ICANN to kill off 60-day domain transfer lock
ICANN is set to kill off its unpopular 60-day transfer lock policy, following a vote at ICANN 82 in Seattle this week.
The GNSO Council yesterday voted to accept the final report of its Transfer Policy working group, a mammoth 163-page document that contains 47 recommendations affecting all areas of domain transfers.
The removal of the transfer lock is perhaps the biggest change to the 20-year-old policy for domain registrants.
Under the current policy, when you buy a domain name from another registrant or change your name, organization or email address, you trigger a lock that prevents you transferring your domain to another registrar for 60 days.
It was designed as an anti-fraud measure, stopping domain thieves bouncing their stolen names to sleazy registrars to avoid them being recovered by their victims.
But is has proved unpopular over the years with registrants that want to consolidate their portfolios under their preferred registrar and the new policy would remove the lock entirely.
It would also remove the requirement for both gaining and losing registrants (ie buyer and seller) to be notified when a change of registrant occurs, on the basis that notifications don’t provide much protection when the losing registrant’s email has already been compromised.
The whole process governing changes to registrant data is going to be spun out into a separate Change of Registrant Data Policy, because maybe it didn’t belong in the Transfer Policy in the first place.
The newly approved changes will also introduce two new locks that registrars currently may, but are not required to, impose — there’s going to be mandatory 720-hour (30-day) locks on domains that have just been created or just transferred in.
Any registrars that currently impose a longer lock will have to reduce it to 720 hours and any registrar that does not have such a lock will be required to implement one.
The GNSO says these month-long locks will help reduce credit card fraud and help comply with trademark complaints such as UDRP.
There are dozens of other changes coming that do not relate to locks.
For example, the list of reasons a registrar may deny a transfer has been updated to include a reference to DNS abuse, as currently defined in the ICANN registry and registrar contracts.
There are numerous changes of terminology, required notifications, and instructions for handling Transfer Authorization Codes, all of which registrars and registrars will have to implement if they want to stay compliant with their ICANN contracts.
There are also changes to bulk portfolio transfers, limiting registries to a charge of $50,000 for portfolios over 50,000 domains.
The changes would also incorporate an updated Bulk Transfer After Partial Portfolio Acquisition (BTAPPA) directly into the Transfer Policy, meaning registries no longer have to request it from ICANN via the Registry Services Evaluation Process.
The recommendations, unanimously approved by the GNSO Council yesterday, will now go to ICANN’s board of directors for final approval. The final updated Transfer Policy will then be written by an ICANN/GNSO team.
Registries and registrars will then presumably be given time to implement the policy before it becomes law and Compliance comes sniffing around for infractions. We’re talking about at least 18 months before the changes go live, I reckon.
If you have a high tolerance for boredom, the full list of recommendations can be read in this PDF.
Palage’s epic rant as he asks ICANN to cancel Verisign’s .net contract
ICANN is devolving into a trade association hiding under a thinning veneer of multistakeholderism and the domain industry is becoming a cartel.
Those are two of the conclusions reached by consultant Michael Palage, who’s been involved with ICANN since pretty much the start, in an epic Request for Reconsideration in which he asks the Org to unsign Verisign’s recently renewed .net registry contract.
ICANN’s equally intriguing response — denying, of course, Palage’s request — also raises worrying questions about how much power ICANN’s lawyers have over its board of directors.
The RfR paints a picture of a relationship where Verisign receives special privileges — such as exemptions from certain fees and obligations — in exchange for paying higher fees — contributing $55 million of ICANN’s budget — some of which is accounted for quite opaquely.
Palage claims the domain industry of being “on the precipice of becoming a cartel” due to recent consolidation, and says that is being enabled by ICANN’s failure to conduct an economic study of the market.
Verisign’s .net and .com contracts are the only registry agreements that do not oblige the registry to participate in economic studies, Palage says, reducing ICANN’s ability, per its bylaws, “to promote and sustain a competitive environment in the DNS market.”
Palage writes:
The failure of ICANN to have the contractual authority to undertake a full economic study to ensure a “competitive environment in the DNS market” undermines one of its core values. This failure is resulting in a growing consolidation within the industry which is on the precipice of becoming a cartel. ne needs to look no further than four US-based companies, Verisign, PIR, GoDaddy, and Identity Digital which currently control almost the entirety of the gTLD registry market based on domain names under management. This unchecked consolidation within the industry directly and materially impacts the ability of individual consultants to make a livelihood unless working for one of the dominant market players.
While Palage says he and other registrants are being harmed by increasing .net prices, and that an economic study would help lower them, he also asks ICANN to get Verisign to migrate to the Base Registry Agreement, which would enable Verisign to raise prices at will, without the current 10%-a-year cap.
He’s also concerned that ICANN’s volunteer community is shrinking as the domain industry becomes an increasingly dominant percentage of public meeting attendance.
Figures published by ICANN show that, at the last count, 39% of attendees were from the domain industry. ICANN stopped breaking down attendee allegiance in 2020 during the pandemic and did not resume publication of this data afterwards.
“ICANN has started down the slippery slope of becoming a trade association,” Palage writes.
While his RfR was going through the process of being considered by ICANN and its Board Accountability Mechanisms Committee, Palage separately wrote to ICANN general counsel John Jeffrey to express concerns that ICANN policy-making might be risking falling foul of antitrust law.
It seems a recent meeting of the working group discussing updates to ICANN’s Transfers Policy debated whether to cap the amount registries are allowed to charge registrars for bulk transfers. Dollar amounts were discussed.
Palage suggested ICANN might want to develop a formal antitrust policy statement that could be referred to whenever ICANN policy-makers meet, in much the same way as its Expected Standards of Behavior are deployed.
If the RfR as published by ICANN lacks some coherence, it may be because ICANN’s lawyers have redacted huge chunks of text as “privileged and confidential”. That’s something that hardly ever happens in RfRs.
It seems Palage knows some things about the .net contract and Verisign’s relationship with ICANN from his term on the ICANN board, which ran from April 2003 to April 2006, a time when Verisign and ICANN were basically at war.
Because the information Palage is privy to is still considered privileged by ICANN, it was redacted not only from the published version of the RfR but also it seems from the version supplied to the BAMC for consideration.
ICANN cited this part of its bylaws to justify the redactions:
The Board Accountability Mechanisms Committee shall act on a Reconsideration Request on the basis of the public written record, including information submitted by the Requestor, by the ICANN Staff, and by any third party.
Reading between the lines, it seems most of the redactions likely refer to the Verisign v ICANN lawsuit of 2004-2005.
Fellow greybeards will recall that Verisign sued ICANN for blocking its Site Finder service, which put a wildcard in the .com zone and essentially parked and monetized all unregistered domains while destabilizing software that relied on NXDOMAIN replies.
The October 2005 settlement (pdf) forced Verisign to acknowledge ICANN as king of the internet. In exchange, it got to keep .com forever. The deal gave Verisign financial security and ICANN legitimacy and was probably the most important of ICANN’s foundational documents before the IANA transition.
So what did the board of 2005 know that’s apparently too sensitive for the board of 2023? Dunno. I asked Palage if he’d be willing to share and he politely declined.
In any event, his RfR (pdf), which among other things asked for ICANN to reopen .net contract negotiations, was dismissed summarily (pdf) by BAMC last week on the grounds that he had not sufficiently shown how he was injured by ICANN’s actions.
Recent Comments