ICANN 79: anonymous trolls and undercover lawyers

Transparency, an ICANN watchword since day one, was a noticeable thematic undercurrent at the community’s 79th public meeting in Puerto Rico last week.

The problem of lawyers representing unnamed clients in policy-making groups was raised in several fora, while another section of the community seems to have separately been infiltrated by the same kind of anonymous trolls that plagued ICANN during its infancy.

Governments were especially keen that the GNSO clean house by tightening up its disclosure rules, following an abortive attempt at reform at the Hamburg meeting last October, and they found allies in the Contracted Parties House, which had killed off the reform after deciding it did not go far enough.

Under the current GNSO rules of engagement, everyone who volunteers to participate in policy-making has to file a Statement of Interest, disclosing information such as their employer, community group affiliations, and so on. Among other things, volunteers are asked:

Do you believe you are participating in the GNSO policy process as a representative of any individual or entity, whether paid or unpaid? Please answer “yes” or “no.” If the answer is “yes,” please provide the name of the represented individual or entity. If professional ethical obligations prevent you from disclosing this information, please so state.

The exemption is believed to be designed primarily for American lawyers in private practice, some of whom say they may sometimes be ethically prevented from disclosing the identity of their clients.

But this creates problems for community volunteers, and for the rest of us.

For policy-makers: sometimes, in a working group, you won’t know who you’re really arguing with. The guy opposite, in the expensive suit who keeps inexplicably rubbing her nostrils, could be a mouthpiece for almost any corporation, industry association, or government.

For the rest of us: we don’t know who is really making the policies that impact how domain names are sold, managed, and regulated. Those may seem trivial issues in the grand scheme of things, but they touch on issues such as free speech, data privacy, and how much money comes out of your pocket when you buy a domain.

An attempt last year by the GNSO to update its SOI rules was shot down by the Contracted Parties House because the proposed changes kept the lawyer disclosure exemption.

The Non-Contracted Parties House gave the changes their unanimous approval.

The GNSO Council Committee for Overseeing and Implementing Continuous Improvement, which came up with the changes, looked at 351 SOIs from two recent large policy working groups and found that “a maximum of 0.03% members were making use of the exemption.”

I think that means just one person.

But the scale of the issue is irrelevant compared to the principle, according to some.

Swiss GAC rep Jorge Cancio noted during a session with the CPH last week, “even if there’s a very small number of cases where people use some exceptions for not explaining whom they are working for, even if it’s just 10 people out of 1,000 participants, this already tarnishes the whole of the system”.

Registries Stakeholder Group chair Sam Demetriou concurred: “We believe in and we are strong supporters of the multistakeholder model, but in order for a model to be multistakeholder, you need to know who those stakeholders are. It is inherent in the entire system and the definition.”

The GAC’s position is that everyone participating in policy-making needs to be up-front about their interests, in accordance with global norms. In a session with the GNSO Council, UK rep and vice-chair Nigel Hickson urged the GNSO to sort out the SOI issue before ICANN meets again, set for Kigali this June, because ministers will be present, wanting answers.

Separately at ICANN 79 last week, there was a parallel debate going on about whether a group affiliated with ICANN should force its members to even file SOIs at all.

The Universal Acceptance Steering Group isn’t technically an ICANN body — a Supporting Organization or Advisory Committee — but it is funded and supported by ICANN and carries out ICANN work. It’s been around since 2015 but so far hasn’t required members to submit SOIs.

As anyone who attended or remotely lurked on the ICANN 79 Public Forum last week will know, the UASG came in for a lot of criticism, mostly from remote participants, some of whom have managed to pull off the near-miraculously impressive achievement of having a non-existent Google footprint.

I’m not of course suggesting that some of the people in the Public Forum chat room were trolls using pseudonyms, but… actually, yes, that is what I am suggesting.

These participants had beef with the UASG for imposing a new strict SOI requirement — rules coming into force right now give participants a few months to file their SOIs or get kicked off the UASG mailing list — and suggested UASG leadership had broken with ICANN rules by unilaterally imposing the requirement.

Said mailing list is notable for being lightly used, but with occasional traffic spikes, usually during discussions of anything related to elections or UASG leadership, from participants using free webmail addresses and often what appear to be joke names (Yisrael Memshelet, really?).

Sometimes, these participants have helped steer the mailing list discussion, and at least one question from an aforementioned Google-resistant remote participant was read out at last week’s Public Forum and responded to (kinda) by a board member. ICANN received so many remote UASG questions during the Public Forum that it said it would provide a consolidated written response after the meeting.

It seems ICANN is suffering from twin related transparency problems right now — lawyers who don’t want to reveal their clients, and trolls who don’t want to reveal their identities — neither of which is ideal for its legitimacy.

[Guest Post] Hey ICANN: Reporters are not the enemy

This is a guest post by Emmy award-winning former reporter Brad White, who, from 2009 until 2021, was ICANN’s director of global media affairs and later director of communications for North America

It seems like ICANN utters the phrase “accountability and transparency” about every third sentence. And with good cause, since it is a vital foundation upon which the organization was built. But there are indications that foundation is severely cracked.

Unfortunately, ICANN’s leadership too often seems to adopt the position that its commitment to accountability and transparency only extends to its interaction with its community. The news media and by extension – the public – are generally not prioritized.

Journalists and bloggers (who also inform the public) who reach out to the org with questions or interview requests are too often viewed in hostile terms.

The default position of ICANN executives generally appears to be to not talk with journalists unless they must. My sense is that they should adopt the opposite attitude. Specifically, that ICANN leadership should almost always speak with journalists.

In my experience, at various points in the past, ICANN execs even forbade anyone on the communications team from talking to select journalists or bloggers. I was reminded of Richard Nixon’s famous “enemy’s list.”

The very first ICANN Board Chair, Esther Dyson had a good grasp on transparency with the news media when she said, “What I’m thinking about more and more these days is simply the importance of transparency, and Jefferson’s saying that he’d rather have a free press without a government than a government without a free press.”

I worked 12 years at ICANN, before leaving in January 2021 to work as an independent communications consultant. A large part of my job during my tenure was to interact with the news media. Having spent most of my career as a journalist, I enjoyed that aspect of my work, and felt it a vital component of the org’s oft-stated commitment to “accountability and transparency.” But over the years, I witnessed a shift in the way the organization wanted me to perform that function.

During my early days, when a news reporter would reach out with a question and/or seek an interview, I would research the issue the journalist was asking about and then after consulting the appropriate people, pass along the answers and perhaps set up an interview with the appropriate ICANN subject matter expert. And, that was the end of it.

By the time I left, with increasing frequency, when a reporter contacted ICANN, the request ended up going to at least two or three senior executives, the legal department and sometimes the CEO. Too often, the collective decision was to say nothing, if at all possible. When answers were afforded to the journalist, they were too often non-responsive or they merely “pointed” the reporter to a previously published blog or announcement. There were of course exceptions to this approach, but they were few.

What is perhaps most troubling, is that the organization doesn’t seem to feel an obligation to speak with journalists as part of its core value of transparency and accountability, instead the determining factor as to whether to grant an interview was too often — “are they going to screw us?” It was not “we have an obligation to be open to talk to all, including reporters and bloggers, because we believe in accountability and transparency.”

Some years ago, I was asked to conduct media training for ICANN’s top executives so they would better understand journalists and also learn how to better interact with them. But in the immediate years preceding my departure, the media training program appears to have been terminated. In fact, word often went out that “no one should talk to the media.”

Shortly before I left, I was asked to write a report on “ICANN’s Media Strategy.” After submitting an initial draft, it seemed to have gone into a black hole. I was never questioned about the report. I never received a red-lined draft, excluding or including elements, nor was I asked to write a subsequent draft.

Given the apparent efforts to curtail interactions with journalists and bloggers, it was difficult to not interpret the shelving of the media strategy paper because of one of its major points was — “Reporters are not the enemy.”

My sincere hope is that the new Board leadership and the community will re-commit the organization towards maximum accountability and transparency, and that includes talking to journalists, bloggers, and anyone else who can help in implementing the vital checks, balances and accountability that are the foundation of ICANN’s work. It is critical in helping the world understand ICANN and its mission.

After 10 months, ICANN board “promptly” publishes its own minutes

ICANN’s board of directors has approved a huge batch of its own meeting minutes, covering the period from July 15 last year to March 10 this year, raising questions about its commitment to timely transparency.

The board approved the minutes of its last 14 full-board meetings in one huge batch of 14 separate resolutions at its May 12 meeting, and they’ve all now been published on the ICANN web site, along with redacted briefing papers for said meetings.

The period includes decisions on planning for the next new gTLD round and Whois reform, the legal fight with Afilias over the contested .web gTLD, and apparently divisive discussions about the timing of a post-pandemic return to face-to-face meetings.

No explanation has been given for why it’s taken so long for these documents to appear, the timing of which appears to go against ICANN’s bylaws, which state that minutes are supposed to be approved and published “promptly”:

All minutes of meetings of the Board, the Advisory Committees and Supporting Organizations (and any councils thereof) shall be approved promptly by the originating body and provided to the ICANN Secretary (“Secretary”) for posting on the Website.

ICANN almost always published its board’s resolutions within a few days of approval, and a preliminary report — which also includes the number of votes yay or nay, without naming the directors — within a couple of weeks.

The minutes, which are published only after the board rubber-stamps them, typically include a further vote breakdown and a little bit of color on how the discussion went down.

In the newly published batch, some of the documents are somewhat illuminating, while others barely nudge the dimmer switch.

For example, the preliminary report for the July 15, 2021 meeting, published 11 days later, notes that three of the 16 voting directors rebelled on a resolution about making the October annual general meeting in Seattle a virtual-only event, but the just-published minutes name those directors and flesh out some of their reasons for dissenting.

It turns out the directors had a “robust discussion”, with some arguing that it would be safe to go ahead with a “hybrid” meeting comprising both face-to-face and remote participation options.

The dissenting directors were Ron da Silva, Avri Doria, and Ihab Osman, it turns out. Osman and da Silva had voted a similar way a year earlier.

Directors could not reasonably have been expected to know about the impact the Delta variant of Covid-19 would have on world health in the latter half of the year. It had been identified and named by scientists but had yet to spread to the extent it was making headlines.

But they were aware of concerns from the Asia-Pacific members of the community, worried that a hybrid meeting in Seattle would disadvantage those unable to attend due to pandemic travel restrictions. This appears to have been raised during the discussion:

Some Board members expressed desire to see more work done to have ICANN72 as a hybrid meeting. They noted that Seattle has protocols in place to ensure the health and safety of ICANN staff and the community, and ICANN should use this opportunity to begin to return to its normal meeting standards as much as possible. Others noted that the concerns about travel inequities or restrictions for certain parts of the world should not prevent moving forward with an in-person component for ICANN72 because such inequities and restrictions exist with or without the pandemic.

The return to in-person meetings was discussed again in November, when the board decided to junk plans, secured by the dissenting directors in July, for a hybrid meeting in San Juan, Puerto Rico.

Ron da Silva had left the board by this point, but the new minutes show that Doria and Osman were joined by León Sánchez in advocating for a hybrid meeting with an in-person component.

While the July minutes contains a few paragraphs summarizing discussions, the November minutes simply notes that the board “reviewed the proposed resolution and rationale to confirm that it reflects the Board’s discussion and edits”.

And that’s pretty typical for most of the documents published this week — time and again the substantive discussion appears to have either happened off-camera, during non-minuted sessions of the board at unspecified times, or was simply not minuted.

Interested in the talks leading to the approval of the new gTLDs Operational Design Phase? The minutes shed no light.

Interested in how the board reacted to ICANN losing its Independent Review Process case with Afilias about .web? The minutes merely note that the resolution was approved “after discussion”.

There’s also a glaring hole in one set of minutes, raising questions about whether these documents are a reliable record of what happened at all.

We know for a fact that on September 12 the ICANN board approved a resolution naming the new chair and vice chair of its influential Nominating Committee, only to reconvene two weeks later to scrap that decision and name a different chair instead.

But if you read the September 12 minutes, you’ll find no record of NomCom even being discussed, let alone a resolution being passed appointing a chair.

The newly published batch of documents cover several resolutions related to executive pay, but none of the minutes contain the same level of transparency as ICANN displayed in February 2021, when it revealed that three directors voted against CEO Göran Marby’s pay rise.

In terms of transparency, that now appears to fully confirmed as an isolated incident.

ICANN trying to water down its transparency obligations

ICANN? Trying to be less transparent? Surely not!

The Org has been accused by some of its community members of trying to shirk its transparency obligations with proposed changes to its Documentary Information Disclosure Policy.

The changes would give ICANN “superpowers” to deny DIDP requests, and to deny them without explanation, according to inputs to a recently closed public comment period.

The DIDP is ICANN’s equivalent of a Freedom of Information Act, allowing community members to request documentation that would not be published during the normal course of business.

It’s often used, though certainly not exclusively so, by lawyers as a form of discovery before they escalate their beefs to ICANN accountability mechanisms or litigation.

It already contains broad carve-outs that enable ICANN to refuse disclosure if it considers the requested info too sensitive for the public’s eyes. These are the Defined Conditions for Nondisclosure, and they are used frequently enough that most DIDPs don’t reveal any new information.

The proposed new DIDP broadens these nondisclosure conditions further, to the extent that some commentators believe it would allow ICANN to deny basically any request for information. New text allows ICANN to refuse a request for:

Materials, including but not limited to, trade secrets, commercial and financial information, confidential business information, and internal policies and procedures, the disclosure of which could materially harm ICANN’s financial or business interests or the commercial interests of its stakeholders who have those interests.

The Registries Stakeholder Group noted that this is “broader” than the current DIDP, while the At-Large Advisory Committee said (pdf) it “essentially grants ICANN the right to refuse any and all requests”.

ALAC wrote that “rejecting a request because it includes commercial or financial information or documents an internal policy makes a mockery of this DIDP policy”.

Jeff Reberry of drop-catch registrar TurnCommerce concurred (pdf), accusing ICANN of trying to grant itself “superpowers” and stating:

Extremely generic terms such as “confidential business information” and “commercial information” were added. Frankly, this could mean anything and everything! Thus, ICANN has now inserted a catch-all provision allowing it to disclose nothing.

Other comments noted that the proposed changes dilute ICANN’s responsibility to explain itself when it refuses to release information.

Text requiring ICANN to “provide a written statement to the requestor identifying the reasons for the denial” has been deleted from the proposed new policy.

A collection of six lawyers, all prolific DIDP users, put their names to a comment (pdf) stating that “the change results in less transparency than the current DIDP”.

The lawyers point out that requests that are denied without explanation would likely lead to confusion and consequently increased use of ICANN’s accountability mechanisms, such as Requests for Reconsideration. They wrote:

Simply stated, the Revised Policy allows ICANN to obscure its decision-making and will ultimately cause disputes between ICANN and the Internet community — the complete opposite of the “accountable and transparent” and “open and transparent processes” required by ICANN’s Bylaws.

One change that didn’t get much attention in the public comments, but which certainly leapt out to me, concerns the turnaround time for DIDP responses.

Currently, the DIDP states that ICANN “will provide a response to the DIDP request within 30 calendar days from receipt of the request.”

In practice, ICANN treats this obligation like one might treat a tax return or a college essay — it almost provides its response exactly 30 days after it receives a request, at the last possible moment.

The revised DIDP gives ICANN the new ability to extend this deadline for another 30 days, and I don’t think it’s unreasonable to assume, given past behavior, that ICANN will try to exploit this power whenever it’s advantageous to do so:

In the event that ICANN org cannot complete its response within that 30-calendar-day time frame, ICANN org will inform the requestor by email as to when a response will be provided, which shall not be longer than an additional 30 calendar days, and explain the reasons necessary for the extension of time to respond.

The predictably Orwellian irony of all of the above proposed changes is that they come in response to a community review called the Cross-Community Working Group on Enhancing ICANN Accountability Work Stream 2 (WS2), which produced recommendations designed to enhance accountability and transparency.

Whether they are adopted as-is or further revised to address community concerns is up to the ICANN board of directors, which is of course advised by the staff lawyers who drafted the proposed revisions.

ICANN staff’s summary of the seven comments submitted during the public comment period is due next week.

Bizarre redactions in Pirate Bay founder’s ICANN registrar ban

ICANN has finally published a complaint from Pirate Bay founder Peter Sunde, who has been banned from owning an accredited registrar, but it’s full of bizarre redactions that serve only to make it look like the Org is hiding something.

You may recall that Sunde said in March that ICANN had rejected his application to have his registrar, Sarek, formally accredited.

He told DI that it happened because ICANN was worried he’d be a “pain in the ass” due to his previous association with the Pirate Bay file-sharing site and his criminal conviction for copyright infringement.

Not long after speaking to us, he filed a formal complaint with ICANN, which ICANN, five months later, published this week.

There’s not much in the complaint (pdf) that we have not already reported, but what’s notable is the amount of unnecessarily redacted text.

ICANN seems chiefly concerned with poorly obfuscating the identity of the staffer with whom Sunde was dealing on, and who ultimately rejected, his accreditation application.

The Org goes to the extent of redacting gender pronouns, so the reader can’t tell whether the person in question is male or female.

But the information that remains unredacted in the very same sentence is more than sufficient to identify the staffer concerned.

I’ve even been on national TV mentioning [NAME REDACTED] that I talked to today, regarding [PRONOUN REDACTED] failure to disclose the 3200 comments that was against the price cap removal of .ORG in [PRONOUN REDACTED] summary report for ICANN regarding the case.

The person who compiled the comment summary on the .org price caps issue, a public document (pdf), was Russ Weinstein, who’s also the guy in charge of registrar accreditation matters.

What possible benefit could be had from obfuscating his identity? And if doing so is so important, why do it in such an incompetent way?

The document also appears to redact the names of Facebook CEO Mark Zuckerberg and Swedish prog-rocker Björn Afzelius, both in the context of well-reported news stories mere seconds away in a search engine.

Reference to Sunde’s own criminal convictions, which are also well-reported and he has never been shy about addressing, also appear to be redacted.

For avoidance of doubt, I’m not saying that ICANN is hiding anything sinister, nor am I saying Sunde’s complaint has merit, but this redaction-happy attitude serves only to make the Org appear less transparent than it really should be.

If these redactions are attempts to hide personally identifiable information under ICANN’s privacy policy, they failed miserably on pretty much every count, even after five months.

This is privacy theater, created by people who don’t know the first thing about privacy.

ICANN has yet to respond Sunde’s complaint.

.web ruling hands Afilias a chance, Verisign a problem, and ICANN its own ass on a plate

ICANN has lost yet another Independent Review Process case, and been handed a huge legal bill, after being found to have violated its own rules on transparency and fairness.

The decision in Afilias v ICANN has failed to definitively resolve the issue of whether the auction of the .web gTLD in 2016, won by a shell applicant called Nu Dot Co backed by $135 million of Verisign’s money, was legit.

ICANN’s now urging NDC, Afilias and other members of the .web contention set to resolve their beefs privately, which could lead to big-money pay-days for the losing auction bidders at Verisign’s expense.

For ICANN board and staff, the unanimous, three-person IRP panel decision is pretty damning, with the ruling saying the org “violated its commitment to make decisions by applying documented policies objectively and fairly”.

It finds that ICANN’s board shirked its duty to consider the propriety of the Verisign/NDC bid, allowing ICANN staff to get perilously close to signing a registry contract with an applicant that they knew may well have been in violation of the new gTLD program rules.

Despite being named the prevailing party, it’s not even close to a full win for Afilias.

The company had wanted the IRP panel to void the NDC/Verisign winning bid and award .web to itself, the second-highest bidder. But the panel did not do that, referring the decision instead back to ICANN.

As the loser, ICANN has been hit with a $1,198,493 bill to cover the cost of the case, which includes Afilias’ share of $479,458, along with another $450,000 to cover Afilas’ legal fees connected to an earlier emergency IRP request that ICANN “abusively” forced Afilias into.

The case came about due to a dispute about the .web auction, which was run by ICANN in July 2016.

Six of the seven .web applicants had been keen for the contention set to be settled privately, in an auction that would have seen the winning bid distributed evenly among the losing bidders.

But NDC, an application vehicle not known to be particularly well-funded, held out for a “last resort” auction, in which the winning bid would be deposited directly into ICANN’s coffers.

This raised suspicions that NDC had a secret sugar daddy, likely Verisign, that was covertly bankrolling its bid.

It was not known until after NDC won, with a $135 million bid, that these suspicions were correct. NDC and Verisign had a “Domain Acquisition Agreement” or DAA that would see NDC transfer its .web contract to Verisign in exchange for the money needed to win the auction (and presumably other considerations, though almost all references to the terms of the DAA have been redacted by ICANN throughout the IRP).

Afilias and fellow .web applicant Donuts both approached ICANN before and after the auction, complaining that the NDC/Verisign bid was bogus, in violation of program rules requiring applicants to notify ICANN if there’s any change of control of their applications, including agreements to transfer the gTLD post-contracting.

ICANN has never decided at the board level whether these claims have merit, the IRP panel found.

The board did hold a secret, off-the-books discussion about the complaints at its retreat November 3, 2016, and concluded, without any type of formal vote, that it should just keep its mouth shut, because Afilias and Donuts had already set the ball rolling on the accountability mechanisms that would ultimately lead to the IRP.

More than half the board was in attendance at this meeting, and discussions were led by ICANN’s top two lawyers, but the fact that it had even taken place was not disclosed until June last year, well over three and a half years after the fact.

Despite the fact that the board had made a conscious, if informal, choice not to decide whether the NDC/Verisign bid was legit, ICANN staff nevertheless went ahead and started contracting with NDC in June 2018, taking the .web contention set off its “on-hold” status.

Talks progressed to the point where, on June 14, ICANN had sent the .web contract to NDC, which immediately returned a signed copy, and all that remained was for ICANN to counter-sign the document for it to become binding.

ICANN VP Christine Willett approved the countersigning, but four days later Afilias initiated the Cooperative Engagement Process accountability mechanism, the contract was ripped up, and the contention set was placed back on hold.

“Thus, clearly, a registry agreement with NDC for .WEB could have been executed by ICANN’s Staff and come into force without the Board having pronounced on the propriety of the DAA under the Guidebook and Auction Rules,” the IRP panel wrote.

This disconnect between the board and the legal staff is at the core of the panel’s criticism of ICANN.

The board had decided that Afilias’ claim that NDC had violated new gTLD program rules was worthy of consideration and had informally agreed to defer making a decision, but the staff had nevertheless gone ahead with contracting with a potentially bogus applicant, the panel found.

In the opinion of the Panel, there is an inherent contradiction between proceeding with the delegation of .WEB to NDC, as the Respondent [ICANN] was prepared to do in June 2018, and recognizing that issues raised in connection with NDC’s arrangements with Verisign are serious, deserving of the Respondent’s consideration, and remain to be addressed by the Respondent and its Board, as was determined by the Board in November 2016. A necessary implication of the Respondent’s decision to proceed with the delegation of .WEB to NDC in June 2018 was some implicit finding that NDC was not in breach of the New gTLD Program Rules and, by way of consequence, the implicit rejection of the Claimant’s [Afilias’] allegations of non-compliance with the Guidebook and Auction Rules. This is difficult to reconcile with the submission that “ICANN has taken no position onw hether NDC violated the Guidebook”.

The upshot of the panel’s ruling is to throw the issue back to ICANN, requiring the board to decide once and for all whether Verisign’s auction gambit was kosher.

If you’ll excuse the crude metaphor, ICANN’s board has been told to shit or get off the pot:

The evidence in the present case shows that the Respondent, to this day, while acknowledging that the questions raised as to the propriety of NDC’s and Verisign’s conduct are legitimate, serious, and deserving of its careful attention, has nevertheless failed to address them. Moreover, the Respondent has adopted contradictory positions, including in these proceedings, that at least in appearance undermine the impartiality of its processes.

…

[The panel r]ecommends that the Respondent stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the Respondent’s Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following the Claimant’s complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC’s application for .WEB should be rejected and its bids at the auction disqualified;

At the same time as the decision was published last night — shortly after midnight UTC and therefore helpfully too late to make it into today’s edition of ICANN’s godawful new email subscriptions feature — ICANN issued a statement on the outcome.

“In its Final Declaration, the IRP panel ruled that the ICANN Board, and not an IRP panel, should decide which applicant should become the registry operator for .WEB,” CEO Göran Marby said.

“The ICANN Board will consider the Final Declaration as soon as feasible, within the timeframe prescribed in the Bylaws, and remains hopeful that the relevant .WEB applicants will continue to seek alternatives to resolve the dispute between them raised during the IRP,” the statement concludes.

That should be of concern to Verisign, as any non-ICANN resolution of the .web battle is inevitably going to involve Verisign money flowing to its competitors.

But my first instinct strikes me that this a is a low-probability outcome.

It seems to me much more likely at first glance that ICANN will rule the NDC/Verisign ploy legitimate and proceed to contracting again.

For it to declare that using a front organization to bid for a gTLD is against the rules would raise questions about other applications that employed more or less the same tactic, such as Automattic’s successful bid, via an intermediary, for .blog, and possibly the 100-ish applications Donuts and Rightside cooperated on.

The ICANN bylaws say the board has to consider the IRP’s findings at its next meeting, for which there’s currently no published date, where feasible.

I should note that, while Donuts acquired Afilias last December, the deal did not include its .web application, which is why both the panel’s decision and this article refer to “Afilias” throughout.

Verisign hopeful after decision reached in .web gTLD case

The fate of .web has been decided, over 20 years after it was first applied for, and Verisign thinks it might emerge triumphant.

The company said last night that the ICANN Independent Review Panel handling the case of Afilias v ICANN reached a decision May 20 and delivered it to Verisign the following day.

Verisign says the panel “dismissed Afilias’ claims for relief seeking to invalidate the .web auction and to award the .web TLD to Afilias, concluding that such issues were beyond its jurisdiction.”

Sounds good for Verisign so far. Afilias wanted its $135 million bid for .web, submitted via an intermediary called Nu Dot Co, thrown out due to claims that ICANN violated its own bylaws by not sufficiently vetting the bidder.

But Verisign goes on to say “the panel’s ruling recommends that ICANN’s Board of Directors consider the objections made about the .web auction and then make a decision on the delegation of .web”.

It adds that the panel found that ICANN violated its fairness and transparency commitments:

With respect to ICANN, the ruling finds that certain actions and/or inaction by ICANN in response to Afilias’ objections violated aspects of ICANN’s bylaws related to transparency and fairness. These findings are particular to ICANN’s actions and not conduct by Verisign. Verisign anticipates that ICANN’s Board will review the panel’s ruling and proceed consistent with the panel’s recommendation to consider the objections and make a decision on the delegation of .web.

Based on Verisign’s statements, it seems that ICANN lost, but Afilias didn’t win.

The revelation was buried in a Securities and Exchange Commission filing on an unrelated financial matter last night. Hat tip to @jintlaw for spotting and tweeting about it.

It’s the most eagerly anticipated IRP ruling since 2011’s .xxx case, but in stark contrast to Rod “let’s draft this tweet” Beckstrom-era ICANN, where the decision was posted in a matter of hours, the 2021 org has not yet posted the panel’s findings or made a public statement acknowledging the ruling.

Verisign says it intends to “vigorously pursue” .web, but “can provide no assurance” as to which way the ICANN board of directors will swing.

ICANN refuses to say why it allowed Donuts to buy Afilias

ICANN appears determined to make its decision-making process when it comes to industry consolidation as opaque as possible.

The Org has denied a request from two rival registries for information about how it approved the acquisition of Afilias by Donuts last December, apparently exploiting a loophole in its bylaws.

The transaction got the nod from ICANN after its December 17 board of directors meeting, at which the board discussed the deal and gave CEO Göran Marby the nod to go ahead and process the request.

What it didn’t do was pass a formal resolution approving the deal, which seems to have given it the room to wriggle out of its transparency requirements, such as publishing its rationale and briefing materials.

It’s a trick it also used last year when it decided to bar Ethos Capital from acquiring Public Interest Registry.

In response to a Documentary Information Disclosure Process request (pdf) last month, filed by Dot Hotel and Domain Venture Partners, ICANN said:

ICANN org makes available, as a matter of due course, on the ICANN website the resolutions taken, preliminary report, minutes, and the Board briefing materials for each Board meeting… ICANN org has already published all materials for the 17 December 2020 Board meeting.

No new information was published.

The DIDP was filed by two applicants for the new gTLD .hotel, which are competing with applications originally filed by both Donuts and Afilias.

They’d also asked for ICANN’s rationale for allowing Donuts to own two .hotel applications post-acquisition, but ICANN said it had no documents reflecting that rationale.

The .hotel contest is also the subject of an Independent Review Process case and a lawsuit, in which DVP is a plaintiff.

Got beef with ICANN? Why you may not want to use the Ombudsman

Complaining to the independent Ombudsman may not be the best way to start a beef with ICANN, and that’s according to the Ombudsman himself.

Herb Waye told DI this week that consulting him as a first port of call may well lock complainants out of escalating their complaints through his office in future procedures.

Earlier this week, I reported on a lawsuit filed by three so-far unsuccessful .hotel gTLD applicants, which among other things alleges that ICANN’s Request for Reconsideration appeals process is a “sham”.

Reconsideration has quite a high barrier to success, and complaints are rarely successful. Requests are dealt with by the Board Accountability Mechanisms Committee, a subset of the very same board of directors that passed the resolution being complained about, advised by the same ICANN lawyers.

But RfRs are also automatically sent to the Ombudsman for a determination before the BAMC looks into them, which should provide a valuable and ostensibly independent second set of critical eyes.

However, in practice this has almost never happened since the provision was added to the ICANN bylaws five year ago.

The .hotel plaintiffs tallied up the 14 RfRs related to the new gTLD program since 2017 and found that the Ombudsman had recused himself, without detailed explanation, on every single occasion. Their complaint in California Superior Court reads:

Neither ICANN nor the Ombudsman has provided any intelligible reason for this gross flouting of ICANN’s bylaws and the Ombudsman’s dereliction of duty, other than a naked and vague claim of “conflict of interest”. The lack of any Ombudsman process not only violates ICANN’s bylaws and its contracts with Plaintiffs, but it renders the promise of a fair and independent Reconsideration process null and illusory, and the notion of true accountability a farce.

The ICANN bylaws state that the Ombudsman must recuse himself from considering RfRs “involving matters for which the Ombudsman has, in advance of the filing of the Reconsideration Request, taken a position while performing his or her role as the Ombudsman”.

According to Waye’s explanation, this is a very broad standard indeed. He told DI in an email:

it is not just me but over 18(?) years of Office of the Ombudsman involvement in complaints or investigations. So I need to go back through the archives when I receive an RR to make sure neither Chris [LaHatte] nor Frank [Fowlie] have made a determination (it doesn’t have to be a public report (or position) or a report to the Board to qualify for recusal).

Among other factors, it also doesn’t have to be a past determination directly involving the RR requestor either… if the substance of the RR has been reviewed by the Office in the past, or if the RR is about an issue similar to one that has been the subject of a complaint and a determination, then recusal is also required to avoid inconsistencies or perceived bias.

He consults with his “independent outside counsel”, Dave Marglin, when figuring out whether recusal is necessary, he said.

Waye published an explanation of his role in Reconsideration on page 19 of the Ombusdman’s most-recent annual report (pdf).

I wondered whether a 2015 decision by Waye predecessor LaHatte related to the new gTLD program’s controversial Community Priority Evaluation might account for the spate of recusals over the last few years, but Waye would not be drawn.

“I can’t identify specifics about each recusal as I must at all cost avoid identifying past complainants or subjects of complaints,” he said. “As I mentioned, some published reports may be the reason for a recusal but it may also be the result of the RfR issue having passed through my Office prior to the RfR being filed as a complaint; which may or may not be a known fact, so I err on the side of caution and treat all recusals the same.”

Given that the Ombudsman also deals with sensitive interpersonal interactions, including sexual harassment complaints, a code of confidentiality could be a good thing.

But it also means that there are an unknown number of undisclosed topics, dating back the best part of two decades, that the Ombudsman is apparently powerless to address via the Reconsideration process.

And that list of untouchable topics will only get longer as time goes by, incrementally weakening ICANN’s accountability mechanisms.

It seems to me that for companies with no interest in confidentiality but with serious complaints against an ICANN board action, complaining to the Ombudsman as the first port of call in a case that would likely be escalated to Reconsideration, Cooperative Engagement Process and Independent Review Process may be a bad idea.

Not only would they be locking the Ombudsman out of their own subsequent RfR, but they’d be preventing him or her getting involved in related RfRs for eternity.

Waye does not disagree. He said:

I think anyone considering bringing a complaint to the Office of the Ombuds should now consider their desired outcome if there is any possibility the issue may be something that could eventually take the RfR route. Do they want an informal (potentially confidential) determination from the Ombuds or do they want something more “public” from the Ombuds in the form of a substantive evaluation made directly to the BAMC. It’s still a new process and my participation in the RfR accountability mechanism is still a work in progress for the people considering using the RfR. But it’s what the community wanted and we will make it work.

It strikes me that the Reconsideration policy outlined in the ICANN bylaws is, by accident or design, self-terminating and opaque. It becomes less useful the more often it is used, as the range of topics the Ombudsman is permitted to rule on are slowly whittled away in secret.

It also occurs to be that it might be open to abuse and gaming.

Worried that a rival company will try to use Reconsideration to your disadvantage? Why not file a preemptive Ombudsman complaint on the same topic, forcing him to recusing himself and leaving the eventual RfR in the hands of the far-from-objective BAMC and ICANN board?

Waye said:

I suppose it would be possible, though it would require me making a determination or taking a position of sorts related to the eventual RfR… a complaint doesn’t automatically mean recusal. And of course it would mean me and my counsel not seeing through the “gaming” agenda and declining the complaint at the outset.

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

…

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

…

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.