Author: Arnaud Wittersheim

Head of Operations Department Nameregistry - Compliance - Nameshield

ICANN77: Concrete progress and the search for a future leader

ICANN77: Concrete progress and the search for a future leader

Last month, the 77th Summit of ICANN, the Internet’s regulatory body, was held in Washington DC. This second summit of 2023 was once again rich in meetings and exchanges, with 90 sessions held over four days.

Here is a look back at the highlights of this event.

Successful outcomes

While ICANN summits have often left a mixed impression due to the multitude of subjects debated and processes made more cumbersome by the consensual approach sought by the organisation, we can welcome the fact that ICANN77 was marked by the successful conclusion of several of them, starting with the Registration Data Consensus Policy.

In May 2018 ICANN hastily applied a Temporary Specification to all stakeholders with a package of measures directly linked to the GDPR that the European Union had just applied. These measures included the masking of personal data in generic domain name registration databases. This set of obligations was intended to be renewable for one year and was to be replaced by a permanent framework. The body responsible for generic name policies, the GNSO, therefore quickly convened a process for developing new policies, a PDP, which was divided into several workstreams. Phase 1 of the PDP concerned the long-term binding framework they were looking for. The result was the Registration Data Consensus Policy, which has now been finalised. This work has been extended because the subject of personal data on domain names overlaps with many other texts (21 policies in all) which have also been revised. While stakeholders will have at least 18 months to apply the new policy, aspects relating to the collection, processing and storage of personal data linked to domain names will be altered.

Phase 2 involves the creation of a standardised system for accessing hidden personal data on domain name contacts for legitimate purposes, such as investigations into cybercrime. This resulted in the creation of a prototype that will be deployed this Fall. Over the next two years, this prototype should enable the organisation to validate whether or not it should develop a permanent global tool. It is therefore a reasonable step, because it is prudent. It would have been risky to develop a particularly expensive global system whose use was uncertain. But this issue is also directly linked to the accuracy of the data. What is the point of requesting access to masked contact data if it is unreliable?

On this subject, ICANN has launched a project in 2021 on the accuracy of registration data. But ICANN came up against the fact that in order to assess the accuracy of the data, it needed a legal basis for accessing the data. This forced the body to put this project on hold last year, when negotiations began to create a Data Protection Agreement between ICANN and the stakeholders.

Two contractual amendments in 2023

On the contractual side, it should be noted that the contracts linking ICANN with the registry operators on the one hand and the registrars on the other are in the process – and this is unprecedented – of being amended twice in the same year. The first revision will come into force next month to organise the transition between the Whois protocol and the RDAP protocol. The second revision, which is about to be put to the stakeholders for a vote, aims to step up the fight against DNS abuse. As far as DNS abuse is concerned, it should be remembered that this subject has long been a staple of ICANN summits, in the sense that it has been debated for several years without ever coming to a conclusion due to a lack of consensus. The need to step up action against these attacks has therefore never been so close to being written into the contracts.

ICANN is looking for its future leader

In another unprecedented development, on 21 December last year, ICANN announced the resignation of Goran Marby, its President. Sally Costerton took on the responsibility and was rapidly appointed Interim President of the organisation. This experienced leader, who already has around ten years’ experience in the organisation, was logically closely watched at ICANN76, but was also well received by the community. She took ownership of the issues very quickly and was very proactive in pushing them forward. ICANN77 was an opportunity to propose a session called CEO Search Committee. The profile of the future president was drawn up, along with his or her eight responsibilities: management of the IANA function, development of new DNS system policies, the program for new generic extensions, strategic management, management of the governance body, commitment and exchanges within the community, management of responsibility and, of course, the role of representative of the body. The perspective given for the appointment of this future face of ICANN is the second quarter of 2024.

The next round of new generic extensions at the centre of attention

As is often the case at ICANN summits, the subject of the next round of new generic TLDs was on the menu for most of the discussions. The fact that the previous application window dates back to the beginning of 2012 is obviously no coincidence. At her first summit as President of ICANN, Sally Costerton made good progress on this issue, with ICANN76 concluding with the ICANN Board adopting 98 of the 136 recommendations arising from the process of developing new policies for the next round. 38 recommendations remain to be clarified, and this work is currently underway, with completion scheduled for the second half of this year.

At the same time, implementation of the other recommendations and revision of the Applicant Guide Book have begun. However, two other subjects complete the picture: the possibility of creating closed generic TLDs, a sort of model similar to brand TLDs but which would be made possible on generic terms, and the revision of policies for internationalised TLDs and domain names, i.e. in native languages. The first subject should soon be put into orbit via a process of development of new policies planned over nearly two years. As for the second, its policy development process could last until November 2025. The organisation’s intention is to bring these two issues to a successful conclusion before the next round.

At the time of the 2012 round of new generic extensions, internationalised extensions and domain names were already being strongly promoted as a vector for the success of this innovative process. However, this was without taking into account universal acceptance, which was still in its infancy and which has fortunately made considerable progress since then. The RDAP protocol for registration data was also already considered as an alternative to Whois to be implemented with the new generic TLD program. However, RDAP is only set to replace Whois after a transition period of 18 months. As for closed generic extensions, they were also considered in 2012 but abandoned due to a lack of consensus. They could finally see the light of day under terms to be defined during the next round. As for abuse of the DNS, another subject that has been debated for years, it is also on the point of leading to additional obligations that will affect registries and registrars alike.

If Nameshield is already offering you solutions to help you deal with infringements of your online assets and your gTLD projects, it should be noted that the obligations incumbent on companies that manage domain names are constantly increasing, but also that with ICANN the issues are almost always resolved in the end.

See you in Hamburg in October for ICANN78.

Image source : ICANN’s website

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Candidate in March 2020 and then in March 2021, the city of Cancun finally had to wait until March 2023 and the end of the COVID pandemic to see a new edition of an ICANN summit in person. 2023, a very important year for the organisation. It will indeed celebrate its 25 years of existence while it is going through a risky period with an interim presidency after the resignation of its former President on 22 December 2022.

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Two women at the head of ICANN

Sally Costerton from the UK, who has been Vice President of Global Stakeholder Engagement (GSE) in charge of stakeholder engagement and awareness of ICANN and its mission worldwide since 2012, has been appointed interim Chief Executive Officer of ICANN following the departure of Goran Marby at the end of 2022. She is supported by Tripti Sinha who serves as ICANN’s Board Chair. Tripti is also Associate Vice President and Chief Technology Officer at the University of Maryland, in the Information Technology Division. This is the first time ICANN has had two women leaders. However, the situation echoes the creation of ICANN. As it was recalled at the opening ceremony, in 1998, when the US government gave ICANN the task of managing the DNS addressing system, a woman also held the position of Chair of the Board. This was Esther Dyson.

While leadership interims are rare at ICANN, this situation led to the organisation of a special session called “The Future of ICANN and the Next President and CEO”. A session where participants would have expected to interact with the new Board. This was not the case, as this session was like a kind of open mic without a direct interlocutor to express expectations towards the new Management of the organisation.

An interim presidency for a governance organisation also means a risky period, especially as there is no shortage of issues to address and the geopolitical context is tending towards increased fragmentation. However, although we do not know how long the interim presidency will last, Sally Costerton quickly made her mark at the start of the summit, when she declared, among other things, “I do not know everything, but I can rely on experts“. These words were reassuring and showed a pragmatic approach.

Transparency tested by experience

ICANN is a well-established organisation, as it has been holding summits for 25 years. The trend in recent years has been for the Supporting Organisations (SOs) and Advisory Committees (ACs) that make up the organisation to move towards greater transparency by opening up almost all their sessions to the participants. The most significant transformation has been in the GAC, the body representing governments, whose sessions were closed for many years before being fully open to all participants. This is an opportunity to salute the work of Manal Ismail, who after nearly six years at the head of the GAC is leaving her place to the Paraguayan Nicolas Caballero. A global tendency, therefore, of a nature to generate confidence, a key value to respond to the more and more numerous detractors of the ICANN governance mode.

But this tendency was reversed during this summit because many sessions were closed, “Closed sessions” to which even some affiliated participants could not have access neither in face-to-face nor in remote. Some of the participants were very upset and did not fail to point this out during the traditional Public Forum which usually closes the week of meetings.

Progress at a forced march?

The consensual approach, typical of ICANN, is both a strength for federating players around new obligations that are adopted, but also a weakness because it considerably slows down the progress of important work.

A striking example is the DNS abuse. Malicious use is indeed a real problem given the damage suffered by the affected Internet users. The GAC did not fail to recall this once again during a session where external experts were invited, such as a representative of the Federal Bureau of Investigation, the FBI. The latter indicated that in the United States, in 2022, more than 800,000 domain names were the subject of complaints causing losses of more than 10 billion US dollars. While the topic of DNS abuse has been a recurring theme at every ICANN summit over the years, it is clear that the consensus has shown its limits. Stakeholders in the GNSO, the generic name policy body, have never been able to agree on a way forward, whether it be a Policy Development Process or contract negotiations to revise stakeholder contracts with ICANN. After recent consultations with stakeholders, the GNSO finally decided on the second option, and the least we can say is that at ICANN76, the will was to reach a result quickly. An amendment to the registry and registrar contracts is being drafted and is expected to be presented in June and voted on by the parties concerned in October.  

The GNSO intends to build on the momentum of another contract amendment being voted on by stakeholders: an “RDAP” amendment. RDAP is an alternative protocol to Whois that provides access to domain names registration data. The outcome of the votes and thus the adoption of these contract revisions remained uncertain at the end of the ICANN summit as different thresholds of participation and favourable votes must be reached.

Partial adoption of recommendations for future rounds of new gTLDs

Another issue that some would like to see move forward more quickly is that of future rounds of new generic extensions. Indeed, the last window for applications for generic extensions dates back to January 2012. Since then, a policy development process has been conducted since 2015 to define a set of recommendations for the holding of new application windows. The Final report of this process was submitted to the ICANN Board in February 2021. In the autumn of 2021, ICANN surprised the community by announcing a scoping phase, an ODP (Operational Design Phase), which ultimately lasted until the beginning of this year. The board had not yet decided on the Final report of recommendations, a prerequisite to be able to start the implementation work of the recommendations. So the new interim president of ICANN was also very much expected on this subject.

And she quickly warned that the time was also for action on this subject: “You will see that things will be clarified” (editor’s note: on the next series of generic extensions), she declared during a session during the week. At the end of the week, at a Board meeting, 98 recommendations from the policy development process were adopted, with a further 38 put on hold as requiring further information. An implementation plan is also expected with a deadline set to 1st of August with a focus on internationalized domain names and extensions that ICANN organisation wants to focus on in future rounds and the need to clarify whether closed generic extensions will be offered.

Comments from NAMESHIELD

We can regret a return to a certain opacity in the decision making during ICANN76 where no less than 25 closed sessions were held. Nevertheless, this is perhaps where the progress made on subjects that were not progressing well came from, such as DNS abuse, a very important subject for NAMESHIELD, which offers several solutions to defend your online assets, and the holding of a forthcoming series of new generic extensions, where NAMESHIELD experts can also accompany you.

The other question was how the new interim ICANN President Sally Costerton, would handle her new role in a risky period for ICANN whose model is also increasingly challenged by States, international organisations and even technological alternatives. On this point, the new president appeared to be proactive, joining words to deeds, as on the subject of further series of new generic extensions. Sally Costerton seems to have already started to trace her way towards a full term CEO role for the organisation.

Image source : ICANN’s website

Afnic Registrar Day is back

Afnic Registrar Day

On January 10, the new edition of Registrar Day was held, organized by AFNIC, the registry of the .FR extension, this event is mainly intended for registrars.

While the event was usually held in December, this new edition, which was both accessible in person and remotely, and which took place after the pandemic period, was held at the beginning of this year, a way to place ourselves “in a new dynamic,” according to Pierre Bonis, AFNIC’s Director General.

The Registrar Day was an opportunity to review the highlights of the year 2022 for the organization, the most notable being the deployment of a new registry system on October 1 and the renewal by the French government of the .FR management concession for a new 5-year period. This renewal is accompanied by the implementation of new commitments such as access to registration data for authorized authorities or a strengthening of the fight against domain abuse.

In terms of figures, it should be noted that in 2022, .FR passed the 4 million mark in volume of domain names, a faster growth than the median rate of 2.0% recorded by the Council of European National Top-Level Domain Registries (CENTR) for the year 2022 at the level of European ccTLDs. It is worth noting that .FR ranks third in terms of volume among the ccTLDs of the European Union, behind .DE (Germany) with some 17 million domains and .NL (Netherlands) with more than 6 million domains, and is tied for 7th place with .AU (Australia) at the global level among the 308 ccTLDs delegated to the root 1  

1 Source Verisign

Image source : Afnic’s website

ICANN75, a dense summit before the ITU plenipotentiary meeting

Barely three months after the ICANN74 summit in The Hague, the one in Kuala Lumpur, 75th edition, has just been held. A second summit in hybrid mode, a mix of face-to-face and remote that claims almost 2000 participants from 112 countries, 60% of which were present on the spot. As if to better exist, two weeks before the particularly important appointment of a new secretary general at the head of the International Telecommunication Union, the technical counterpart of ICANN, ICANN proposed a dense summit. NAMESHIELD looks back over.

The sensitive appointment of a new general secretary at the head of the ITU

During the traditional opening ceremony of the ICANN75 summit, Goran Marby, the current head of the organization said “ICANN must be able to continue its mission for a single Internet“. This remark was referring to concerns about the upcoming appointment of a new general secretary to head the ITU, the UN agency in charge of regulating and planning telecommunications worldwide. After two mandates, the current secretary, the Chinese Houlin Zhao, will indeed give up his place to one of the two candidates in the running to succeed him: Doreen BOGDAN-MARTIN, an American or Rashid ISMAILOV, a Russian. Two candidates and two different visions of governance models as Goran Marby indicates: “One of the candidates wants the transfer of competences from the IETF (the Internet Engineering Task Force develops and promotes Internet standards) and ICANN to the UN“. During another question and answer session with the ICANN Board, the election was again invited in the exchanges since it was question of the increased risks of fragmentation of the DNS and the unique identifiers system if the ICANN missions are entrusted to the States. Later in the week, during a cross session between the ICANN Board and the GAC, the governmental body, the Russian representative of the GAC took advantage of a speech to answer in Russian to Goran Marby’s remarks, explaining that the Russian candidate at the head of the ITU does not want to dismantle the Internet. To better support his remarks he communicated the program of the candidate. Things calmed down at the end of ICANN75 during the traditional public forum, which we can regret that it lasted only one hour, a forum where once again the Russian representative of the GAC took the floor in English indicating that Russia is not against the Internet governance model and that it was necessary to take care to reflect the Russian position with accuracy.

The fragmentation of the ICANN model, a major concern

A sign that Internet fragmentation has become a major concern is that this topic was subject to a dedicated session. An interactive survey among the participants revealed that 53% of them consider that the Internet is already fragmented. The reasons mentioned are, on the one hand, the imbalance observed for access to the Internet from one continent to another, Africa being the least well endowed in this area. Other sources of fragmentation mentioned are the cost of subscriptions, which makes access impossible for the poorest, and the multiplication of laws at the state levels, which in some cases prevent full access to this resource, and in others prevent controlled access.

On the problems of connectivity in the world, Goran Marby emphasized the project “ICANN Ground”, a program under construction that will allow to solicit funds on specific needs. The endowment will come from the auctions of the new generic extensions round of 2012, some 233 million US dollars. Ukraine was the first state helped by ICANN with an emergency aid of 1 million US dollars made available in spring.

Is this good will enough to keep the unique Internet, totem of the organization? Indeed, apart from the political and societal fields, the technical alternatives, the so-called “alternative” roots, notably based on blockchain, have also been mentioned. These add new problems due to the lack of community and inter-community coordination with the DNS players. Name collisions indeed become inevitable.

So, to those who indicate that some actors are tempted to turn away from ICANN because of the length of the processes on the issues to be addressed, the organization answers that it is the price to pay for a community functioning by consensus. And on the subjects in debate, it is necessary to notice that there is no lack of them.

The period of amendments, the failure of the accuracy scoping team

As a sign that things are moving forward, the Registration Data Policy resulting from a revision of the Temporary Specification applied in response to the General Data Protection Regulation (GDPR) is entering its final stretch with implementation scheduled for early 2023. This policy will embed measures applied to registries and registrars on the collection, processing and storage of personal data related to domain names.

The Registration Data Access Protocol (RDAP), which is used to publish domain name registration data in the same way as Whois, will be gradually replaced by Whois from next year, with a transitional phase of 18 months, provided that the majority of stakeholders approve the project during a forthcoming consultation. The idea of introducing additional measures in the contracts of the stakeholders to fight against DNS abuse is also gaining ground.

Other topics are still in development, such as the next round of new generic extensions, which we discuss below, and the Standardized System to Access Data (SSAD), which is intended to standardize access to registration data in the case of legitimate requests. A prototype will be developed over a period of 9 months.

But we could also note what has been described as the “failure” of the Accuracy Scoping Team, a working group that was supposed to evaluate the measures on the accuracy of domain name registration data and to identify the possible policy gaps. Indeed, due to the lack of a legal basis to access the data and thus assess the accuracy of the data, their mission could not be carried out. Their work is therefore stopped.  

A next series of new generic extensions under the impulse of internationalized extensions

The next series of new generic extensions, still in the framing phase, has been mentioned as a response to fragmentation thanks to internationalized extensions, extensions in native language, which allow, according to the words of Goran Marby, “to bring the Internet closer to its users“.  He hopes that the next series of new generic extensions will be “a real success from the point of view of internationalized extensions because the Internet is too often perceived as a Western instrument“. The ICANN Board also mentioned these internationalized extensions as a response to the accelerated concentration of the market because they can help “raise awareness of the need for a diversified ecosystem“. Internationalized extensions should benefit from a new spotlight with the launch next year of the first Universal Acceptance Day, on February 16. This event is intended to mobilize the technical community to take into account this type of extensions and domain names.

Comments from NAMESHIELD

We could fear that with the proximity of this summit with the previous one, hardly three months have passed since the ICANN74, this summit lacks substance because of the lack of time to progress on the debated subjects. In fact, the third and last annual ICANN meeting is usually held at the end of October. It is necessary to notice that ICANN75 has not lacked substance, either on the subjects that were discussed or on the particularly high number of sessions: 167 and things move forward. As some participants have indicated, we can regret a certain lack of interactivity with, for example, a Public forum shortened to one hour and sometimes a bit simplistic answers like Internationalized gTLDs to mitigate the concentration of our sector. On this subject, we can remind that NAMESHIELD is an independent French provider.

If the year 2022 has seen fragmentation become a central topic of ICANN summits, one may wonder if this extremely dense summit, anticipated compared to previous years, did not seek to be perceived as a marker of the usefulness of the ICANN organization in the face of current challenges, a summit placed just before the decisive election of the new General Secretary of the IUT. To the numerous animated sessions in the arcane of the ICANN now makes place the silence to follow this determining designation for the perpetuity of the organization or as to better hold its breath.

ICANN74 between lessons of the pandemic and awareness of the richness of the Internet

Between ICANN66 in Montreal, Canada and ICANN74 in The Hague, Netherlands, thirty-two months and seven summits will have passed exclusively online. In 2020, the prospect of a return to face-to-face meetings was already being discussed under the heading of ‘hybrid mode’, a mixture of face-to-face and remote meetings. The question remained as to when this could be implemented. A more favorable health context was needed, with all the questions posed by covid variants and its repeated waves, and sufficient guarantees of security for the participants, who generally come from the four corners of the world. The 74th edition, which was held last month in The Hague, was finally chosen to experiment the ‘hybrid mode’.

The return of face-to-face meetings with the lessons learned from the pandemic

A return to face-to-face sessions in The Hague, but nevertheless extremely constrained, due to health security. Pre-registration was compulsory for all sessions, with a limited number of places per session. This meant that some sessions were already fully booked well before the summit. The compulsory pre-registration led participants to pre-register for sessions they were not sure they would attend in order to reserve a place. Each participant also had to be able to prove that their vaccination status was up to date. Tests were provided on site as well as temperature taking. Finally, masks and distancing measures were mandatory, hence the limited number of places per session. The organization also decided that everyone should go through the video conferencing medium, including those present on site, an idea that aimed to ensure that all participants could interact equally. For those connected remotely, it was also noted that, as promised, the organization planned shorter sessions, generally not exceeding one and a half hour and very often even one hour. The conditions were therefore met to guarantee safe conditions for those present and good conditions for those connected remotely.

Two ODP processes running in parallel

The subject of the next series of new generic extensions has been discussed in sessions of various bodies. The project is now in the Operational Design Phase (ODP), which consists of an assessment of the risks, tasks and resources required, and which is to be concluded with an Operational Design Assessment (ODA). A related subject, that of closed generic extensions, has entered a new sequence. The principle of a so-called “Small Team”, which includes representatives of the GAC, the body representing governments, the ALAC, which represents end-users, and the GNSO, the body in charge of generic policies, has been validated in order to discuss this subject and see if a compromise can be found to envisage next steps. In the 2012 round, it was not possible to create such extension models. The question is therefore whether such extension models will be possible in the next round. Regarding the ODA, the GNSO, which estimates its publication on 31 October, has mentioned a possible postponement of six to eight weeks due to another ODA that is also mobilizing many people on the creation of a Standardized Domain Name Registration Data Access System for legitimate purposes. The SSAD ODA with contrasting conclusions, particularly with regard to its number of potential users and its particularly high cost, was delivered on 25 January. Its findings are still being evaluated. The next step on this second subject is the creation of a sort of prototype called “SSAD Light” which could be based on technologies mastered by ICANN teams to limit delays and costs. The latter would help to validate or not the implementation of an SSAD with, in this case, a prior implementation phase.

Accuracy of registration data, an important issue

Among the many issues currently being examined, the accuracy of domain name registration data is an important one for Europeans. Indeed, it is the Regulation on the Protection of Personal Data, the GDPR, which has prompted ICANN to call for the removal of personal data from registration directories and which, in turn, explains the aforementioned SSAD project and the accuracy of data. How can we ensure that masked data is accurate?  In October 2021, a Scoping Team began a mission to evaluate the obligations related to the accuracy of registration data. It planned to verify the effectiveness of the accuracy of the data. Their findings were expected in June, but the measurement of effectiveness has been hampered by the difficulty of obtaining the necessary data, which is stored at the registrars. Transmitting all registration data to ICANN for research purposes requires a legal basis. The Scoping Team is thus put on hold.

This is particularly important because, as EURALO, the European part of the At-Large body representing end-users, has pointed out, Europe is about to adopt the NIS2 Directive. The directive is due to be voted on in the plenary session of the European Parliament in September before being published in the Official Journal and transposed in the 27 European states. EURALO recalled that NIS2 provides for specific obligations notably on domain name registration data, storage, access and verification and therefore interferes with the role of the regulator ICANN. Moreover, if specific measures apply only to European providers, this creates a disparity of obligations between players, not to mention that the transposition of the text could be unequal in the states. Accuracy at the ICANN level can help harmonize future obligations for all players regardless of their location.

The impact of regulations and disasters

At ICANN73, which followed the outbreak of the conflict in Ukraine, ICANN had the good idea of creating a session dedicated to geopolitical, regulatory and legislative aspects. This meeting highlighted the risks of fragmentation of the single Internet model advocated by the organization. This meeting was repeated at this summit and allowed to note that the initiatives of the States are increasingly interfering with ICANN’s role as regulator.

EURALO had the good idea of completing this panorama with a session on governance and multipartyism in times of emergency. This session consisted mainly of a round-up of At-Large representatives from different continents. The representative from Ukraine logically started the session. In a moving speech about the tragedy in her country, she reminded us that the Internet infrastructure in her country has been heavily impacted. For the Asia-Pacific region, the representative mentioned the volcanic eruption in Tonga in January 2022, which cut the submarine cables and caused a five-week blackout on the islands. She also mentioned the situation in Myanmar where the Internet has been cut off since a coup in February 2021. The representatives of the two American continents spoke of natural and climatic disasters such as Hurricane Maria in Puerto Rico, which had knocked out telecommunications antennas and the electricity network. For part of the population, electricity and Internet access had been cut off for several months. Finally, the representative of Africa recalled that today at least 60% of Africans do not have access to the Internet.

Our comments

The return to face-to-face meetings was not an easy task for ICANN. While many participants felt that the proposed framework was too restrictive, it seems that the organization worked quite well overall in allowing everyone to attend the sessions fairly. The protection measures also seem to have dissuaded many participants from coming, including the speakers scheduled for the week of exchanges who assumed to participate remotely. Indeed, the figures given by the organization indicate 1817 participants from 101 countries, half of whom attended remotely. A good point for the planet but the limit was the possibility to interact outside the sessions.

On the ongoing policy development and review processes, the sessions during the week of the event reminded us that there are a lot of issues being dealt with in parallel, undoubtedly too many issues. This inevitably makes it difficult to keep track of them and causes delays, such as the two ODPs being conducted simultaneously on SSAD and the next round of new generic extensions. However, the overall feeling is that the topics are moving forward, even if the finish line is often unclear.

The last day provided a break from policy issues as geopolitical and regulatory issues and the impact of disasters reminded us that the governance model and access to the Internet are two particularly fragile critical aspects. While NAMESHIELD offers you solutions to the risks associated with compromised names and malicious registrations, we must also remember that we are not all equal when it comes to accessing the Internet. In addition to stricter legislation, other risks such as armed conflicts or climate change must indeed also be considered.

Image source : ICANN’s website

ICANN73 or the difficult equation of preserving a weakened global model

ICANN73 or the difficult equation of preserving a weakened global model

In recent years, ICANN, the regulator of a “universal resolution” of the Internet for all Internet users, has been confronted with new difficulties that are weakening the body and its model. Its mode of operation has had to be adapted to an unprecedented global pandemic and its model of a global Internet is now being questioned by the growing desire of states to emancipate themselves from it, with the tragic conflict in Ukraine pushing the Urals a little further away from the Rockies. But the difficulties also come from its immediate environment with the rise of alternate roots. It is in this context and following a previous edition marked by tensions around the subjects that make up its topicality and which are struggling to move forward, that the 73rd summit opened with great expectations.

For once, the 73rd ICANN meeting did not kick off on a Monday, the day scheduled for the first working sessions. On Sunday 6 March, ICANN published a communiqué stating that its Board of Directors had decided to allocate an initial sum of US$1 million in financial assistance to support access to the Internet infrastructure in emergency situations in Ukraine. This was a way to launch an edition where the conflict in Ukraine was bound to be on everyone’s mind and in many debates.

The conflict in Ukraine in the background

Indeed, on Monday afternoon the very first plenary session of the summit, that of the GAC, the body representing governments, began with a condemnation of Russia’s actions in Ukraine. Several members of the GAC, including France, took the floor.

Two weeks earlier, Ukraine was hit by the first Russian strikes. Ukraine, through Mykhailo Fedorov, Deputy Prime Minister and Minister of Digital Transformation, asked ICANN to target Russia’s access to the Internet by revoking specific country code top-level domains operated from Russia, revoking SSL certificates associated with the domain names and shutting down a subset of root servers located in Russia. ICANN responded negatively to this request in a letter from Goran Marby, ICANN’s CEO, to the Minister, reminding that ICANN’s mission is to take steps to ensure that the Internet operates in a global and non-politicised manner. ICANN is a neutral body, Goran Marby repeated at the Public Forum that closed the summit.

Prospects for ongoing policy development processes

During the previous ICANN summit, tensions were palpable in certain bodies, especially the one representing the registries, due to policy development processes that have become longer with additional stages such as the ODP (Operational Design Phase) that now intervene between the return of final recommendations and the Board’s vote on them.

The first subject to be affected by the ODP stage is the Standardised System for Access to domain name Data. This system, known as SSAD, has been under discussion for more than three years as part of a policy development process known as ePDP, of which SSAD is part of phase 2. It is intended to return to a more uniform model of access to domain name registration data for legitimate requests. However, the ODP, which has just been finalised six months later than the initial estimated timetable, has highlighted the difficulty of framing this project. The number of users is in fact estimated at between 25,000 and 3 million to address 100,000 to 12 million requests, values that lead to a particularly wide range of implementation and maintenance costs (from 34 to 134 million US dollars) and consequently to access costs for the future system that are very difficult to evaluate, the idea being to finance the system exclusively with access costs. At ICANN73 , a way out was suggested: Create a pilot project to limit the risks, in other words, envisage a small-scale SSAD before considering the next steps.

It has been noted that regarding phase 1 of the aforementioned ePDP there is now a finish line. It is estimated to be completed by the end of 2022. This phase aims to create a perennial policy to replace a Temporary Specification that addressed the GDPR in the domain name eco-system in 2018.

The other major topic is that of a next series of new generic extensions. Let’s remember that the previous series will celebrate its ten years in 2022. Since then, it has been a policy development process (PDP) that stretched from December 2015 to February 2021 when the body representing generic policies, the GNSO, adopted the final recommendations report. Last September the ICANN Board decided to initiate an ODP process that could last until early next year. This topic has been the subject of much criticism as the finish line seems to be getting further and further away, even though it has been ten years since the last round. Nevertheless, one option was discussed at ICANN73, that of starting the implementation work without delay, a proposal that, while it rather displeased the ICANN CEO, was rather positively received by the ICANN Board, which should however only vote on the recommendations of the final report of the PDP process after the end of the ODP.

Geopolitical, legislative and regulatory aspects – a new feature

Among the novelties of this summit was a plenary session devoted to geopolitical, legislative and regulatory aspects. This session provided an overview of the many initiatives coming from institutions such as the United Nations, the International Telecoms Union, the Council of Europe and the OECD, as well as from States such as Russia with its digital sovereignty law and China with its law on cybersecurity and data security. This session also allowed to clarify perceptions such as ICANN’s position on the European NIS2 directive. Goran Marby indicated that ICANN does not have an official position on this issue.

The return of the GDD/GDS summit?

Until 2019, ICANN proposed a more operational summit called GDD Summit in addition to the three policy summits. This was abandoned in the context of the global pandemic and has not been mentioned since. The possibility of relaunching this mechanism was put on the table at ICANN73. There could therefore be a fourth annual ICANN meeting as early as the end of this year, with November being mentioned as a possible date. However, between now and then, there will be ICANN74 in June and ICANN75 in September, two events where the hybrid mode, face-to-face and remote, should be in place.

Nameshield Comments

ICANN 73 was undeniably marked by the conflict in Ukraine. A conflict that paradoxically allowed to find a semblance of unity with the outline of solutions as the fact of allowing the Ukrainian registrars to derogate from the ICANN policies through a device called “extraordinary circumstances” and to recall the ICANN to its fundamentals, an apolitical body working for a global Internet. By mapping out the geopolitical, legislative and regulatory contexts, the body also seems to have realised that the world ahead may make it even more difficult to preserve its model of a globalised internet. The feeling after this summit is that more concrete proposals and perspectives have been given on some of the subjects discussed.

For the next round, it is the threat of alternative roots to the DNS that could give an unexpected boost to the current process. These roots that tend to develop could cause collisions between requests if one day identical TLDs cohabit in two environments, a risk that is all the more increased if ICANN marks the step on a future round. Another risk is to be challenged for the allocation of regulatory TLDs when an identical TLD would exist on an alternate root.

Image source: ICANN’s website

ICANN72, between prioritisation needs and fragmentation risks

ICANN72, between prioritisation needs and fragmentation risks

At the end of October, the 72nd ICANN summit was held, devoted to the development of policies that impact the domain name system (DNS) and the global Internet community. As already announced during the past summer, this latest annual meeting was to be held by videoconference in the time zone of Seattle in the United States. “Sleepless” were therefore not in Seattle but rather in Europe.

ICANN72, between prioritisation needs and fragmentation risks

The thorn in the side of the next round of new generic extensions

A month before this summit, ICANN announced the schedule for the Operational Design Phase (ODP) for one of the most anticipated topics by the contracting parties: the organisation of a future round of applications for new generic extensions. The ODP is a new mechanism now linked to the policy development process (PDP). It is similar to a project scoping exercise as it aims to identify the steps, risks, costs and resources to be allocated to implement a project, in this case a new round of generic extensions. The PDP was conducted between 2015 and 2020, with the submission of a final recommendations report to the ICANN Board in March of this year. However, it is not until February 2023, almost two years later, that the Board should consider these recommendations, the time to let the ODP conduct. Indeed, ICANN confirmed before the opening of ICANN72 that this scoping phase should last sixteen months in its entirety, including ten months for the conduct of the ODP, three months upstream to initiate the latter and in particular to constitute the teams that will conduct it and three months downstream to conclude the work. This timetable surprised many of the contracting parties and gave rise to much discontent. These discontents were particularly expressed through the Brand Registry Group that represents and promotes the interests of its members, dotBrand owners. For most members, things are not moving fast enough and the ODP would even be partly useless since some aspects overlap with the work already conducted during the previous PDP. Another aspect pointed out was the cost of the ODP estimated to $9 million, which is not a small amount.

The clouds are gathering as are the processes underway

As the other sessions scheduled during the week-long summit progressed, it was clear that the clouds continued to gather in the weather of ICANN’s policies. For example, the announcement of the launch of an expedited policy development process (ePDP) to review the Uniform Domain-Name Dispute Resolution Policy (UDRP), which allows for the recovery of disputed domain names, caused a great deal of misunderstanding, given that a review of all rights protection mechanisms (RPMs) has already been conducted between 2016 and 2020 and its final recommendations have not yet been examined by the ICANN Board. Now this review to validate the recommendations is scheduled to take place at best in the summer of 2022, by which time the aforementioned ePDP should be finalised. This example illustrated the gap that is being created between the community’s expectations for decisions and ICANN’s decision-making bodies, which seem to be overwhelmed by the policy negotiation processes that are piling up and stretching out over time, risking rendering decisions obsolete if they are made too late. According to some participants, this even affects ICANN’s ability to continue to carry out its mission as set out in its founding documents: To preserve and enhance the operational stability, reliability, security and global interoperability of the Internet.

“Prioritisation”, the word is out

On the first day of the sessions, ICANN CEO Goran Marby defended himself against the idea that the Board was slow to make decisions. He pointed out that the Board had recently examined 228 recommendations from the Competion Consumer Choice & Consumer Trust (CCT), which had just conducted a review to assess the extent to which the expansion of generic TLDs, gTLDs, had promoted competition, consumer confidence and consumer choice. 166 have been approved to date, 44 placed on hold and 18 rejected. Many of these measures are correlated with research and data collection to better understand market trends for new gTLDs.

Goran Marby also justified the delays in decision-making by the large number of ongoing and overlapping issues and by the fact that ICANN sometimes needs additional expertise to make decisions. In response to the criticisms, he also indicated that ICANN is now working on some form of prioritisation, a wish expressed by NAMESHIELD that seems to have been heard. However, Marteen Botterman of the Board nuanced this by specifying that prioritisation is not the Board’s responsibility, as it must ensure that the multi-stakeholder model is respected and must therefore maintain a certain neutrality on the subjects submitted to it.

A risk of fragmentation

From an organisation that has difficulty in making decisions, to its questioning, there is only one step. From the first day of the sessions, Goran Marby, who was particularly involved in the exchanges, spoke of “threats to ICANN”. ICANN is working on a risk management framework for the organisation. He also spoke of the need to talk more closely with governments as the current governance model is being challenged. Indeed, one only has to look at Russia to see that in November 2019, the Russian government introduced new regulations that create a legal framework for centralised state management of the internet within Russia’s borders. Russia has also proposed to hand over the management of the root servers to BRICS (Brazil, Russia, India, China and South Africa) member states. Proof that the States are going on the offensive in terms of their legislation, recent European directives also have an impact on the governance model, such as the General Data Protection Regulation (GDPR) and the forthcoming NIS2 (Network and Information Systems) directive, subjects which were also recalled at the summit. In China, for example, a law strengthening controls on digital services operated in China has just been adopted.

The failure of the ICANN governance model, if confirmed, could lead to a fragmentation of the DNS as we know it today, a fragmentation which takes shape as ICANN becomes bogged down in sterile debates. This summit has highlighted that the community and ICANN leadership have identified this major risk. The challenge for the future is to address it. We will watch the next ICANN summit scheduled in March 2022.

The observation that DNS regulation policies are bogged down, particularly at ICANN72, was widely shared by NAMESHIELD well before this summit. In particular, NAMESHIELD had expressed the need to prioritise topics in agreement with the community during the ICANN72 preparatory sessions. NAMESHIELD, which participates in working groups working on recommendations in the context of the periodic reviews conducted by ICANN, also advocated for re-enchanting voluntary work and helping diversify representatives in these working groups, in particular from small structures. Indeed many volunteers are now overwhelmed by the increasing volume of topics to be considered as the processes accumulate and decisions do not follow. New participants are discouraged from taking an interest in these topics by lengthy and cumbersome processes.

Image source : David Mark via Pixabay

Data escrow no longer escapes the concentration of the domain names industry

concentration of the domain names industry

There is a lot of talk about the concentration that is taking place in registries and registrars, two of the key actors in the domain names ecosystem. The two companies that have been in the news the most in the last two years, are Ethos Capital and Clearlake Capital, two private equity firms that have specialised in acquisitions in this sector.

Ethos Capital, founded in 2019, had proposed in November in a 1.135 billion euros deal to acquire Public Interest Registry, the registry in charge of the historical extension .ORG, which then claimed some 10.5 million registrations.  If this deal was not done after a surprise veto from ICANN as part of a provision of the Registry agreement that provides for an approval process for each type of transfer whether it is a change of control or a major subcontracting agreement, Ethos Capital was quickly comforted with the confirmed acquisition on March 31, 2021 of the registry Donuts, which in December 2020, had concluded the acquisition of Afilias, the registry operator of the .INFO and .MOBI gTLDs, among others. Donuts currently claims 270 generic extensions out of a total of 1268, i.e. 21% of them! It recently acquired the .watches extension from the luxury goods manufacturer Richemont.

As for Clearlake Capital Group, this company founded in 2006, acquired Endurance International in a $3 billion deal and recently took a significant stake in Web.com. The two entities were merged to form a new company called Newfold Digital. Newfold’s portfolio includes registrars such as Register.com, Network Solutions, Domain.com, BuyDomains, BigRock, PublicDomainRegistry and CrazyDomains as well as BlueHost and HostGator, two very important companies in the field of web hosting. The group claims approximately 16.5 million domain names.

Another well-known player, the American registrar GoDaddy, announced in February 2021 that it was raising 800 million dollars to make acquisitions. Since then GoDaddy seems to have gone on the offensive. The world’s largest registrar by volume is currently finalising the acquisition of Minds & Machines, a registry of new generic extensions (27 in all) in a deal worth 120 million dollars. Europe is of course not immune to the concentration phenomenon, even if the deals taking place are not as high as those mentioned above.

Indeed, these are just a few examples of a concentration that seems to be accelerating unstoppably in the domain name sector. Yet another important key players in the domain name management, the escrow operators whose critical mission is to store and safeguard domain name data for registrars and registries, rather like a bank, seemed less exposed to the phenomenon until now. However, if we look at the list of ICANN-designated agents, we recently noticed that one of them, namely Iron Mountain, has disappeared. This is not due to an error but to the fact that this actor has been absorbed by its competitor NCC Group. The deal, made in June, is estimated to be worth 165 million dollars. 

Across the concentrations now taking place in all the key areas necessary for the management of domain names portfolios, questions arise about the range of services on offer, which is constantly shrinking as a few major players take over the market, and also about prices (PIR had obtained from ICANN the lifting of the ceiling on .ORG prices just before Ethos Capital made its takeover offer) and the control of the domain name data, a control that seems difficult with the globalisation of the market. It should be remembered that NAMESHIELD remains an independent French company for which all these issues are at the heart of its concerns.

Image source : Geralt via Pixabay

ICANN71: GAC in the spotlight

ICANN71: GAC in the spotlight
Image source : icann.org website

Some 56 sessions were scheduled as part of the 71st ICANN Summit in The Hague. Held once again exclusively by video conference due to the global health situation, no less than a quarter of these sessions were organised by the GAC, the governmental advisory committee that advises ICANN on public policy issues related to ICANN’s responsibilities in the domain name system. The GAC has been very active on all current ICANN policy issues and has clearly made its mark.

The GAC currently has 179 members, representing a majority of the world’s countries. This gives it a good representation on a global scale to speak to a global governance body. The GAC is highly organised and precedes ICANN meetings with preparatory meetings that enable it to gather opinions at local level and then relay them to the governance body. Once again, this summit highlighted the fact that there are really a lot of policy issues going on at ICANN level.

The fight against DNS abuse

The topic of abuse has almost become a chestnut at ICANN summits, as it has been at the center of concerns for almost two years. While registries and registrars are already subject to a battery of obligations on this topic, many stakeholders consider these to be insufficient to really address the issue. The year 2020 has indeed seen an explosion in cybersecurity breaches, particularly as a result of the global pandemic, which has seen even more consumption via the web, particularly due to confinements, and where working methods have had to be reinvented in favour of the remote. It is clear that little has been achieved to date on that issue.

A thorough initiative rich in proposals was formulated by the SSAC (Security and Stability Advisory Committee) which, in its 24 recommendations transmitted to the ICANN Board, put forward the idea of initiating an expedited Policy Development Process (ePDP) with a view to developing an anti-abuse policy. Their report to the Board three months ago has not been acted upon to date. The second and more recent initiative comes from the Registry Stakeholder Group (RySG). It has finalised, with input from the GAC, a framework aimed specifically at botnets, attacks that use forms of Trojan horses to take control of computers to form networks of computers to carry out further attacks. Its principle is to allow voluntary registries to join a scheme that requires them to preemptively block bulk names generated via DGAs (Domain Generation Algorithms), algorithms used to periodically generate large numbers of domain names that can be used as rendezvous points with their command and control servers. The large number of potential rendezvous points makes it difficult for law enforcement to effectively counter botnets, as infected computers will attempt to contact some of these domain names every day to receive updates or commands. The principle here is therefore preventive. In return, the registries would benefit from incentives and would not have to pay the tax collected by ICANN when a domain is created. This initiative is to be welcomed, but it is carried out more directly by the RySG and is therefore not consensual, hence its voluntary nature and therefore its very limited impact.

The reason the DNS abuse issue is so stalled is that it is confronted with other ongoing and upcoming policy development processes and competing interests between bodies, the Intellectual Property Constituency (IPC) for example being very concerned about access to contact data in domain name directories, the RySG about the launch of the next round of new gTLDs that they want to see move forward.

The impact of the General Data Protection Regulation (GDPR) on domain name registration data

Recall that to replace the Temporary Specification, which was put in place on 17th of May 2018 just a few days before the GDPR came into effect, an ePDP process was initiated. This process, described as expeditious, seemed to be far from being finalised at this new ICANN summit, even though three years have passed.

Segmented into three phases, phase 1 aims to provide a perennial policy that should frame the management of personal data of domain names to replace the temporary Specification that notably redacted personal data from domain name directories (via the Whois and RDAP protocols). Its drafting is progressing but no date is known for its finalisation and therefore possible implementation. The delay is partly due to the difficulty of transcribing certain recommendations, one of which was in conflict with an existing policy, the Thick Whois Transition Policy, which provides for the systematic transfer of detailed contact data from registrars to registries. Another pitfall is that the policy overlaps with other existing policies, which therefore also require ongoing adaptation.

Phase 2 concerns the establishment of a harmonised system of access to redacted name directory data for “legitimate” interests. This system is now known as the Standardised Data Access System (SDAS). The first hurdle was that the Generic Names Supporting Organization (GNSO), the policy-making body for generic names, had surprisingly approved all of the recommendations in the Final Report, even those that did not achieve consensus. The recommendations to create this system were therefore all transmitted to the ICANN Board, which rather than pronounce and vote on their application decided to first initiate an Operational Design Phase (ODP). Initiated at the end of March by the Board, it should last six months and aims to identify the stages, risks, costs and resources to be allocated, with a consultation of the community once a milestone has been reached. It is therefore a form of project scoping. The publication of a Request for Information is planned for June for a first consultation of the community.

A Phase 2a additional layer of the PDP aims to assess the possibility of unbundling the contact data of publishable legal entities from non-publishable natural persons. Initiated in December 2020, it resulted in five recommendations in an initial report open for comment until 19th of July 2021. The first recommendation, which was much commented on at ICANN71 , finally recommends that nothing should be changed by allowing players who so wish to make this differentiation. This process will continue with a final report of recommendations expected in the second half of the year.

The GAC considers that improvements are needed in both of the above-mentioned topics. In particular, it considers that the system does not go far enough to protect consumers and increase their confidence. It also regrets that the evolution of the system over time has not been framed and fears that the cost, since access is subject to an accreditation system, could be a deterrent, particularly for those involved in the fight against security breaches who need access to registration data. On DNS abuse, the GAC reiterates the need to address this issue. It has already made several proposals at previous summits.

What about the next round?

The next round is still undecided. We just learned that the ICANN Board, which has just received the last inputs on the recommendations for the next round of new gTLDs, has confirmed that it will start an Operational Design Phase (ODP) to estimate the steps, risks and resources necessary to implement these recommendations. Not yet planned, the Board said it had asked ICANN org to prepare a document to frame the ODP in order to draft the resolution that will formalise it. This resolution will set a deadline for completion of the ODP, possibly six months as with the SSAD. 

The GAC, for its part, recalled the issues of specific concern to its members. These include: predictability, voluntary and mandatory registry commitments including how to address DNS abuse, its desire to see support for new applicants better adapted, particularly for less favoured areas, its opposition to closed generic TLDs, the consolidation of its ability to evaluate all applications in order to issue advices and warnings, and its opposition to private auctions to decide between applicants for the same gTLD. It also wishes to support non-profit community applications.

Other issues carried by the GAC are very committed

Other policy development processes are underway, such as the one on Governmental and Non-Governmental Organisation Identifiers (IGOs, INGOs), a process on the rights protection mechanisms, or in the initial phase a PDP on domain transfers and on the launch pad a PDP on IDNs. The GAC did not fail to recall the central issue of accuracy of registration data which is considered insufficiently addressed by the current obligations espacially due to the impact of GDPR. This topic will indeed be central in the perspective of the future NIS2 directives and the Digital Services Act currently being drafted at the European level. The GNSO was challenged by the GAC on the examination of this topic, which has not really started, and apologized for having too many topics in progress. Tensions that the GNSO has sought to alleviate by spending time reviewing its liaison with the GAC to improve it, a decidedly offensive and active GAC.

What About Future Summits?

ICANN summits usually end with a public forum where the public can directly question the Board. As a sign of a (temporary?) improvement of the health state on the covid, the traditional forum was dedicated to the future ICANN summits to know if they should be held in person. From this session it emerged that the answer is not obvious. At issue were the different levels of vaccination and access to vaccines in different countries, the currently restricted conditions of entry to the USA, ICANN72 being held in Seattle and the evolution of the pandemic which remains uncertain. This forum provided an opportunity to comment on a recent survey conducted by ICANN which showed that the majority of those interested in ICANN events considered that face-to-face meetings should be reactivated (54%). At the end of this session, ICANN committed to arbitrate during July. The format of ICANN72 could be hybrid, with limited on-site representation and the continuation of the remote format.

A notable feature of this summit was the large number of ongoing issues and the impression that things are moving forward with difficulty. This has resulted in notable tensions between bodies and discontent expressed, for example, by the group of representatives of geographical extensions, the geoTLDs. If for some, the return to face-to-face meetings seems to be the solution to improve things, through our presence in certain bodies and our participation in working groups, we think that it is rather a problem of visibility due to too many subjects being launched in parallel, some of which overlap with a clear lack of prioritisation. The ODP, the new tool which aims to frame the implementation of a harmonised system of access to registration data and which is now being applied in the next round, may go some way to improving these perceptions. Another aspect to be considered is the diverging interests between bodies. Here, facilitated exchanges can perhaps improve things.

ICANN70: At the crossroads of different policy development processes

Initially scheduled to take place in Cancun, Mexico, like ICANN67 , the recent summit on Internet governance was once again held entirely by videoconference due to the global health situation. The PDPs, the Policy Development Processes, were the main thread of this summit.

ICANN 70
ICANN70 was the fourth summit held remotedely

The PDP, Policy Development Process, is the central community mechanism used by the Generic Names Supporting Organization (Gnso), the body responsible for policy developments on generic domain names, to propose new requirements and revise existing rules to update them. Each PDP results in a series of reports that are ultimately forwarded to the ICANN Board of Directors, which decides on the fate of the recommendations they contain. 

News on the PDP of the new generic extensions

It is with this mechanism that ICANN launched a program of new generic extensions that led to 1930 applications in Spring 2012 and 1233 delegated extensions by the end of 2020. The opportunity to consider a new round of applications was materialized by a PDP initiated by Gnso in late 2015. Five years later, this process to review and improve the Gnso recommendations for the 2012 cycle has entered its final stretch. It is now up to the ICANN Board to decide on the recommendations of the working groups that worked on this PDP. The Board of Directors should launch a last phase of consultations of the community before pronouncing on the continuation of their works. The community was expecting an announcement at this summit or perhaps even a timetable to mark out the next steps until the next round of applications, but we have to admit that hopes have been dashed. Indeed, no announcements were made, even though we know that the prospect of a future round of applications is now approaching fast. Regarding the content of the recommendations this time, the elements discussed mainly during ICANN70 were about a pre-evaluation of the future registries, the improvement of the predictability to evaluate the future applications and the ways to improve the applicants’ support.

The PDP: A solution to the impasse over malicious use of the DNS?

Another topic, related to the implementation of the PDP mentioned above, is the malicious uses of the DNS, a topic commonly referred to as DNS abuse.

ICANN’s monitoring of malicious practices in generic names covers some 205 million domain names, of which barely 11% are from the cycle of extensions created since 2012. The observation made through their analyses shows that around one million domains concentrate these infringements, that is to say 0.5% of them. Another notable fact is that the new generic extensions are more used for malicious practices than the historical generic extensions like .COM, .NET, .ORG, .BIZ and .INFO. In fact, ICANN indicated that in February 2021, 35% of security breaches came from names created in the new generic extensions against 65% in the historical extensions, a ratio that even rose to 40% in November 2020. ICANN also said that 90% of malicious practices in the new extensions were concentrated in 23 extensions. As for the most common types of attacks, spamming is involved at 85%, phishing at 8.4%, botnets (malicious programs that operate remotely) at 3.9% and malware at 2.7%. The new generic extensions concentrate more spamming and phishing practices. Although DNS abuse has been a central topic of discussion between the bodies representing the stakeholders of the Internet community for five summits now, positions still diverge on the measures to be taken to curb these harmful practices. Here again, the expectations of the community at this summit were high.

The GAC, the body that represents governments, has already supported the idea of a dedicated PDP on this topic. It advocates for a holistic approach that addresses all extensions, existing and future. GAC highlighted the work of the SSAC, the Security and Stability Advisory Committee, which advises the community and the ICANN Board on issues related to the security and integrity of the Internet’s naming and addressing systems. Indeed, it published an advisory prior to ICANN70 urging the Board before launching the next round of new gTLDs to commission a study of the causes, responses and best practices for mitigating domain name abuse proliferating in the new gTLDs in the 2012 round. To their credit, they also made a series of recommendations to the ICANN Board, ranging from the systematic presence of security experts in all future contract negotiations to an ePDP (expeditive Policy Development Process).  As for Gnso, it is continuing consultations for the moment without ruling out the use of a PDP.

And the ePDP phase 1 and 2 on access to registration data

Another topic, another PDP process, the ePDP in connection with the GDPR for access to domain name registration data. Initiated in 2018, it was intended to replace a Temporary Specification that involved redacting personal data from freely available registration data of generic names. Phase 1 of the ePDP, not finalized at this time, is intended to replace the Temporary Specification with a future-proof provision. Phase 2 aims to create a standardized data access system for legitimate applications commonly referred to as SSAD. This phase has now reached the end of the roadmap, as it is now in the hands of the ICANN Board of Directors after the Gnso has approved all the provisions formulated by the working groups that have worked on this subject, even those that did not reach consensus. The Gnso assumed this position under the pretext that it was necessary to take its responsibilities and that the recommendations were a whole, a breach of the process of creating new policies that normally wants to be consensual and that led the ALAC (At-Large Advisory Committee) that represents the end users to express concerns, the IPC (Intellectual Property Constituency) that represents the interests of the intellectual property community even going so far as to ask not to continue with the review of the recommendations. The ICANN Board has simply launched an Operational Design Phase to consider the operability of the future system and intends to take a position on the recommendations at a later stage.

A new PDP on domain name transfer policies

Another PDP process was officially launched at ICANN70 to revise the rules for domain name transfers: transfers between registrars and transfers between two registrants. The latter aims to simplify, secure and make name transfers more efficient. A vast project that could extend over several years…

Concerns about the concentration of the sector

Indicative of the concerns of the Internet community, the public forum this year was marked by many questions around the concentration that is accelerating among the players of domain names. The latest is Ethos Capital, a private equity firm founded in 2019, which after buying the operator of .ORG, PIR, has just taken over Donuts, which manages no less than 242 new generic extensions and had recently acquired Afilias, which is among other things manager of the extension .INFO. The community has expressed concerns about these new players whose expectations are not necessarily in line with one of ICANN’s totems, which is to defend competition, trust and consumer choice. ICANN, for its part, does not see a problem in this phenomenon, which has become a trend, because these mergers trigger very closely supervised procedures for analyzing and approving the changes that are brought about. 

ICANN70 has highlighted the fact that ICANN is looking at a number of potentially high-impact topics in domain name management, most of which are about to be materialized into new policies that Nameshield will implement for its customers. Beyond this framework, Nameshield, an independent French player, has already implemented solutions that provide answers to the problems that some of these policies must address. Do not hesitate to reach your consultant with your needs so that we can study together the solutions that we can already bring.