Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
ICANN threatens to seize gTLD after Whois downtime
Are we about to see our next gTLD registry implosion?
ICANN has whacked the company behind .gdn with a breach notice and a threat that it may seize the TLD, after its Whois systems allegedly suffered days of downtime.
According to ICANN, .gdn exceeded its weekly and monthly downtime limits in late March and early April, in both months triggering the threshold whereby ICANN is allowed to transition the TLD to an Emergency Back-End Registry Operator.
gTLD registries are allowed to have 864 minutes (about 14 hours) of unplanned Whois downtime per month. Downtime exceeding 24 hours per week is enough to trigger ICANN’s EBERO powers.
It appears to be the third time .gdn’s Whois has gone on the blink for longer than the permitted period — ICANN says it happened in April 2018 and August 2019 too. Those incidents were not publicized.
It seems the Russian registry, Joint Stock Company “Navigation-information systems”, managed to fix the problem on April 2, and ICANN is not invoking the EBERO transition, something it has done just a couple times before, just yet.
But it does want NIS to present it with a plan showing how it intends to avoid another spell of excessive downtime in future. It has until May 8, or ICANN may escalate.
.gdn is by most measures a bullshit TLD.
While it was originally intended to address some kind of satellite navigation niche, it eventually launched as a pure generic with the backronym “Global Domain Name” in 2016.
It managed to rack up over 300,000 registrations in the space of a year, almost all via disgraced and now-defunct registrar AlpNames, and was highlighted by SpamHaus as being one of the most spam-friendly of the new gTLDs.
After AlpNames went out of business two years ago, ICANN transferred some 350,000 .gdn names to CentralNic-owned registrar Key-Systems.
Today, Key-Systems has fewer than 300 .gdn domains. The TLD’s zone file dropped by about 290,000 domains in a single day last December.
.gdn had fewer than 11,000 domains under management at the end of 2020, 90% of which were registered through a Dubai-based registrar called Intracom Middle East FZE.
Intracom pretty much only sells .gdn domains, suggesting an affiliation with the registry.
Web searches for live sites using .gdn return not much more than what looks like porn spam.
A busted Whois looks like the least of its problems, to be honest.
IP lobby demands halt to Whois reform
Trademark interests in the ICANN community have called on the Org to freeze implementation of the latest Whois access policy proposals, saying it’s “not yet fit for purpose”.
The Intellectual Property Constituency’s president, Heather Forrest, has written (pdf) to ICANN chair Maarten Botterman to ask that the so-called SSAD system (for Standardized System for Access and Disclosure) be put on hold.
SSAD gives interested parties such as brands a standardized pathway to get access to private Whois data, which has been redacted by registries and registrars since the EU’s Generic Data Protection Regulation came into force in 2018.
But the proposed policy, approved by the GNSO Council last September, still leaves a great deal of discretion to contracted parties when it comes to disclosure requests, falling short of the IPC’s demands for a Whois that looks a lot more like the automated pre-GDPR system.
Registries and registrars argue that they have to manually verify disclosure requests, or risk liability — and huge fines — under GDPR.
The IPC has a few reasons why it reckons ICANN should slam the brakes on SSAD before implementation begins.
First, it says the recommendations sent to the GNSO Council lacked the consensus of the working group that created them.
Intellectual property, law enforcement and security interests — the likely end users of SSAD — did not agree with big, important chucks of the working group’s report. The IPC reckons eight of the 18 recommendations lacked a sufficient degree of consensus.
Second, the IPC claims that SSAD is not in the public interest. If the entities responsible for “policing the DNS” don’t think they will use SSAD due to its limitations, then why spend millions of ICANN’s money to implement it?
Third, Forrest writes that emerging legislation out of the EU — the so-called NIS2, a draft of a revised information security directive —- puts a greater emphasis on Whois accuracy
Forrest concludes:
We respectfully request and advise that the Board and ICANN Org pause any further work relating to the SSAD recommendations in light of NIS2 and given their lack of community consensus and furtherance of the global public interest. In light of these issues, the Board should remand the SSAD recommendations to the GNSO Council for the development of modified SSAD recommendations that meet the needs of users, with the aim of integrating further EU guidance.
It seems the SSAD proposals will be getting more formal scrutiny than previous GNSO outputs.
When the GNSO Council approved the recommendations in September, it did so with a footnote asking ICANN to figure out whether it would be cost-effective to implement an expensive — $9 million to build, $9 million a year to run — system that may wind up being lightly used.
ICANN has now confirmed that SSAD and the other Whois policy recommendations will be one of the first recipients of the Operational Design Phase (pdf) treatment.
The ODP is a new, additional layer of red tape in the ICANN policy-making sausage machine that slots in between GNSO Council approval and ICANN board consideration, in which the Org, in collaboration with the community, tries to figure out how complex GNSO recommendations could be implemented and what it would cost.
ICANN said this week that the SSAD/Whois recommendations will be subject to a formal ODP in “the coming months”.
Any question about the feasibility of SSAD would be referred back to the GNSO, because ICANN Org is technically not supposed to make policy.
Public comments open on new Whois policies
It’s your last chance to comment on ICANN’s proposed revisions to Whois policy.
ICANN has opened up public comments on what it opaquely calls EPDP Phase 2 Policy Recommendations for Board Consideration.
Why it just can’t use the term “Whois access”, or announce its public comment periods in layman’s terms is beyond me. Doesn’t it want public comments? Still, translating this nonsense into English keeps me in work, so I guess I won’t complain too hard.
The main feature of the proposed policy is a multi-tiered, somewhat centralized system for requesting access to Whois data about private registrants that has been redacted since the EU’s General Data Protection Regulation came into effect in May 2018.
It’s called SSAD, for System for Standardized Access and Disclosure, which was pieced together by a working group of community volunteers over a year.
Domain companies are generally okay with the compromise it represents, but intellectual property interests and others who would actually use the system think it’s a useless waste of money.
It’s expected to cost $9 million to build and $9 million a year to run.
There’s so much uncertainty about the system that in parallel with the public comments ICANN is also consulting with the GNSO Council, which approved the proposals in September, to figure out whether it’s even workable, and with the European Commission to figure out if it’s even legal.
After the public comment period closes on March 30, the comments will be compiled by ICANN staff and burned on a big fire sent to the ICANN board for final approval.
US sneaks public Whois demands into pandemic relief bill
Outgoing US president Donald Trump has signed into law a coronavirus relief bill and spending package that contains a surprise instruction for the government to pursue open access to Whois records.
The Consolidated Appropriations Act of 2021 is focused on federal spending for fiscal 2021, with billions set aside for pandemic-related economic stimulus. It’s the bill you may recall Trump refused to sign for several days on the purported basis that it only provided Americans with a piddling $600 check.
An accompanying document contains encouragement for the National Telecommunications and Information Administration to “to require registrars and registries based in the United States to collect and make public accurate domain name registration information”.
It also asks the NTIA to continue to work within ICANN’s Governmental Advisory Committee to help create “a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information”.
The text can be found in a joint explanatory statement (pdf) accompanying the act. It’s not on the statute books as such, but it does tell NTIA how to spend the money it’s been allocated.
The full text relevant to the domain name industry reads:
NTIA is directed, through its position within the Governmental Advisory Committee o work with I CANN to expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes. NTIA is encouraged, as appropriate, to require registrars and registries based in the United States to collect and make public accurate domain name registration information.
As ICANN notes in its analysis, the first sentence is not telling NTIA to do anything it hasn’t been doing since the European Union’s General Data Protection Regulation came into effect two and a half years ago.
The NTIA and GAC have been involved in efforts to create a privacy workaround for rights holders and law enforcement, which in September came up with the widely panned SSAD proposals. ICANN is currently pleading with the EU for clarity on whether it would even be legal.
The second sentence is perhaps a bit more worrying, dangling as it does the possibility of American registries and registrars having to either break EU law or implement a much more complex Whois infrastructure.
But, as ICANN notes, the words “encouraged, as appropriate” are doing a lot of heavy lifting in that sentence, saying “encouragement is aspirational; it is not a mandate”.
However, ICANN appears to be treating it as a warning shot, with head of compliance Jamie Hedlund writing:
It appears to hint that if NTIA and the ICANN community can’t develop a robust access model, Congress could entertain more forceful measures that would impose requirements on U.S.-based registries and registrars to collect and publish domain name registration information.
It seems the NTIA has the wink to cause mischief, should ICANN not deliver what intellectual property lobbyists want.
Whois privacy group finds its new chair
Verisign’s top policy veep is set to become the third chair of the ICANN working group looking at Whois policy in the post-GDPR world.
Keith Drazek has been recommended to head the long-running group, known as the EPDP, and the GNSO Council is due to vote on his appointment next week. He’s likely to be a shoo-in.
He’s VP of policy and government relations at the .com registry, and a long-standing member of the ICANN policy-making community.
I recently opined that ICANN was looking for a “masochistic mug” to chair the group. Drazek was until October the chair of the GNSO Council, and is therefore perfectly qualified for the role.
The third phase of the EPDP process, which in typical ICANNese is denominated “phase 2a”, is likely to be slightly less controversial than the first two.
The EPDP has already decided that ICANN should probably create a Standardized System for Access and Disclosure — SSAD — that may enable law enforcement and intellectual property owners to get their hands on unredacted Whois records.
But governments, IP interests and others have already dismissed the plan as useless, and there’s still a big question mark over whether SSAD is too complex and expensive to be worth implementing.
In the third phase, EPDP members will be discussing rules on distinguishing between legal and natural persons when record-holders decide what info to make public, and whether there should be a standardized system of unique, anonymized email forwarders to contact domain registrants.
They’re both less divisive topics than have been previously addressed, but not without the potential for fireworks.
The email issue, for example, could theoretically enable people to harvest a registrant’s entire portfolio of domains, something very useful for law enforcement and IP lawyers but abhorrent to privacy advocates.
The previous two phases were chaired by Kurt Pritz and Janis Karklins, with Rafik Dammak acting as vice-chair.
After 20 years, DomainTools takes its first VC dough
DomainTools has taken a “significant” investment from a venture capital firm, the first outside funding its received in its 20-year history.
The amount of the investment is undisclosed, but DomainTools said its investor is Battery Ventures.
Battery already owns stakes in numerous software and technology companies, but this appears to be its first foray into the domain name space.
Its principal, Jordan Welu, and partner Dave Tabors will join DomainTools’ board of directors and Andy Rothery, a Battery “executive-in-residence”, will become its executive chairman.
DomainTools said in a press release:
This investment will drive more rapid innovation in DomainTools’ platform capabilities for machine learning-based threat analytics and predictive risk scoring, along with enhanced product development around automating threat intelligence and incident response workflows.
The company is all about the “threat intelligence” nowadays, no doubt partly due to the fact that its original mission of aggregating the world’s Whois data will become decreasingly useful in light of privacy laws such as GDPR.
As a private company its financial position is unknown, but I’ll note that it did take a big chunk of change out of the US taxpayers’ pocket earlier this year under a government coronavirus-related corporate-relief program.
Masochistic mug urgently wanted for thankless, pay-free ICANN leadership role
ICANN still hasn’t found itself a volunteer to head up the next round of no-doubt contentious discussions about Whois policy.
Today it put out its second call for a chair of the Expedited Policy Development Process working group, which is continuing to square the circle of keeping Whois data compliant with data protection law whilst also allowing cops and IP lawyers access to the data.
The EPDP was supposed to have concluded a few months ago with the end of the second phase of talks, but a couple of issues were left unresolved, leading to the creation of a third phase, being spun as “Phase 2a”.
The first issue still to be discussed is if and how registries and registrars should be obliged to make a distinction between the data of private individuals, which is protected by law, and legal entities, which isn’t.
The second is whether it would be possible to have a uniform system of anonymized email addresses across Whois records.
They’re not exactly the most controversial of topics under the Whois umbrella, but they’re not easy asks either.
And the role of chair is time-consuming, uncompensated, with few perks.
ICANN wants somebody who is neutral and, unstated but perhaps more importantly, perceived to be neutral. The chairs of the previous two phases have been policy heavy-hitters Kurt Pritz and Janis Karklins.
It also wants somebody with “considerable experience in chairing working groups”, which immediately drains the pool of potential applicants.
If previous phases of the EPDP are any guide, the successful applicant will have to herd the cats through dozens of hours of teleconferences — the more-complex phase two had 74 meetings, most of which were two hours long.
For their efforts, the chair gets no money, and because of coronavirus travel restrictions they won’t even get paid junkets to international face-to-face meetings.
And if the output of the next phase is anywhere as near as divisive as phase two, they probably won’t win much praise either.
That’s perhaps why ICANN has extended the deadline for expressions of interest from last Friday to November 23.
Applicants go here.
ICANN denies Whois policy “failure” as Marby issues EU warning
ICANN directors have denied that recently delivered Whois policy recommendations represent a “failure” of the multistakeholder model.
You’ll recall that the GNSO Council last month approved a set of controversial recommendations, put forward by the community’s EPDP working group, to create a semi-centralized system for requesting access to private Whois data called SSAD.
The proposed policy still has to be ratified by the ICANN board of directors, but it’s not on the agenda for this week’s work-from-home ICANN 69 conference.
That has not stopped there being some robust discussion, of course, with the board talking for hours about the recommendations with its various stakeholder groups.
The EPDP’s policy has been criticized not only for failing to address the needs of law enforcement and intellectual property owners, but also as a failure of the multistakeholder model itself.
One of the sharpest public criticisms came in a CircleID article by Fabricio Vayra, IP lawyer are Perkins Coie, who tore into ICANN last month for defending a system that he says will be worse than the status quo.
But ICANN director Becky Burr told registries and registrars at a joint ICANN 69 session last week: “We don’t think that the EPDP represents a failure of the multistakeholder model, we actually think it’s a success.”
“The limits on what could be done in terms of policy development were established by law, by GDPR and other data protection laws in particular,” she added.
In other words, it’s not possible for an ICANN working group to create policy that supersedes the law, and the EPDP did what it could with what it was given.
ICANN CEO Göran Marby doubled down, not only agreeing with Burr but passing blame to EU bureaucrats who so far have failed to give a straight answer on important liability issues related to the GDPR privacy regulation.
“I think the EPDP came as far as it could,” he said during the same session. “Some of the people now criticizing it are rightly disappointed, but their disappointment is channeled in the wrong direction.”
He then referred to his recent outreach to three European Commission heads, in which he pleaded for clarity on whether a more centralized Whois model, with more liability shifted away from registrars to ICANN, would be legal.
A failure to provide such clarity would be to acknowledge that the EPDP’s policy proposals are all just fine and dandy, despite what law enforcement and some governments believe, he suggested.
“If the European Union, the European Commission, member states in Europe, or the data protection authorities don’t want to do anything, they’re happy with the situation,” he told registrars and registries.
“If they don’t take actions now, or answer our questions, they’re happy with the way people or organizations get access to the Whois data… it seems that if they don’t change or do anything, they’re happy, and then were are where we are,” he said.
He reiterated similar thoughts at sessions with other stakeholders last week.
But he faced some pushback from members of the pro-privacy Non-Commercial Stakeholders Group, particularly during an entertaing exchange with EPDP member Milton Mueller, who’s unhappy with how Marby has been characterizing the group’s output to the EU.
He specifically unhappy with Marby telling the commissioners: “Should the ICANN Board approve the SSAD recommendations and direct ICANN org to implement it, the community has recommended that the SSAD should become more centralized in response to increased legal clarity.”
Mueller reckons this has no basis in what the EPDP recommended and the GNSO Council approved. It is what the IP interests and governments want, however.
In response, Marby talked around the issue and seemed to characterize it as a matter of interpretation, adding that he’s only trying to provide the ICANN community with the legal clarity it needs to make decisions.
Europe’s top dogs could decide the future of Whois
ICANN is pleading with the European Commission for legal clarity to help solve the two-year-old fight over the future of Whois in the age of GDPR.
CEO Göran Marby has written to three commissioners to ask for a definitive opinion on whether a centralized, mostly automated Whois system would free up registries and registrars from legal liability if their customers’ data is inappropriately disclosed.
It’s a question ICANN has been asking for years, but this time it comes after the ICANN community has come up with a set of policy recommendations that would create something called SSAD, for System for Standardized Access/Disclosure.
SSAD is supported by registries, registrars and non-commercial interests, but has been broadly criticized by governments, intellectual property interests, security experts and others as being not fit for purpose.
While it would create a centralized gateway for funneling Whois queries to contracted parties, and an accreditation system for those making the queries, the decision to accept or refuse the query would still lie with registries and registrars and be largely human-powered.
It’s been described as a glorified, $9 million-a-year ticketing system that will fail to provide better access to Whois to those who say they need it (largely the IP interests).
But registries and registrars say they cannot accept a solution that offloads decision-making to a centralized third party such as ICANN, unless that third party shoulders all the legal liability for mistakes, and whether that’s possible is far from clear this early in the life of GDPR.
As Marby told the commissioners:
Legal clarity could mean the difference between ICANN having a fragmented system that routes most requests for access to non-public registration data from requestors to thousands of individual registries and registrars for a decision, on the one hand, versus ultimately being able to implement a centralized, predictable solution in which decisions about whether or not to disclose non-public registration data in most or all cases could be made consistently, predictably, in a manner that is transparent and accountable to requestors and data subjects alike.
In GDPR lingo, the question is who becomes the “controller” of the data in a centralized system. The controller is the one that could get slapped with huge fines in the event of a privacy breach.
There’s a concept of “successive controllers”, where data is passed through a chain of handlers. ICANN wants clarity on whether, should a registrar send data to an ICANN central gateway, its liability ends there, before the final disclosure decision is made.
It’s asking the European Commission to exercise its authority under the GDPR to force the European Data Protection Board to issue a blanket opinion clarifying these issues, with the expectation that SSAD as currently envisaged could evolve over time to be something more like what the IP folk want.
For ICANN, such a ruling could help quell criticism from its influential advisory bodies, notably the Governmental Advisory Committee, which have come out strongly against the SSAD proposals.
If ICANN chooses to wait for the European Commission and EDPB responses to its new request, it’s highly unlikely we’re going to see the ICANN board fully approve SSAD at its annual general meeting later this month.
Whois plan approved, but it may be a waste of money
ICANN’s GNSO Council has approved a plan to overhaul Whois and sent it to the ICANN board for the royal assent, alongside a warning that it may be a huge waste of money.
All seven members of the Contracted Parties House voted in favor of the plan, created by the so-called EPDP working group, which would create a centralized System for Standardized Access/Disclosure for Whois records.
In the Non-Contracted Parties House, only the two members of the Intellectual Property Constituency and the two members of the Business Constituency voted against the headline resolution, with the remaining nine voting in favor.
This was sufficient to count as a supermajority, which was the threshold required.
But the board will be receiving the SSAD recommendations alongside a request for a consultation on “whether a further cost-benefit analysis should be conducted”:
Noting some of the questions surrounding the financial sustainability of SSAD and some of the concerns expressed within the different minority statements, the GNSO Council requests a consultation with the ICANN Board as part of the delivery of the GNSO Council Recommendations Report to the ICANN Board to discuss these issues, including whether a further cost-benefit analysis should be conducted before the ICANN Board considers all SSAD-related recommendations for adoption.
The cost of SSAD is currently estimated by ICANN loosely at $9 million to build and $8.9 million a year to run. Under the approved recommendations, it would be paid for by accreditation fees paid by end-user data requestors.
And the benefits?
Well, to listen to the IPC, BC, governments and security experts — collectively the expected customers of SSAD — the system will be a bit rubbish and maybe not even worth using.
They complain that SSAD still leaves ultimate responsibility for deciding whether to grant access to Whois records to trained humans at individual registries and registrars. They’d prefer a centralized structure, with much more automation, more closely resembling the pre-GDPR universe.
Contracted parties counter that if GDPR is going to hold them legally responsible for disclosures, they can’t risk offloading decision-making to a third party.
But this could prove a deterrent to adoption, and if fewer companies want to use SSAD that could mean less revenue to fund it which in turn could lead to even higher prices or the need for subsidies out of ICANN’s budget.
The IPC called the recommendations “an outcome that will not meet the needs of, and therefore will not be used by, stakeholders”.
It’s a tricky balancing act for ICANN, and it could further extend the runway to implementation.
The most likely first chance the ICANN board will get to vote on the recommendations would be the AGM, October 22, but if the GNSO consultation concludes another cost/benefit analysis is due, that would likely push the vote out into 2021.
There’s the additional wrinkle that three of ICANN’s four advisory committees, including the governments, have expressed their displeasure with the EPDP outcome, which is likely to add complexity and delay to the roadmap.
And the GNSO’s work on Whois is not even over yet.
Also during today’s meeting, the Council started early talks on whether to reopen the EPDP to address the issues of data accuracy, whether registrars should be obliged to distinguish between legal and natural persons, and whether it’s feasible to have a uniform system of anonymized email addresses in Whois records.
Recent Comments