Author: Arnaud Wittersheim

Head of Operations Department Nameregistry - Compliance - Nameshield

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

Following on from Paris, which hosted the ICANN Contracted Parties Summit last May, the Rwandan capital has just hosted its first ICANN Summit devoted to Internet governance policy issues. Here’s a look back at what we learned from the event.

ICANN has found its new face

ICANN80 kicked off with the official appointment of Kurt Erik “Kurtis” Lindqvist as the future President and CEO of the organization. The 49-year-old Finn will officially succeed his predecessor Goran Marby, of Swedish origin, who resigned at the end of 2022. Sally Costerton’s interim appointment will therefore end on December 4, 2024, with Mr. Lindqvist officially taking office on December 5, 2024. Mr. Lindqvist has been CEO of the London Internet Exchange (LINX) since 2019. His appointment is the culmination of a long process that began with the creation of a search committee for a CEO. Initially, some 100 candidates representing over 20 countries in North and South America, Africa, Europe, Asia and Australasia were identified. After further evaluation, the list was whittled down to seven people (three women and four men) who were interviewed by the CEO’s selection committee. The selection process ended with the ICANN Board unanimously approving the choice of Mr. Lindqvist at a session held just before ICANN80. A first, the new CEO will be based in Geneva in Switzerland.

Spotlight on the Internet in Africa

You have to go back to June 2017 to find a city in sub-Saharan Africa hosting ICANN. Johannesburg, South Africa’s most populous city, hosted ICANN59. In June 2024, ICANN finally returned to Africa, with Rwanda as host country. A very good thing, given that Africa is still largely under-resourced when it comes to Internet access. The International Telecommunication Union estimated that by the end of 2021, 14.3% of African households had access to the Internet, compared with 57.4% worldwide. Fixed Internet connection is also more expensive than in other regions of the world in proportion to income. It represents 18.6% of gross national income (GNI) per capita, compared with a global average of 2.8%. The GAC, the body representing governments at ICANN, took advantage of the event in Kigali to organize a “High Level” governmental meeting. This brought together 50 countries with four sessions on the multi-stakeholder model, cooperation and governance, digital inclusion and support for connectivity. These issues are also at the heart of the United Nations’ Global Digital Compact, which calls for a more inclusive and equitable Internet. The African At-Large Regional Organization (AFRALO), one of the five At-Large regional organizations within ICANN (At-Large represents end-users), kicked off ICANN80 week with a round-table discussion on improving Internet infrastructure in Africa. For its part, ICANN Org recalled during the week’s Summit that in 2022 and 2023 two root servers have been made operational in Nairobi, Kenya and Cairo, Egypt. Most DNS root queries based on Africa therefore are now resolved in Africa. For example, the root server in Nairobi, Kenya, handles 40% of all DNS root requests for the continent. Prior to its installation, 35% to 40% of DNS query traffic traveled outside Africa for resolution. The two installations also increase the resilience of the global root server system for Internet users on the continent, and help to cope with the exponential increase in traffic expected on the continent over the next few years.

The promise of the next round of new generic extensions : an estimate of application fees finally made public

No fewer than eight sessions held on the first day of the summit addressed the future series of new generic extensions. ICANN Org pointed out that this program is designed to make the Internet more inclusive, relying in particular on the success of Internet extensions in users’ own languages – the so called internationalized extensions or IDNs. To date, there are 91 internationalized extensions among the 1172 generic extensions, a relatively low proportion. In country-code Top Level Domains (ccTLDs), the proportion of internationalized extensions is almost three times bigger, representing nearly 20% of the total. ICANN Org promotes this new series by pointing out the opportunity to create new generic extensions in native languages. For its part, the GAC is pushing for greater support for less-favored geographical areas. The intention is to make the new program more accessible to these areas with financial and operational support. ICANN Org has considered an amount of 2 million USD for this item, whereas the GAC estimates that the needs are more in the region of 10-16 million USD. The GAC has indicated that it hopes to be able to support at least 45 applications. 

These considerations obviously have to be set against the costs of a future application for a new gTLD project. On this much-anticipated point, ICANN Org has presented projections based on the number of applications received. While in 2012 there were 1,930 applications leading to some 1,240 delegated extensions, some of which have since been abandoned, we don’t know how successful the next round, which opens in April 2026, will be.

To recover its costs, ICANN Org estimates that the application fee should be 293,000 USD for 500 applications, 242,000 USD for 1,000 applications and 208,000 USD for 2,000 applications. In 2012, the application fee was 185,000 USD. It should also be noted that the median value of application fees submitted is around 259,000 USD.

A partial reimbursement of costs is considered if the costs retained prove to have been overestimated in view of a higher-than-estimated volume of applications. The question has been raised of how to reduce these fees, which means cutting budgets. ICANN Org has indicated that 13 million USD will be allocated to this program over 2025, for example, in staffing costs. As ICANN already has an operating budget that covers its payroll costs, question has been raised if these expenses are not covered twice (by the operational budget and the new gTLD program budget).

DNS abuse: first lessons from the contract amendments

ICANN80 was also an opportunity to take stock of the implementation of contractual amendments by registries and registrars to include remediation obligations for obvious DNS abuses such as phishing, malware or pharming practices. These measures came into force on April 5. ICANN’s Compliance Department reported that it had received 1,558 abuse-related complaints. 1,382 were invalid, either because they were not sufficiently substantiated or documented, or because they fell outside the organization’s scope of action. Some of them concerned ccTLDs (country code Top Level Domains) where ICANN has no jurisdiction. ICANN also reiterated that obvious abuses must first be reported to the registry operators and registrars who manage the concerned domain names.

ICANN80 remained above all a working summit with few announcements even if the new face of the organization was made official, information that nevertheless had been leaked a few days earlier. The appointment of « Kurtis » Lindqvist should not overshadow the fact that Sally Costerton has been acting as interim president of the organization for almost a year and a half now, and that during this time her determination has undoubtedly ensured that some topics move significantly forward, in particular the next series of new generic extensions which is now well underway. Work on implementing the policies and the future bidding applicant guide is progressing, and the bidding window envisaged for April – June 2026 now seems attainable. The range of application fees announced remains imprecise, ranging from 208,000 to 293,000 USD, depending on the volume of applications expected. While internationalized extensions were in the spotlight, it is above all geographical extensions and trademark extensions, the so called dot brands that are the most relevant. They will be an ally in the service of the security, performance and reputation of their owners. A genuine asset in an increasingly complex regulatory and legislative environment where cyber attacks are becoming increasingly sophisticated.  To make a success of your future extension project and benefit from optimized solutions for your online assets, the key is to be well accompanied.

Image source : ICANN‘s website

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit.

The last time Paris hosted ICANN was in 2008 for ICANN32. Sixteen years later, ICANN returns to the French capital for the Contracted Parties Summit. The latter is a special event in the organization’s agenda, as it is not a policy-oriented event like the three annual summits flanked by the edition number (Editor’s note: ICANN79, for example). Before the covid pandemic, ICANN met its stakeholders once a year at a dedicated event. These summits, highly focused on operational aspects, only resumed in 2022 and now only take place every two years.

Over the course of three days, the contracting parties – registry operators and registrars – have the opportunity, during working sessions, to communicate their needs to the organization by directly questioning the ICANN Board of Directors, and to exchange views on common issues. In particular, these meetings provide an opportunity to compare approaches to policy changes and contractual modifications to be implemented, while also taking into account changes in the regulatory and legislative framework. One of the three days was entirely devoted to workshops on the abuses to which the contracts of the contracting parties have evolved in 2024.

Although only 150 to 250 people in total took part in the event, with the public holiday no doubt having a negative impact on attendance, it has to be said that there was plenty to do on the subjects that directly impact the contracting parties.

As a consequence of the GDPR in force since 2018, a perennial policy, the Registration Data Policy has just been promulgated to replace the Temporary Specification. This must be implemented by August 2025. Stakeholders also had to implement two amendments to their contracts with ICANN. The first was a protocol transition from Whois to RDAP (Registration Data Access Protocol). The second concerns abuse, with new obligations that make contractors more accountable in the event of proven abuse. The summit provided an opportunity to hear initial feedback on this major issue, to which some service providers are more exposed than others. To this the legislative framework can be added, in particular the European NIS2 cyber security directive, which will also have a major impact on registries, DNS resolution service providers and registrars.  It will come into force in October of this year. The most advanced countries in terms of transposition into national law, notably Croatia and Belgium, have shown that they are fully in line with the initial text voted by the European Parliament at the end of 2022. And the next round of new generic extensions must be prepared for the next application window announced for April 2026.  

From now on, ICANN will be meeting the Internet community in Kigali, Rwanda, from June 10 to 13, to discuss developments in Internet naming policies. This will be ICANN80.

Image source : edmondlafoto via Pixabay

User trust at the heart of the latest CSA Summit in Cologne

From 22 to 24 April, Cologne hosted the Certified Senders Alliance Summit on the theme of “Trust fuels the future”. The event marked the 20th anniversary of the initiative.

Corporate communications have changed dramatically over the last 20 years with the rise of social networks. For example, Instagram now has more than 2 billion monthly users, YouTube more than 2.5 billion and Facebook more than 3 billion. These platforms were all launched between 2004 and 2010. While they have become an integral part of companies’ communications plans for addressing their users, the use of email is still very high, as there are still so many uses for email: sending email campaigns, newsletters, invoices or for example order confirmations. According to Statista, the overall volume of emails increased by 4.3% in 2023 compared with the previous year, with almost 347.3 billion emails sent worldwide every day. Another fact: on average, a person receives around 121 emails a day. These figures underline that email is not about to disappear.

Gartner nevertheless points out that concerns about email security are growing, with few companies escaping security incidents, with increasingly sophisticated phishing attacks using malicious links or attachments, for example, and data losses often linked to careless behaviour or human error. With this in mind, every year CSA brings together experts from the email ecosystem to discuss best practices and solutions for improving email quality and trust. The event is organised around a series of workshops, sessions, conferences and masterclasses.

Nameshield, which sponsored the event, pointed out that there can be no email security without secure domain names, which are critical business assets, and without a robust, high-performance DNS infrastructure. Email security therefore depends on the choice of your domain name provider and the cyber-security solutions it is able to offer its customers. These include the DMARC protocol, which protects users against fraudulent messages. Customised brand extensions also known as dot brands are another way of building brand confidence in the run-up to the next round of new generic extensions scheduled for April 2026.

Contact your Nameshield consultant for more information on all our solutions.

ICANN79: A summit that builds on decisions taken in 2023

ICANN79

After ICANN29 in 2007 and ICANN61 in 2018, Puerto Rico hosted its third Internet Governance Summit, ICANN79, at the beginning of March. Six days of meetings, exchanges and encounters in a studious atmosphere, with ongoing issues moving forward. The star topic: the next round of new generic extensions. Other major subjects, such as the NIS2 European cybersecurity directive and the appointment of a new President for the organisation, were discussed on the sidelines.

Three women at the centre of ICANN: Tripti Sinha on the left, Manal Ismail in the centre and Sally Costerton on the right

The next round of new generic extensions, a priority topic

On Saturday 2 March, the launch day of ICANN79, a session was held on the implementation of the recommendations from the Subpro policy development process (PDP), which aims to enable the launch of the next series of new generic Top level domains. This constituted an initial focus on this central issue, which is now bound to come to a conclusion as the next application window has been set for April 2026.

At this first session, attention was focused on the recommendations that the ICANN Board had not adopted as part of a resolution on the PDP passed in March 2023. At the previous summit (ICANN78), 14 recommendations remained outstanding, 6 were rejected. The body responsible for generic policies, the GNSO (Generic Naming Supporting Organization), which has got into the habit of creating small teams to work on blocking issues, has invited a small team to address these recommendations. At the same time, an implementation team is working on other recommendations approved by the ICANN Board and on the new version of the Applicant guide book. This central document for future applications is currently being written. Its finalised version should be available by the end of next year at the latest. At the end of ICANN79’s week of debates, it was clear that the work carried out during the many sessions on the next round had been fruitful. The Small Team found a compromise on the recommendations not approved by the ICANN Board and was even able to avoid a meeting scheduled in the summit agenda.

At least twelve ongoing topics

A GNSO session on Sunday provided an inventory of the policy development processes underway and those still being studied, such as the accuracy of registration data. The list includes at least twelve topics, some of which are blocked and where, due to the length of the process, the history is sometimes difficult to find for current GNSO members. This is the case for the protection of the names of inter- and non-inter-governmental organizations. Examples include the International Olympic Committee (IOC) and the Red Cross. In 2012, a PDP was launched to study the question of specific protection for the names of these bodies, bearing in mind that the contracts of the registry operators of the new generic extensions resulting from the 2012 round require them to be blocked from registration. At the beginning of 2019, the ICANN Board adopted the final recommendations of an extended PDP, which should enable them to be implemented. However, the body representing governments, the GAC, considered that not all the issues had been addressed, in particular that of specific protection for the acronyms of these organizations. This issue is still open today, and the recommendations have not yet been implemented.

Three women honoured at the Opening Ceremony

Monday marked the official launch of the summit, with the much-anticipated opening ceremony, which always takes place on a Monday morning. Tripti Sinha, Chair of the ICANN Board of Directors, recalled that the previous ICANN summit in San Juan took place “just after the devastating hurricane Maria”. She also referred to 2023, a year in which Sally Costerton took on the role of interim President of ICANN and in which ICANN celebrated its 25th anniversary in Hamburg. On the appointment of a new President for ICANN, participants were informed that the process is underway after listening to stakeholders in 2023. A group of candidates has emerged and will now lead to the selection of the future ICANN President and CEO. For her part, Sally Costerton repeatedly used the expression “superpower” to refer to ICANN’s mission to maintain a single global Internet. A difficult mission in a shifting geopolitical and technological context. But perhaps the most striking moment of the summit was the image of a third woman, Manal Ismail, who joined Tripti Sinha and Sally Costerton at the opening ceremony. Manal Ismail, who played an important role in the IANA transition and as chair of the GAC for more than five years, was honoured with the ICANN Community Excellence Award 2024.

Decisive milestones reached in 2023 which will materialize over the next three years

To the credit of ICANN’s current president, it must be said that many issues have moved forward under her leadership in 2023. If 2024 marks the entry into force of new obligations for registries and registrars on malicious uses, this is indeed the fruit of the work carried out last year. This central issue for Internet users had given rise to years of fruitless debates. The next round of new generic TLDs has made significant progress, with the adoption of recommendations and a roadmap towards a new application window now set for April 2026. We can add the Registration Data Policy, which will replace the Temporary Specification resulting from the GDPR (General Data Protection Regulation) by 2025. A related issue is the future Standardized System for Access to registration Data, which has entered an experimental phase in an attempt to reconcile protection with the need to respond to real needs for access to registration data. The inclusive Internet is entitled to a dedicated international day following the launch of the first UA Day (Universal Acceptance Day) in 2023. Finally, “ICANN grant”, a programme aimed at financially supporting projects to unify and make the Internet more inclusive, has also been launched. It is based on the substantial amounts raised by the 2012 auctions of new generic extensions. An envelope of USD 10 million will be allocated at the end of March.

We’re not winning on all fronts

While progress has been made on a number of fronts, there has been little progress on others. This is the case with a new holistic review of ICANN and the review of the organisation’s Accountability and Transparency. These reviews are necessary to bring about improvements in security and consumer choice, in the services associated with domain name registration databases, and in the security, stability and resilience of the DNS. This important subject is impacted by the many projects currently underway, and ICANN has also embarked on a continuous improvement project that could replace these processes.

As far as the European directive on NIS2 cybersecurity is concerned, the main point to note is that the contracting parties and the ICANN Board of Directors have emphasised that this legislation does not conflict with the ICANN policies in place. For the Board, which has indicated that it is working with the European Commission on this subject, there are, however, issues such as data accuracy that need to be considered.

While ICANN79 was not the subject of any noteworthy announcements, the main thing to remember is the studious atmosphere after a pivotal year in which many subjects passed decisive milestones towards their implementation. This is the case for the next series of new generic extensions, the previous one having been introduced twelve years ago. If a form of agility seems to have won over ICANN under the leadership of Sally Costerton and Tripti Sinha, this approach is also that of Nameshield, which adapts to your needs to provide you with tailor-made answers on the new TLD projects and many others.

Image source: ICANN‘s website

Artificial intelligence, NIS2 Directive, our society model: some of the topics debatted at Domain Pulse 2024

On 22 and 23 February, Domain Pulse was held in Vienna, Austria. This symposium brings together all the stakeholders in the domain name industry once a year around the registries of Austria (nic.at), Germany (DENIC eG) and Switzerland (SWITCH). The event was a resounding success, with a mix of conferences and networking opportunities.

Domain Pulse 2024
Neil Harbisson, the “cyborg artist” as he describes himself attracted a great deal of attention

For those who thought that cyborgs – human beings who have been grafted with mechanical or electronic parts – only existed in science-fiction literature or cinema, such as Fritz Lang’s masterpiece ‘Metropolis’, released almost 100 years ago, Domain Pulse 2024 was a wake-up call. The event’s star guest, Neil Harbisson, a self-styled cyborg artist, caused quite a stir at the opening of the event. The British artist was the first human to have an antenna implanted in his skull, back in 2004. This additional “organ” enables him to perceive colour frequencies differently. With the help of a software layer, he can even translate these perceptions into sound. He likes to explain that he can “eat songs” by transforming the perception of a dish into sounds, or “make sound portraits” of people. He shared that “King Charles III was able to listen to his sound portrait”. He also explained that for him, skin colours are simply variations on the colour orange. Another facet of his transformation is the “obstacle course” he went through to obtain the possibility of renewing his passport. Grafting technological tools raises ethical issues and is not normally allowed on passports. In the end, however, he obtained the right to have a passport with his antenna on his photo. To hear him tell it, augmented reality is already a thing of the past, since we are now talking about revealed reality.

He did not, however, overlook the fact that, like all technologies, these have their share of promises and dangers. In the case of the former, more impactful uses are possible, such as the fact that such “organs” could one day enable humans to “see at night”, thus saving energy, or to “regulate their body temperature instead of air-conditioning”. On the downside, there are risks of infection or clinical rejection, tools that are still dependent on conventional energy sources, problems of acceptability to society and, of course, the risk that these tools will be hacked, with impacts that are difficult to identify and assess.

The NIS2 directive also featured prominently in the discussions at Domain Pulse. This cybersecurity legislation must be transposed into the national laws of the Member States of the European Union by 17 October 2024 at the latest. At Domain Pulse, DNS service providers were warned that they will have to upgrade their cyber capabilities, risk management and reporting capacities, as well as cooperation and information exchange – the three pillars of the directive. On Article 28 of the text, which specifically targets domain name registration databases, a panel of specialists questioned the consistency of the approach: “The European Commission is going back on the accuracy of registration data and legitimate interests. This cyber approach runs counter to the need to publish less data”, said Thomas Rickert.

Other notable presentations included a reflection on our model of society around the question “Is the future in the virtual communities that will replace states? A projection by the Einstein Center allowed us to project ourselves into such a model.

The second day of the event focused on Artificial Intelligence. Implemented in a wide range of fields, AI has already shown that it is capable of surpassing human capacities. Its ability to adapt was also discussed, using the example of captcha input. Captcha are tests based on human image or sound analysis capabilities that differentiate automated requests from human requests. ChatGPT did not manage to enter a captcha, but went to a website where it is possible to request human assistance for specific needs. In the help forum, the support team asked ChatGPT if it was a robot. As a human would probably have done to achieve the desired end, ChatGPT lied and replied that it was not a robot. As if to echo the technological bodies mentioned the day before, AI offers interesting prospects for making faster progress in sectors such as research, for example. But the other side of the coin is that AI can be used for malicious purposes. Just as there is the Dark Web, there is also Dark AI. AI is capable of creating phishing emails and scams (internet fraud). It will become increasingly difficult to tell the difference between what is real and what is fake, for example with deepfakes (editor’s note: multimedia synthesis techniques based on AI that can generate fake audio or video sequences).

Another challenge and issue of the moment is the war on Europe’s doorstep. The Ukrainian conflict was discussed in the form of feedback from the Ukrainian registry operator in the context of the war and the lessons learned from an operational point of view. These included the preferred use of hosting companies offering a resilient infrastructure and “SMEs which are more responsive than large structures”, “choosing the right people to work with” and the fact that in a crisis situation “people are more reliable than machines”.

Domain Pulse 2024 skilfully reconciled issues specific to the domain name industry, such as cybersecurity and the regulatory aspect of the NIS2 directive, as well as technological issues. Feedback from the Ukrainian registry echoed Nameshield’s values and customer approach and solutions. This Domain Pulse also provided an opportunity for participants to reflect on the model of society we want for ourselves and our children, as humanity seems to be at a turning point in this area.

.FR extension is no exception to the trend towards concentration in the domain name sector

Afnic Registrar Day

On 23 January, Afnic the French domain name registry held its Registrar Day, an event aimed primarily at the registrars. Like every year, it was an opportunity to look back over the past year and look ahead to the current one.

The figures drawn up by Afnic for 2023 show an excellent dynamic. Indeed, the .FR extension has passed the 4.1 million domain names, ranking 7th among country-code Top level domains globally and still 3rd among the 27 Top level domains of the European Union. With a renewal rate of over 83% in 2023 and a 6.4% increase in new domains, the .FR domain has flattering figures for 2023.

Afnic has also drawn up an overview of its registrars. Above all, it shows increased concentration, which can also be seen in other Internet extensions and, more generally, in the domain names industry as a whole. Two figures to illustrate this: the number of accredited registrars has fallen by 40% in 10 years, and 38% of accredited registrars now account for 99.5% of the domain names managed by the French Registry.

For 2024, Afnic wants to continue to strengthen the visibility and awareness of the French Top level domain .FR. This will of course involve digital communication and in traditional media. But it also involves enhancing the accuracy and reliability of contact data associated with domain names and stepping up the fight against malicious uses with measures involving registrars. The aim of these two initiatives is to improve the reputation of, and confidence in the .FR domains, and also to honour commitments made to the French State, its mandator.

The European NIS2 directive on cybersecurity, due to come into force in October 2024, is never far away either. Indeed the directive explicitly targets the activities of the DNS and domain name stakeholders. Let’s hope that the increase in the price of the .FR domain names on 1 March does not dampen this positive momentum.

Image source: Afnic website

ICANN78: Ahoy, the ICANN boat sails for 25 years

From 21 to 26 October, Hamburg in Germany, hosted the 78th ICANN Summit, the Internet’s regulatory body. Hamburg, the connected city par excellence and Germany’s leading intelligent city, succeeds Berlin as the second German city to host such a summit. Berlin hosted ICANN2 in 1999. This 78th edition brought together more than 1,600 participants from 175 countries and territories. It also marked the 25th anniversary of ICANN and the 20th anniversary of the Generic Names Supporting Organization (GNSO), the body responsible for policies applying to domain names in generic extensions.

De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023
De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023

ICANN faces new challenges

“On 30 September 1998, ICANN was incorporated as a private, not-for-profit organisation in the State of California”. With these words, Tripti Sinha, the Chair of ICANN’s Board of Directors, began a dense speech at the Welcome ceremony of ICANN78. She reminded us that most of today’s Internet tools, including smartphones, have been developed and launched during this period, and that while “25 years is not much”, “the world has changed remarkably” in the meantime. Today, it is the context of wars and technological transformations, in particular “artificial intelligence and quantum technology”, that constitute major challenges for the multiparty model. To these can be added alternatives to domain names that use the DNS, such as blockchain domains, which are outside the scope of ICANN. These were highlighted at ICANN78. Their protagonists like to call them “domain names”, while others would like to differentiate them by talking about “wallet domains”. ICANN’s interim President, Sally Costerton, made a point of emphasising the word “trust” in her introductory speech. “Trust is a fragile thing” she said, “difficult to build and easy to lose”.

On the subject of trust, Sally Costerton pointed out during the ICANN Board’s question and answer session that significant progress has been made on a number of important issues since her appointment in December 2022. In March of this year, for example, the first international Universal Acceptance Day was held, or how to make the Internet more inclusive and thus closer to the way its users use it. At the ICANN76 summit, also in March, the next series of new generic extensions was confirmed. More recently, the Registration Data Request Service (RDRS), a prototype of the future System for Standardized Access to Domain name registration data (SSAD) for legitimate requests, was launched. And the year 2023 will have seen a concrete proposal to strengthen the means of combating abuse of the DNS after years of fruitless exchanges. A proposal to revise the contracts of registry operators and registrars is currently being put to a vote by the parties concerned, with adoption expected between December 2023 and January 2024.

Registration Data Policy: Let it go let it go

The fact that ICANN represents numerous sensibilities whose interests are often divergent, but also that it operates with consensus as its totem, partly explains why the finish line is often far removed in time from the starting line. The Registration Data consensus Policy has not escaped this reality. This policy is intended to replace a Temporary Specification implemented as a matter of urgency on 17 May 2018, eight days before the General Data Protection Regulation (GDPR) came into force thus to integrate the GDPR requirements into the DNS ecosystem. The Registration Data Consensus Policy is the culmination of phase 1 of a Policy Development Process (PDP) initiated on this occasion. While a final report with a view to its implementation was issued at the beginning of this year, it was ICANN78 that enabled the implementation review team work to be concluded. The blocking point on the wording relating to the deadlines granted to operators to deal with urgent requests for access to registration data in the event of law enforcement, could be removed. The policy, which now has a permanent framework, will now be implemented by the parties concerned, registry operators and registrars.

The next round of new generic extensions

The next round of new generic extensions remained another major topic of this edition. While ICANN is now putting forward the date of April 2026 for the next application window (editor’s note: the previous window took place between January and April 2012), ICANN78 highlighted the progress made in implementing the recommendations arising from the Policy Development Process known as “PDP Subpro” (editor’s note: Subsequent Procedures). Earlier in March, some thirty recommendations had not been adopted by the ICANN Board and had been referred to the GNSO for clarification. Thanks to the work of a Small team, 12 additional recommendations have just been adopted by the ICANN Board, bringing the total number of adopted recommendations to 104. 13 remain in the balance and 7 have been rejected. For the latter, we will now have to assess their impact and consider remedies. The implementation team can therefore make progress on just over 80% of the recommendations arising from the Subpro PDP. The revised guide for future applicants is progressing in line with initial forecasts with at least 18 months to go.

The issue of closed generic extensions and diacritical letters

Considered but not proposed due to a lack of consensus in 2012, then discussed for five years, the topic of closed generic extensions was relaunched in 2022 with a view to a new series of generic extensions. In practice, they would allow organisations under certain conditions to use a generic term (editor’s note: for example .CHARITY) with the same rights as a brand extension. Access to the extension to create new domain names would therefore be very restricted. A year ago, a discussion group comprising the Governmental Advisory Committee (GAC), which represents governments, the At-Large Advisory Committee (ALAC), which represents end-users, and the GNSO was set up to try to address this issue. Last July, they proposed a framework detailing the many aspects to be considered to introduce this new type of extensions. However, at the end of their work, each body sent a separate letter to the ICANN Board of Directors, proof that their positions remained far apart. Barring any surprises, there should therefore be no closed generic extensions in the next round.

Québec, whose .QUEBEC was integrated into the DNS root in April 2014, has also invited itself into the discussions concerning the next series of new generic extensions. In 2012, Québec announced its wish to obtain .QUEBEC as well as .QUÉBEC. Although in the end they only applied for the non-accented version, they had hoped to be able to use .QUÉBEC as well. They were not granted this right because of a risk of similarity. ICANN78 highlighted the fact that perceptions remain different depending on whether or not .QUÉBEC is a variant of .QUEBEC. The pronunciation for French speakers is the same, but the presence of a diacritical letter (editor’s note: letters to which signs such as the acute accent, the grave accent, the circumflex accent, the umlaut are added) makes encoding in ASCII characters different and technically feasible. While their request has little chance of success, it has also served to focus attention on important issues for registry operators, where the answers provided are often ill-suited to their needs.

ICANN78 was ICANN’s last annual summit. All eyes now turn to 2024. A new year is approaching, which may or may not see the conclusion of contractual amendments to registry and registrar contracts, with specific obligations to remedy malicious use, the continuation of implementation work on the next series of generic extensions, the likely launch of an ICANN holistic review or even the prospect of the scheduled Sunset of the Whois protocol in early 2025.

For Europeans and companies operating on European territory, it is the NIS2 directive that will crystallise all attention, as it must be transposed into the national laws of the Member States by October 2024. On this subject, ICANN representatives indicated at the traditional closing Public Forum that the policies for generic extensions are not “in contradiction with the NIS2 directive and that the parties concerned have the latitude to implement measures to comply”. The European Top Level Domain Information Sharing and Analysis Center (European TLD ISAC) is to be commended on this point, as it will be a useful relay in implementing the NIS2 Directive in the domain name industry.

Nameshield, an independent European company that has been ISO 27001 certified since 2017, will comply with the directive and will be keen to help its customers to comply. Nameshield also has the expertise to manage your projects for new generic extensions.

Finally, in terms of leadership, the GNSO, the body responsible for generic extensions, now has a new Council team appointed at ICANN78, while ICANN Org will be appointing a new president in 2024. See you next year.

Image source : ICANN‘s website

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

In 2018, ICANN, which is in charge of allocating domain names and IP addresses, confirmed DENIC eG as the data escrow agent for registrars on behalf of the ICANN organization, alongside provider Iron Mountain, which has since been taken over by NCC Group. Five years later, on July 17, following a new call for tenders, ICANN has confirmed DENIC Services as its sole accredited escrow agent for the next five years. A fine recognition for this European player and subsidiary of DENIC eG, which notably manages .DE, Germany’s geographical extension with over 17 million domain names.

Stefan Pattberg, Director of DENIC Services, took the opportunity to answer our questions.

Could you please remind us what the role of a data escrow agent is?

It is important for the stability of the global Internet that domain names are not only being granted but accessible all the time, independently from the financial, operational, or legal status of the managing registrars or registries at a certain time. Obviously, the registration data is an important asset for a registrar or a registry, often the most important one, because it represents the relationship to the customer and is the source of income for the service providers. But it is not only of economic importance. There are also additional policy requirements and even legal regulation like GDPR to consider when handling such data.

The role of the Data Escrow Agent is to ensure that the registration data that is belonging to a domain is always safe and available, even in case that a registrar or a registry in charge of managing a domain are failing. In such a case the mission of the Data Escrow Agent is to release the registration data to another service provider taking on board the role of the previous failed party. That is a very important security feature for domain holders, making sure that their domain will always be available, and the ownership is always certain. If there is no need to release such a deposit, it is the duty of the Escrow Agent to safeguard the registration data according to all relevant policies and regulation in a manner, that there is no risk for the depositor that the data could be lost to a competitor or anybody else not being authorized to access it. Registries and Registrars using Data Escrow are delivering the registration data, daily or weekly, as so-called deposits to the Escrow Agent. A deposit is a composition of all relevant registration data in a special form, highly encrypted and even electronically signed by the sender. The agent validates the deposit. That means the agent checks whether the received deposit is from the right sender, is intact in its full integrity and that the data format is compliant to the international standards. The result of the validation is then being reported to all parties involved, the depositors and the beneficiaries. That creates transparency and transparency creates trust.

In what way is the designation of DENIC Services as the sole ICANN-accredited escrow agent significant from the point of view of data protection and security?

When ICANN started the Data Escrow program well back in 2007, there was only one Data Escrow Agent that has been chosen as Designated Escrow Agent for registrars. Designated Escrow Agent means that ICANN has selected this agent in a very ambitious process, checking the technical, financial, and operational capacities of such an agent, and that ICANN is paying this agent for the service being delivered to the registrars. So, if a registrar is working with a Designated Escrow Agent there should be high certainty about the stability and the quality of the service which is free of charge for the registrar. If the registrar wants to deposit with a non-designated data escrow agent, fees must be paid and the registrar needs to do all the checks, that ICANN is performing during the selection process, on its own.

The sole Data Escrow Agent in 2007 was an US-American company, following the US law and regulation. ICANN saw the upcoming need in 2017 to offer a solution being GDPR compliant. GDPR increased the level of data privacy in advantage of domain holders but raised questions about locations of data storage, transfer of deposits in and out of the European Union etc. After a Request for Proposal process in early 2018 , ICANN decided to nominate a second Designated Escrow Agent which was DENIC. To get the best focus on the service quality for customers, DENIC created DENIC Services as the new service provider for Data Escrow and Anycast DNS services to the Domain Name Industry. That was only five years ago.

As a German company and GDPR on the horizon, we have decided to build the new Data Escrow application with privacy-by-design. The two data centers that we are using for a GDPR-compliant 365 days, 24 by 7 service are within the European Union, one in Frankfurt and the second one in Amsterdam. Since the beginning of DENIC Services it was important, that we proof trustworthiness to our customers, especially in IT security, business continuity and data privacy. We are certified according to ISO27001 and ISO22301. The data centers are operated by DENIC which is having a famous track record in running critical infrastructure without downtime and in a safe and secure manner for more than 25 years. So, I think that using DENIC Services as the sole ICANN-accredited escrow agent takes a lot of worries away from registrars. They can focus on their core business, and we promise that “WE PROTECT YOUR BUSINESS.”

In March this year, ICANN started a new selection process for one or more global Designated Data Escrow Agents. We understood this as a challenge to show that we are not only the best option for those registrars and registries being under the GDPR regime, but even for others that must respect other legislation and data privacy regulation. Hence, we have built a second Data Escrow infrastructure in North Virginia in the USA. That means, registrars and registries have the choice now, where their deposits should be stored. Both infrastructures deliver the same kind of security and safety and run accordingly to the same service level agreements provided by ICANN.

The top reputation that we have in the market today, our track record of annual innovations, and the aspect of being able to give registrars the choice for the location of storage seem to be compelling to ICANN and now we are the Sole Designated Escrow Agent for all ICANN accredited registrars around the globe.

How did you feel about this designation?

We are very proud to be selected for this role which is of high importance for the stability of the global Internet. We see this designation as an appreciation for our hard work over the past five years. We did not only rethink Data Escrow from scratch, but we have also delivered new innovations all the time. We wanted to be the market leader in technology, service quality and customer satisfaction since day one, and we have achieved it. But we also accept this challenge with a certain humility. We know how big the task is and that despite all the preparation, we will experience things that are unplanned and unforeseen. But I’m sure that we have the right attitude, motivation, the necessary expertise and also the joy of serving our customers in our team to cope with it.

Do you think it will help to consolidate the multi-stakeholder model that was initiated by ICANN with the IANA transition completed in 2016?

That is one of the challenges for us. We must proof within the next five years that having one sole Designated Escrow instead of two, ends up with a better service and better results for the community. Having a working multi-stakeholder model in place, which is accepted by almost all parties involved, is a value per se in our today’s world. Is there room for improvement? For sure. We have many ideas how to improve the Data Escrow process and how to get more value out of it. But most of the times, we withdraw new ideas because it seems to be too complicated to come to a conclusion in a timely manner. With all the advantages in having a multi-stakeholder model in place, time is always an issue. If you look at the discussion and the planning around gTLD 2.0, I have the feeling since my beginning, that it is always happening in two years from now, but we are never coming closer to it. Having only one Designated Escrow Agent being in direct communication with all accredited registrars should help us, to re-gain some of the speed that we may have lost.

What are the next steps envisaged by DENIC Services to organise the transition to this new responsibility?

We are planning a transition period of around 12 months which is managed and monitored closely by ICANN. More than 2,500 registrars will join us in that period. This will multiply the number of our customers and the number of domains being escrowed with us. The good news is that we are well prepared for this. As soon as a customer has passed the data escrow change process with ICANN, we send out credentials to the customer for our Data Escrow Control Center. This portal not only delivers all kind of information about the daily business with 365 days, 24 by 7 approach, it offers a new on-boarding feature that puts the registrar in control of the on-boarding and offers a semi-automated process up to the successful delivery of the first deposit to us. For registrar groups or families, we offer a special server-to-server communication via Restful API, so that the technical service provider is controlling the whole on-boarding process in a fully automated manner. These two innovations only have reduced the time needed for on-boarding from weeks to days by purposefully reducing the number of potential error sources.

Registrars that are looking for more information about our service can visit the website welcome-rde.denic-services.de. This website provides answers to the frequently asked questions, offers a lot of information to download and invites to register for the webinars that we are offering for on-boarding.

And not to forget, during all the selection process, ICANN was very much valuing the service quality and was insisting in the expectation to get the same kind of service level for all new registrars that the existing customers are appreciating. We have therefore agreed to double our Data Escrow customer service team which is a huge invest in addition to all the IT development that we have made before. Hence, from October onwards, we will have one customer service teams for all registrars already on-boarded and a second team trained and focused on on-boarding of registrars joining us.

Interview conducted by Nameshield on 18-07-2023.

Image source : Bruno via Pixabay

ICANN77: Concrete progress and the search for a future leader

ICANN77: Concrete progress and the search for a future leader

Last month, the 77th Summit of ICANN, the Internet’s regulatory body, was held in Washington DC. This second summit of 2023 was once again rich in meetings and exchanges, with 90 sessions held over four days.

Here is a look back at the highlights of this event.

Successful outcomes

While ICANN summits have often left a mixed impression due to the multitude of subjects debated and processes made more cumbersome by the consensual approach sought by the organisation, we can welcome the fact that ICANN77 was marked by the successful conclusion of several of them, starting with the Registration Data Consensus Policy.

In May 2018 ICANN hastily applied a Temporary Specification to all stakeholders with a package of measures directly linked to the GDPR that the European Union had just applied. These measures included the masking of personal data in generic domain name registration databases. This set of obligations was intended to be renewable for one year and was to be replaced by a permanent framework. The body responsible for generic name policies, the GNSO, therefore quickly convened a process for developing new policies, a PDP, which was divided into several workstreams. Phase 1 of the PDP concerned the long-term binding framework they were looking for. The result was the Registration Data Consensus Policy, which has now been finalised. This work has been extended because the subject of personal data on domain names overlaps with many other texts (21 policies in all) which have also been revised. While stakeholders will have at least 18 months to apply the new policy, aspects relating to the collection, processing and storage of personal data linked to domain names will be altered.

Phase 2 involves the creation of a standardised system for accessing hidden personal data on domain name contacts for legitimate purposes, such as investigations into cybercrime. This resulted in the creation of a prototype that will be deployed this Fall. Over the next two years, this prototype should enable the organisation to validate whether or not it should develop a permanent global tool. It is therefore a reasonable step, because it is prudent. It would have been risky to develop a particularly expensive global system whose use was uncertain. But this issue is also directly linked to the accuracy of the data. What is the point of requesting access to masked contact data if it is unreliable?

On this subject, ICANN has launched a project in 2021 on the accuracy of registration data. But ICANN came up against the fact that in order to assess the accuracy of the data, it needed a legal basis for accessing the data. This forced the body to put this project on hold last year, when negotiations began to create a Data Protection Agreement between ICANN and the stakeholders.

Two contractual amendments in 2023

On the contractual side, it should be noted that the contracts linking ICANN with the registry operators on the one hand and the registrars on the other are in the process – and this is unprecedented – of being amended twice in the same year. The first revision will come into force next month to organise the transition between the Whois protocol and the RDAP protocol. The second revision, which is about to be put to the stakeholders for a vote, aims to step up the fight against DNS abuse. As far as DNS abuse is concerned, it should be remembered that this subject has long been a staple of ICANN summits, in the sense that it has been debated for several years without ever coming to a conclusion due to a lack of consensus. The need to step up action against these attacks has therefore never been so close to being written into the contracts.

ICANN is looking for its future leader

In another unprecedented development, on 21 December last year, ICANN announced the resignation of Goran Marby, its President. Sally Costerton took on the responsibility and was rapidly appointed Interim President of the organisation. This experienced leader, who already has around ten years’ experience in the organisation, was logically closely watched at ICANN76, but was also well received by the community. She took ownership of the issues very quickly and was very proactive in pushing them forward. ICANN77 was an opportunity to propose a session called CEO Search Committee. The profile of the future president was drawn up, along with his or her eight responsibilities: management of the IANA function, development of new DNS system policies, the program for new generic extensions, strategic management, management of the governance body, commitment and exchanges within the community, management of responsibility and, of course, the role of representative of the body. The perspective given for the appointment of this future face of ICANN is the second quarter of 2024.

The next round of new generic extensions at the centre of attention

As is often the case at ICANN summits, the subject of the next round of new generic TLDs was on the menu for most of the discussions. The fact that the previous application window dates back to the beginning of 2012 is obviously no coincidence. At her first summit as President of ICANN, Sally Costerton made good progress on this issue, with ICANN76 concluding with the ICANN Board adopting 98 of the 136 recommendations arising from the process of developing new policies for the next round. 38 recommendations remain to be clarified, and this work is currently underway, with completion scheduled for the second half of this year.

At the same time, implementation of the other recommendations and revision of the Applicant Guide Book have begun. However, two other subjects complete the picture: the possibility of creating closed generic TLDs, a sort of model similar to brand TLDs but which would be made possible on generic terms, and the revision of policies for internationalised TLDs and domain names, i.e. in native languages. The first subject should soon be put into orbit via a process of development of new policies planned over nearly two years. As for the second, its policy development process could last until November 2025. The organisation’s intention is to bring these two issues to a successful conclusion before the next round.

At the time of the 2012 round of new generic extensions, internationalised extensions and domain names were already being strongly promoted as a vector for the success of this innovative process. However, this was without taking into account universal acceptance, which was still in its infancy and which has fortunately made considerable progress since then. The RDAP protocol for registration data was also already considered as an alternative to Whois to be implemented with the new generic TLD program. However, RDAP is only set to replace Whois after a transition period of 18 months. As for closed generic extensions, they were also considered in 2012 but abandoned due to a lack of consensus. They could finally see the light of day under terms to be defined during the next round. As for abuse of the DNS, another subject that has been debated for years, it is also on the point of leading to additional obligations that will affect registries and registrars alike.

If Nameshield is already offering you solutions to help you deal with infringements of your online assets and your gTLD projects, it should be noted that the obligations incumbent on companies that manage domain names are constantly increasing, but also that with ICANN the issues are almost always resolved in the end.

See you in Hamburg in October for ICANN78.

Image source : ICANN’s website

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Candidate in March 2020 and then in March 2021, the city of Cancun finally had to wait until March 2023 and the end of the COVID pandemic to see a new edition of an ICANN summit in person. 2023, a very important year for the organisation. It will indeed celebrate its 25 years of existence while it is going through a risky period with an interim presidency after the resignation of its former President on 22 December 2022.

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Two women at the head of ICANN

Sally Costerton from the UK, who has been Vice President of Global Stakeholder Engagement (GSE) in charge of stakeholder engagement and awareness of ICANN and its mission worldwide since 2012, has been appointed interim Chief Executive Officer of ICANN following the departure of Goran Marby at the end of 2022. She is supported by Tripti Sinha who serves as ICANN’s Board Chair. Tripti is also Associate Vice President and Chief Technology Officer at the University of Maryland, in the Information Technology Division. This is the first time ICANN has had two women leaders. However, the situation echoes the creation of ICANN. As it was recalled at the opening ceremony, in 1998, when the US government gave ICANN the task of managing the DNS addressing system, a woman also held the position of Chair of the Board. This was Esther Dyson.

While leadership interims are rare at ICANN, this situation led to the organisation of a special session called “The Future of ICANN and the Next President and CEO”. A session where participants would have expected to interact with the new Board. This was not the case, as this session was like a kind of open mic without a direct interlocutor to express expectations towards the new Management of the organisation.

An interim presidency for a governance organisation also means a risky period, especially as there is no shortage of issues to address and the geopolitical context is tending towards increased fragmentation. However, although we do not know how long the interim presidency will last, Sally Costerton quickly made her mark at the start of the summit, when she declared, among other things, “I do not know everything, but I can rely on experts“. These words were reassuring and showed a pragmatic approach.

Transparency tested by experience

ICANN is a well-established organisation, as it has been holding summits for 25 years. The trend in recent years has been for the Supporting Organisations (SOs) and Advisory Committees (ACs) that make up the organisation to move towards greater transparency by opening up almost all their sessions to the participants. The most significant transformation has been in the GAC, the body representing governments, whose sessions were closed for many years before being fully open to all participants. This is an opportunity to salute the work of Manal Ismail, who after nearly six years at the head of the GAC is leaving her place to the Paraguayan Nicolas Caballero. A global tendency, therefore, of a nature to generate confidence, a key value to respond to the more and more numerous detractors of the ICANN governance mode.

But this tendency was reversed during this summit because many sessions were closed, “Closed sessions” to which even some affiliated participants could not have access neither in face-to-face nor in remote. Some of the participants were very upset and did not fail to point this out during the traditional Public Forum which usually closes the week of meetings.

Progress at a forced march?

The consensual approach, typical of ICANN, is both a strength for federating players around new obligations that are adopted, but also a weakness because it considerably slows down the progress of important work.

A striking example is the DNS abuse. Malicious use is indeed a real problem given the damage suffered by the affected Internet users. The GAC did not fail to recall this once again during a session where external experts were invited, such as a representative of the Federal Bureau of Investigation, the FBI. The latter indicated that in the United States, in 2022, more than 800,000 domain names were the subject of complaints causing losses of more than 10 billion US dollars. While the topic of DNS abuse has been a recurring theme at every ICANN summit over the years, it is clear that the consensus has shown its limits. Stakeholders in the GNSO, the generic name policy body, have never been able to agree on a way forward, whether it be a Policy Development Process or contract negotiations to revise stakeholder contracts with ICANN. After recent consultations with stakeholders, the GNSO finally decided on the second option, and the least we can say is that at ICANN76, the will was to reach a result quickly. An amendment to the registry and registrar contracts is being drafted and is expected to be presented in June and voted on by the parties concerned in October.  

The GNSO intends to build on the momentum of another contract amendment being voted on by stakeholders: an “RDAP” amendment. RDAP is an alternative protocol to Whois that provides access to domain names registration data. The outcome of the votes and thus the adoption of these contract revisions remained uncertain at the end of the ICANN summit as different thresholds of participation and favourable votes must be reached.

Partial adoption of recommendations for future rounds of new gTLDs

Another issue that some would like to see move forward more quickly is that of future rounds of new generic extensions. Indeed, the last window for applications for generic extensions dates back to January 2012. Since then, a policy development process has been conducted since 2015 to define a set of recommendations for the holding of new application windows. The Final report of this process was submitted to the ICANN Board in February 2021. In the autumn of 2021, ICANN surprised the community by announcing a scoping phase, an ODP (Operational Design Phase), which ultimately lasted until the beginning of this year. The board had not yet decided on the Final report of recommendations, a prerequisite to be able to start the implementation work of the recommendations. So the new interim president of ICANN was also very much expected on this subject.

And she quickly warned that the time was also for action on this subject: “You will see that things will be clarified” (editor’s note: on the next series of generic extensions), she declared during a session during the week. At the end of the week, at a Board meeting, 98 recommendations from the policy development process were adopted, with a further 38 put on hold as requiring further information. An implementation plan is also expected with a deadline set to 1st of August with a focus on internationalized domain names and extensions that ICANN organisation wants to focus on in future rounds and the need to clarify whether closed generic extensions will be offered.

Comments from NAMESHIELD

We can regret a return to a certain opacity in the decision making during ICANN76 where no less than 25 closed sessions were held. Nevertheless, this is perhaps where the progress made on subjects that were not progressing well came from, such as DNS abuse, a very important subject for NAMESHIELD, which offers several solutions to defend your online assets, and the holding of a forthcoming series of new generic extensions, where NAMESHIELD experts can also accompany you.

The other question was how the new interim ICANN President Sally Costerton, would handle her new role in a risky period for ICANN whose model is also increasingly challenged by States, international organisations and even technological alternatives. On this point, the new president appeared to be proactive, joining words to deeds, as on the subject of further series of new generic extensions. Sally Costerton seems to have already started to trace her way towards a full term CEO role for the organisation.

Image source : ICANN’s website