Got beef with ICANN? Why you may not want to use the Ombudsman
Complaining to the independent Ombudsman may not be the best way to start a beef with ICANN, and that’s according to the Ombudsman himself.
Herb Waye told DI this week that consulting him as a first port of call may well lock complainants out of escalating their complaints through his office in future procedures.
Earlier this week, I reported on a lawsuit filed by three so-far unsuccessful .hotel gTLD applicants, which among other things alleges that ICANN’s Request for Reconsideration appeals process is a “sham”.
Reconsideration has quite a high barrier to success, and complaints are rarely successful. Requests are dealt with by the Board Accountability Mechanisms Committee, a subset of the very same board of directors that passed the resolution being complained about, advised by the same ICANN lawyers.
But RfRs are also automatically sent to the Ombudsman for a determination before the BAMC looks into them, which should provide a valuable and ostensibly independent second set of critical eyes.
However, in practice this has almost never happened since the provision was added to the ICANN bylaws five year ago.
The .hotel plaintiffs tallied up the 14 RfRs related to the new gTLD program since 2017 and found that the Ombudsman had recused himself, without detailed explanation, on every single occasion. Their complaint in California Superior Court reads:
Neither ICANN nor the Ombudsman has provided any intelligible reason for this gross flouting of ICANN’s bylaws and the Ombudsman’s dereliction of duty, other than a naked and vague claim of “conflict of interest”. The lack of any Ombudsman process not only violates ICANN’s bylaws and its contracts with Plaintiffs, but it renders the promise of a fair and independent Reconsideration process null and illusory, and the notion of true accountability a farce.
The ICANN bylaws state that the Ombudsman must recuse himself from considering RfRs “involving matters for which the Ombudsman has, in advance of the filing of the Reconsideration Request, taken a position while performing his or her role as the Ombudsman”.
According to Waye’s explanation, this is a very broad standard indeed. He told DI in an email:
it is not just me but over 18(?) years of Office of the Ombudsman involvement in complaints or investigations. So I need to go back through the archives when I receive an RR to make sure neither Chris [LaHatte] nor Frank [Fowlie] have made a determination (it doesn’t have to be a public report (or position) or a report to the Board to qualify for recusal).
Among other factors, it also doesn’t have to be a past determination directly involving the RR requestor either… if the substance of the RR has been reviewed by the Office in the past, or if the RR is about an issue similar to one that has been the subject of a complaint and a determination, then recusal is also required to avoid inconsistencies or perceived bias.
He consults with his “independent outside counsel”, Dave Marglin, when figuring out whether recusal is necessary, he said.
Waye published an explanation of his role in Reconsideration on page 19 of the Ombusdman’s most-recent annual report (pdf).
I wondered whether a 2015 decision by Waye predecessor LaHatte related to the new gTLD program’s controversial Community Priority Evaluation might account for the spate of recusals over the last few years, but Waye would not be drawn.
“I can’t identify specifics about each recusal as I must at all cost avoid identifying past complainants or subjects of complaints,” he said. “As I mentioned, some published reports may be the reason for a recusal but it may also be the result of the RfR issue having passed through my Office prior to the RfR being filed as a complaint; which may or may not be a known fact, so I err on the side of caution and treat all recusals the same.”
Given that the Ombudsman also deals with sensitive interpersonal interactions, including sexual harassment complaints, a code of confidentiality could be a good thing.
But it also means that there are an unknown number of undisclosed topics, dating back the best part of two decades, that the Ombudsman is apparently powerless to address via the Reconsideration process.
And that list of untouchable topics will only get longer as time goes by, incrementally weakening ICANN’s accountability mechanisms.
It seems to me that for companies with no interest in confidentiality but with serious complaints against an ICANN board action, complaining to the Ombudsman as the first port of call in a case that would likely be escalated to Reconsideration, Cooperative Engagement Process and Independent Review Process may be a bad idea.
Not only would they be locking the Ombudsman out of their own subsequent RfR, but they’d be preventing him or her getting involved in related RfRs for eternity.
Waye does not disagree. He said:
I think anyone considering bringing a complaint to the Office of the Ombuds should now consider their desired outcome if there is any possibility the issue may be something that could eventually take the RfR route. Do they want an informal (potentially confidential) determination from the Ombuds or do they want something more “public” from the Ombuds in the form of a substantive evaluation made directly to the BAMC. It’s still a new process and my participation in the RfR accountability mechanism is still a work in progress for the people considering using the RfR. But it’s what the community wanted and we will make it work.
It strikes me that the Reconsideration policy outlined in the ICANN bylaws is, by accident or design, self-terminating and opaque. It becomes less useful the more often it is used, as the range of topics the Ombudsman is permitted to rule on are slowly whittled away in secret.
It also occurs to be that it might be open to abuse and gaming.
Worried that a rival company will try to use Reconsideration to your disadvantage? Why not file a preemptive Ombudsman complaint on the same topic, forcing him to recusing himself and leaving the eventual RfR in the hands of the far-from-objective BAMC and ICANN board?
Waye said:
I suppose it would be possible, though it would require me making a determination or taking a position of sorts related to the eventual RfR… a complaint doesn’t automatically mean recusal. And of course it would mean me and my counsel not seeing through the “gaming” agenda and declining the complaint at the outset.
One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next
Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.
The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.
The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.
Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.
ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.
In its motion to dismiss (pdf), its lawyers wrote:
Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.
…
Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.
In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.
While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.
A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.
It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.
On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.
The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.
…
How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered
Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.
The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.
The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.
In my opinion, this kind of bullshit has to stop.
Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):
Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.
The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.
ICANN made over $500k in secret lawyer payments over [REDACTED] legal dispute
ICANN has approved a payout of over half a million dollars to outside lawyers for work on a legal dispute it does not want you to know about.
The board of directors a week ago approved the disbursement of a “[Redacted – Privileged & Confidential]” sum to undisclosed parties in relation to “extensive activity in [Redacted – Privileged & Confidential]”.
Under ICANN policy, the fact that board approval was required means that the amount being paid is at least $500,000. The redacted resolution also authorizes additional payments up to $499,999.
ICANN isn’t providing any hints about what the payments concern, other than that it’s a legal dispute of some kind. The resolution states:
When required, ICANN must engage outside legal counsel to help prepare for and defend against all types of disputes that are brought against ICANN. When those disputes become highly contentious they often require significant involvement during a certain time period by outside counsel and that significant amount of time also results in significant fees and related expenses.
The words “related expenses” may be telling. We may not just be talking about lawyers’ fees here.
ICANN also does not state when the expenses were incurred, other than to note that the org’s budget for fiscal 2020, which ended June 30, “contemplated” the need for such payments.
So we’re talking about a legal issue that ICANN was aware of before May 2019, when the FY20 budget was approved, possibly as far back as December 2018, when earlier versions of that budget were published.
Known legal disputes that were active back then and have seen activity in the last few months include the Afilias Independent Review Process complaint about the .web auction and DotConnectAfrica’s court appeal over its .africa loss.
But both of those cases are matters of public record. ICANN even regularly publishes legal documentation on both. They’re not secret.
The only cases I’m aware of that ICANN has actively tried to keep secret involve allegations of sexual discrimination and harassment made against at least one former senior staffer. One such lawsuit was filed late February 2019.
But the hundreds of thousands doled out by ICANN last week could be related to just about anything.
ICANN’s bylaws give the board a broad brush when it comes to redacting information from published resolutions:
any actions relating to personnel or employment matters, legal matters (to the extent the Board determines it is necessary or appropriate to protect the interests of ICANN), matters that ICANN is prohibited by law or contract from disclosing publicly, and other matters that the Board determines, by a three-quarters (3/4) vote of Directors present at the meeting and voting, are not appropriate for public distribution
Usually, when ICANN redacts information, it’s related to personnel matters such as management bonuses.
Whatever it was ICANN just spent your money on, ICANN ain’t saying.
This ICANN comment period is a Kafkaesque nightmare
With the deadline for commenting on draft new gTLD program rules rapidly approaching, you may be tempted to visit the ICANN web site to peruse the comments that have already been submitted by others. Good bloody luck.
The way ICANN has chosen to present the comments is so bafflingly opaque, confusing and confounding that I can’t help but conclude it must have been deliberately designed to be as soul-crushing as possible.
Regular comment periods are pretty straightforward: you email your comments as prose to ICANN, ICANN publishes the email and any attachments for others to read. Everyone knows where everyone stands. Job done.
But recently there’s been a worrying trend towards a questionnaire and spreadsheet model based around Google Docs, and that’s the model being used for comments on the final draft report of the new gTLD program working group, known as SubPro.
You can check out the spreadsheet here.
The first thing you’ll notice is that the spreadsheet is 215 columns wide, with each respondent given one row for their responses.
You’ll also notice that the spreadsheet doesn’t seem to understand line breaks. Where the respondent has provided some textual commentary, it’s spread across multiple columns in some cases and not in others.
And then there’s the column headings.
While stumbling randomly through the spreadsheet, I discovered an interesting nugget of information — it seems the new gTLD registry MMX wants the next application round delayed until all of the 2012 round have been launched, which I found a bit surprising.
This nugget can be found under the column heading “Enter your response here”, a heading that is helpfully shared by 90 (ninety) other columns on the same damn page.
The heading “Do you want to save your progress and quit for now? You will be able to return to the form to complete it at a later time” appears 10 times in the document.
No information in adjacent columns sheds any light on what triggered MMX to make its comment.
In order to figure out the question for pretty much any response, the only option appears to be to cross-reference the spreadsheet with the original form questionnaire, which can be found as a PDF here.
But the questionnaire has 234 questions and there’s no straightforward correlation between the question number and the columns on the spreadsheet, which are addressed as AA through IG.
So when you see that European industry group CENTR went to the trouble to “Support Output(s) as written” in column DI, under the heading “If you choose one of the following responses, there is no need to submit comments”, it’s virtually impossible to figure out what it actually supports.
If you are able to figure out which question it was answering, that probably won’t help you much either.
The form merely contains brief summaries of changes the working group has made. To see the “Output(s) as written” you’d have to cross-reference with the 363-page draft final report (pdf).
A lot of you are probably thinking that I should just export the spreadsheet into Excel or OpenOffice and clean it up a bit. But, no, you can’t. ICANN has disabled exporting, downloading, and even copy-pasting.
It’s enough to make one feel like going out and licking the floor on public transport.
Way to go on the transparency, ICANN!
I have to believe that the ICANN staffer responsible for compiling all these comments into the official ICANN summary has some tools at his or her disposal to render this mess decipherable, because otherwise they’ve got a huge, hair-ripping job on their hands.
Of course, since there doesn’t appear to be a way for the rest of us to verify the summary report’s accuracy, they can probably just write whatever they want.
ICANN’s .org decision was NOT unanimous, and it was made in secret
When ICANN announced its decision to deny Public Interest Registry’s request to be acquired by Ethos Capital at the end of April, I felt a little foolish.
I’d confidently predicted just days earlier that the decision by the board would not be unanimous, but ICANN, in announcing the decision, said “the entire Board stands by this decision”.
But it turns out I was right after all. Three directors voted against the consensus and one abstained.
The dissenting votes were cast by industry policy consultant Avri Doria, Serbian internet pioneer Danko Jevtović, and former Sudanese ccTLD operator Ihab Osman.
Doria and Jevtović voted against the first resolved clause, which rejected PIR’s request. All three voted against the second resolved clause, which would have allowed PIR to file a second request.
Sarah Deutsch, a private practice lawyer, abstained from both votes, presumably because she also sits on the board of the Electronic Frontier Foundation, the civil liberties group that can, via California’s attorney general, probably be credited most with getting the transaction killed.
All three dissenters and Deutsch are Nominating Committee appointees.
According to the preliminary report of the April 30 meeting, “Doria indicated that she would be voting against the resolution and explained her views about how the public interest would be better served by ICANN granting its consent to PIR’s request.”
What her reasons were are not reflected in the record.
It also seems likely that any substantive minuting of ICANN’s decision is likely to be limited, as it appears to have been made at a different, off-the-books session at an unspecified earlier date.
The preliminary report notes the “the Board discussed and considered alternative draft resolutions for potential Board action as part of an earlier briefing”.
No such earlier meeting is listed on ICANN’s web site. The board’s previous formal meeting, two weeks earlier, had PIR’s request removed from the agenda at the last minute.
So it appears that ICANN’s board decided to reject the deal basically in secret at some point between April 17 and April 29, during a meeting of which ICANN has no obligation to publicly release the minutes.
Nice transparency loophole!
There’s always the Documentary Information Disclosure Policy, I suppose.
Court rules domain name list should stay secret
Publishing a list of every domain name in their zone is something that most TLD registries do automatically on a daily basis, but a court in Chile has ruled that doing so is a cybersecurity risk.
NIC Chile, which runs .cl, said last week that it has won an appeal against a Transparency Council ruling that would have forced it to publish a list of the domains it manages.
The Court of Appeals ruled that the registry was within its rights to refuse to hand over an Excel spreadsheet listing the 575,430 domains in .cl to the person who requested it.
The request was just for the list of domains, with none of the other data you’d find in a zone file and no Whois information about the registrants.
Nevertheless, the court unanimously ruled that to hand over the list would present “cybersecurity risks”, according to NIC Chile attorney Margarita Valdés Cortés.
NIC Chile said in a statement:
In this particular case, it was considered that the bulk delivery of domain names to a private individual could generate risks of cybersecurity of various kinds, both in access to information as a result of those domain names as well as the possibility that, by having such a list, attacks on servers, phishing, spam or others could be made easier. Similarly, the ruling of the Court of Appeals understood that the delivery of the data affects commercial and economic rights of the holders of these .CL domains, and considered that there is a legal cause that justifies NIC Chile´s refusal to turn over the list of all registered names.
Cortés said that the case will now go to the nation’s Supreme Court for a final decision, after the Transparency Council appealed.
Access to zone files is considered by many security researchers to be an invaluable tool in the fight against cybercrime.
NIC Chile has published the ruling, in Spanish, here (pdf).
Nominet under fire for lack of transparency
Nominet has raised the ire of critics of its Direct.uk proposal for refusing to engage with them, including forcibly ejecting one of their number from a .uk policy meeting.
Opponents of Direct.uk, which would open .uk’s second-level for the first time, have cataloged a number of instances of Nominet apparently failing to act in a transparent manner over the last few weeks.
Most notably, domainer Stephen Wilde of Really Useful Domains, author of a paper critical of Direct.uk, was “escorted” by hotel security staff from a recent policy discussion co-hosted by Nominet.
Domain lawyer Paul Keating was also refused entry and left without an escort.
The event was jointly hosted with the British Computer Society and the Digital Policy Alliance and was restricted to BCS members.
Wilde said that he had joined BCS specifically in order to attend the meeting and had then spent four hours on a train to get there. He said that there were plenty of empty seats in the venue.
Nominet spokesperson Elaine Quinn told DI that Nominet’s goal is to get as diverse a range of views as possible.
Wilde had already attended multiple previous meetings on the same topic and had been quite vocal at those, it seems. Nominet was worried that he might prevent other voices from being heard at the BCS event.
Quinn posted a statement to Nominet’s members-only forums, which was provided to DI, which read in part:
Two individuals who had been informed that they would not be able to attend in advance nonetheless turned up. Both initial requests to join were polite and were met in turn with a polite response. When the decision to deny entry was repeated, one person continued to remonstrate with our staff. He was then asked to leave the private area (not the hotel) by the hotel security. Upon refusal, the hotel security guard escorted the individual out of the area.
Colleagues at the event felt that the behaviour exhibited was unacceptable and that steps to protect our staff and to allow the event to proceed as planned were, unfortunately, necessary.
The BCS meeting was the latest in a series of controversies that have been raised by Direct.uk’s opponents and cataloged on the pseduonymous blog NominetWatch.com, which claims Nominet is trying to “silence dissenting voices”.
Another of its posts relates to the UK Network Operators Forum, an event on Friday in London.
A Nominet executive had been scheduled to speak at the event and others were due to attend, but all withdrew after the company discovered that Emily Taylor, its former head of policy and now one of its fiercest critics, was also speaking.
Taylor’s presentation (pdf) criticized Nominet’s lack of transparency, comparing it to ICANN’s relatively open culture.
Quinn confirmed that Nominet’s would-be attendees withdrew from the event, but said that this was because they were technical staff not qualified to speak to Taylor’s governance-focused criticisms.
NominetWatch also recently blogged about the fact that Nominet recently closed the comments on a blog post about Direct.uk, suggesting it was intended to stifle debate.
Quinn confirmed that comments were closed, but said it was a temporary measure while Nominet, which had staff on vacation, sifted through some of the many defamatory comments that had been submitted.
Comments have since been reopened and a backlog, many of which are critical of Nominet, have been published.
ICANN cancels Fridays. Bad for transparency.
ICANN’s next public meeting, and all its public meetings thereafter, will be a day shorter than usual, following a decision to cancel the regular Friday morning program.
No Friday means no public meeting of the board of directors.
While the move is being characterized as an effort to enhance the effectiveness of ICANN’s board – a particular concern, frequently voiced, of chairman Steve Crocker – it’s also a perplexing shift away from ICANN’s core tenet of transparency.
One of the effects could be to mask dissent on the board.
From now on, it appears that all of ICANN’s top-level decision-making will happen in private.
Instead of wrapping up each public meeting with a board session at which resolutions get voted on, each meeting will instead be book-ended by less formal “community sessions”.
During these sessions, the board will apparently report to attendees about what it has been doing since the last meeting and what it plans to do before the next meeting.
Crocker said in a statement:
We believe that the removal of the Friday public Board meeting and its replacement with two Board community sessions will improve the effectiveness of both the Board and the staff and increase the time that the Board has to interact with the community.
That may well be true — time will tell — but let’s look at what the ICANN community is almost certainly losing.
First, there will be no more transcripts of board meetings at all.
Today, only the public meetings have published recordings and transcripts. Intersessional meetings are minuted, but not transcribed. If recordings are made, they are not published.
Killing off transcripts completely is a pretty obvious step backwards for an organization committed by its bylaws to “operate to the maximum extent feasible in an open and transparent manner”.
Second, if there is dissent on the board, it will be essentially shielded from the community’s view for some time after the fact.
Take, for example, the approval of the new gTLD program or the approval of ICM Registry’s .xxx contract – the two most controversial decisions ICANN made in 2011.
In both cases, certain directors read prepared statements into the record harshly criticizing the majority view.
In March 2011, for example, George Sadowsky stated that ICM’s purported community support for .xxx was “illusory” and that approving the TLD could lead to DNS Balkanization.
And with new gTLDs last June, Mike Silber abstained in the belief that the program was incomplete and that the vote had been scheduled “based on artificial and ego-driven deadlines”.
In both cases, the ICANN community heard the dissenting views – in person, webcast, recorded and transcribed – moments before the vote actually took place.
With no public board meetings, it seems likely that in future that we’re going to have to wait a week to read the voting record for any given resolution and a month or more to read directors’ statements.
Under ICANN’s bylaws, the voting record, which breaks down who voted for and against resolutions, is contained in a preliminary report that is not published for seven days after the vote.
Also under the bylaws, directors’ voting statements are not published until the minutes of the meeting are approved at the board’s next meeting, typically one to two months later.
If the new procedures had been in effect last year, the statements of Sadowsky and Silber would not have been published for over a month after they were made.
With that in mind, it’s clear that killing off the public board meetings could in no way be seen as a positive step for transparency at ICANN.
It’s true that these meetings have for several years been pure theater, but it was theater with value.
Recent Comments