. About third of the fee was to cover unforeseen events, and is often sniggeringly referred to as its legal defense fund.
Because the program was meant to work only on a cost-recovery basis, there are question marks hanging over what ICANN should ultimately do with whatever cash is left over.
(It should be noted that this cash is separate from and does not include the quarter-billion dollars ICANN has squirreled away from its new gTLD last-resort auctions).
Now that the vast majority of the 2012 round’s 1,930 applications have been fully processed, it must have seemed like a good time for the RySG to ask for some cashback, but ICANN has declined.
Atallah said in a August 29 letter (pdf) to the group that ICANN has had to spent lots of its program reserve on unanticipated projects such as name collisions, universal acceptance, the EBERO program and the Trademark Clearinghouse. He wrote:
We do not yet know how much of the New gTLD Program remaining funds will be required to address future unanticipated expenses, and by when. As such, at this time, ICANN is not in a position to commit to the dispensation of any potential remaining funds from the New gTLD Program applications fees.
It seems for now the hundreds of new gTLDs with far fewer than 10,000 registrations in their zones are going to keep having to fork over $25,000 a year for the privilege.
Recent Comments