ICANN81: A summit at a crossroads between challenges and difficulties 

ICANN81: A summit at a crossroads between challenges and difficulties 

Thursday 14 November saw the close of the 81st ICANN Summit, the Internet’s governing body. The summit took place on the banks of the Bosphorus between Asia and Europe, in Istanbul, Turkey. This summit is the last meeting of the global Internet community for the year 2024 before turning to 2025.

Tripti Sinha, who has just been reappointed Chair of the ICANN Board of Directors, opened her remarks at the Opening Ceremony of the 81st ICANN Summit with the observation: ‘The past year (editor’s note: 2024) has been a complicated for ICANN’.

ICANN, an organisation challenged on several fronts

Tensions between Russia, China and the West have never been so high. A geopolitical context that is putting the multipartite model of a globalised Internet under pressure, as ICANN is an organisation governed by American law, even if it claims to be apolitical. The conflict in the Middle East is never far away either. In particular, it has resurfaced at previous ICANN summits this year. Challenged about its role and legitimacy, ICANN is also faced with the change of presidency in the White House with a second term for Donald Trump, which gave rise to some unusual questions at the public forum that closed the summit. One participant referred to the unpredictability of the future President of the United States, which ‘increases the risk of conflict’, going so far as to wonder whether ‘ICANN can take control of American military systems’. While the answer to this question is, of course, no, Tripti Sinha has also raised the issue of ICANN’s liability, with legal action being taken against ICANN, and financial challenges, speaking of ‘financial difficulties’. ICANN’s operating costs have risen significantly in recent years, partly as a result of inflation. Inflation has led to significant increases in domain name prices, which in turn have led to a downturn in the market. ICANN, which derives part of its resources from domain names in return for a tax on each generic domain name, has also been affected.

A transition of presidency at the head of the organisation

Erik Lindqvist, the new President of ICANN, will officially take office on 9 December 2024.
Erik Lindqvist, the new President of ICANN, will officially take office on 9 December 2024.

At the opening of the summit, Erik Lindqvist, the future President of ICANN, gave a short speech to introduce himself and talk about his career. He will officially take up his new post on 9 December, taking over from Sally Costerton, who was applauded for her successful interim role.

Among the tasks expected of the new President, who will be based in Geneva, Switzerland, is a review of the organisation’s financial situation. Avenues for savings and new sources of funding were discussed, and a number of clear-cut opinions emerged. For example, should attendance at summits be made fee-paying, or should the venues chosen for these international meetings be rationalised to generate savings? The interaction of the new President with the various bodies is also expected and acclaimed. Defending the multi-stakeholder governance model in the current difficult context and ICANN’s ethical policies are two other important issues raised by the contracting parties.

New series of new generic extensions confirmed for 2026

Among the difficulties, ICANN must also succeed with the new series of new generic extensions. First of all, this means meeting the April 2026 deadline for the application window, a date that has been hammered home for several summits. Reassuringly, the recommendations of the Subsequent Procedures (Subpro) policy development process are being implemented at a good pace. The future application guide is on schedule, with a final version due to be delivered within a year. The future registry contract for new registry operators is also being considered. Unlike the candidates for the 2012 round, this new contract should be a single document covering all types of TLDs: open, community, brand and internationalised (editor’s note: in native language). It will include fourteen specifications, compared with the current thirteen, with the fourteenth covering TLD variants for multilingual TLDs.

Other issues on which ICANN reached a decision, there should be no private auctions to decide between candidates for the same TLD in 2026. Like a symbol or perhaps a marker, at the very end of the summit, the ICANN Board adopted the applicant support program for future applicants, a program that will involve a communications campaign in disadvantaged geographical areas at the beginning of 2025.

Capitalising on experience feedback

A number of issues recently initiated by ICANN are currently being evaluated. These include abuse of the domain name system. In April 2024, specific obligations came into force to compel registries and registrars to take action in the event of clear abuse. ICANN81 provided an opportunity to take stock of these measures after an initial six-month implementation phase. ICANN Compliance reports that it has initiated 363 complaints, often involving several domain names. Unsurprisingly, the most common abuses involved phishing campaigns.

Another element being tested is the Registration Data Request Service (RDRS). This is a prototype designed to gauge interest in a standardised platform for submitting and processing requests for access to domain name registration data for legitimate purposes. Over the course of a year, the RDRS collected requests for 13,000 names, a volume that remains low compared to the 170 million generic names. A related issue is the depreciation of the Whois protocol for domain name registration databases. This protocol, which has been in use since the 1980s, is due to give way to the RDAP protocol for generic domain names at the end of January 2025. ICANN Org has pointed out, however, that this new protocol is very rarely correctly deployed at this stage.

The tense international context was largely reflected at this summit on an organisation that will be starting 2025 with a new president at its head and a change of administration in the White House. ICANN has made no secret of the fact that it is facing a number of difficulties. The success of the next series of new gTLDs, a series that will have taken fourteen years to complete between 2012 and 2026, will be decisive in helping the organisation to emerge from this turbulent period. The stakes are high, firstly because ICANN is committed to holding this series in April 2026. A postponement of the date would further damage its credibility.

This series is also important given the investment required to prepare and hold it. The significantly higher application fees than in 2012, with a base amount of USD 227,000, may act as a brake. Investors, for their part, may not appreciate the abolition of private auctions to decide between applicants for the same TLD, with ICANN seeking, on the contrary, to curb speculation.  Nameshield, for its part, is convinced of the merits of this new round and, in particular, of dot brand extensions, the benefits of which will more than offset the investment required if applicants are properly accompanied. Nameshield is ready to help future project owners by providing them with a complete solution for their entire project cycle. If you have an Internet extension project, contact our experts who will be delighted to support you.

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

ICANN80: Rwanda joins the small circle of sub-Saharan states to have hosted ICANN

Following on from Paris, which hosted the ICANN Contracted Parties Summit last May, the Rwandan capital has just hosted its first ICANN Summit devoted to Internet governance policy issues. Here’s a look back at what we learned from the event.

ICANN has found its new face

ICANN80 kicked off with the official appointment of Kurt Erik “Kurtis” Lindqvist as the future President and CEO of the organization. The 49-year-old Finn will officially succeed his predecessor Goran Marby, of Swedish origin, who resigned at the end of 2022. Sally Costerton’s interim appointment will therefore end on December 4, 2024, with Mr. Lindqvist officially taking office on December 5, 2024. Mr. Lindqvist has been CEO of the London Internet Exchange (LINX) since 2019. His appointment is the culmination of a long process that began with the creation of a search committee for a CEO. Initially, some 100 candidates representing over 20 countries in North and South America, Africa, Europe, Asia and Australasia were identified. After further evaluation, the list was whittled down to seven people (three women and four men) who were interviewed by the CEO’s selection committee. The selection process ended with the ICANN Board unanimously approving the choice of Mr. Lindqvist at a session held just before ICANN80. A first, the new CEO will be based in Geneva in Switzerland.

Spotlight on the Internet in Africa

You have to go back to June 2017 to find a city in sub-Saharan Africa hosting ICANN. Johannesburg, South Africa’s most populous city, hosted ICANN59. In June 2024, ICANN finally returned to Africa, with Rwanda as host country. A very good thing, given that Africa is still largely under-resourced when it comes to Internet access. The International Telecommunication Union estimated that by the end of 2021, 14.3% of African households had access to the Internet, compared with 57.4% worldwide. Fixed Internet connection is also more expensive than in other regions of the world in proportion to income. It represents 18.6% of gross national income (GNI) per capita, compared with a global average of 2.8%. The GAC, the body representing governments at ICANN, took advantage of the event in Kigali to organize a “High Level” governmental meeting. This brought together 50 countries with four sessions on the multi-stakeholder model, cooperation and governance, digital inclusion and support for connectivity. These issues are also at the heart of the United Nations’ Global Digital Compact, which calls for a more inclusive and equitable Internet. The African At-Large Regional Organization (AFRALO), one of the five At-Large regional organizations within ICANN (At-Large represents end-users), kicked off ICANN80 week with a round-table discussion on improving Internet infrastructure in Africa. For its part, ICANN Org recalled during the week’s Summit that in 2022 and 2023 two root servers have been made operational in Nairobi, Kenya and Cairo, Egypt. Most DNS root queries based on Africa therefore are now resolved in Africa. For example, the root server in Nairobi, Kenya, handles 40% of all DNS root requests for the continent. Prior to its installation, 35% to 40% of DNS query traffic traveled outside Africa for resolution. The two installations also increase the resilience of the global root server system for Internet users on the continent, and help to cope with the exponential increase in traffic expected on the continent over the next few years.

The promise of the next round of new generic extensions : an estimate of application fees finally made public

No fewer than eight sessions held on the first day of the summit addressed the future series of new generic extensions. ICANN Org pointed out that this program is designed to make the Internet more inclusive, relying in particular on the success of Internet extensions in users’ own languages – the so called internationalized extensions or IDNs. To date, there are 91 internationalized extensions among the 1172 generic extensions, a relatively low proportion. In country-code Top Level Domains (ccTLDs), the proportion of internationalized extensions is almost three times bigger, representing nearly 20% of the total. ICANN Org promotes this new series by pointing out the opportunity to create new generic extensions in native languages. For its part, the GAC is pushing for greater support for less-favored geographical areas. The intention is to make the new program more accessible to these areas with financial and operational support. ICANN Org has considered an amount of 2 million USD for this item, whereas the GAC estimates that the needs are more in the region of 10-16 million USD. The GAC has indicated that it hopes to be able to support at least 45 applications. 

These considerations obviously have to be set against the costs of a future application for a new gTLD project. On this much-anticipated point, ICANN Org has presented projections based on the number of applications received. While in 2012 there were 1,930 applications leading to some 1,240 delegated extensions, some of which have since been abandoned, we don’t know how successful the next round, which opens in April 2026, will be.

To recover its costs, ICANN Org estimates that the application fee should be 293,000 USD for 500 applications, 242,000 USD for 1,000 applications and 208,000 USD for 2,000 applications. In 2012, the application fee was 185,000 USD. It should also be noted that the median value of application fees submitted is around 259,000 USD.

A partial reimbursement of costs is considered if the costs retained prove to have been overestimated in view of a higher-than-estimated volume of applications. The question has been raised of how to reduce these fees, which means cutting budgets. ICANN Org has indicated that 13 million USD will be allocated to this program over 2025, for example, in staffing costs. As ICANN already has an operating budget that covers its payroll costs, question has been raised if these expenses are not covered twice (by the operational budget and the new gTLD program budget).

DNS abuse: first lessons from the contract amendments

ICANN80 was also an opportunity to take stock of the implementation of contractual amendments by registries and registrars to include remediation obligations for obvious DNS abuses such as phishing, malware or pharming practices. These measures came into force on April 5. ICANN’s Compliance Department reported that it had received 1,558 abuse-related complaints. 1,382 were invalid, either because they were not sufficiently substantiated or documented, or because they fell outside the organization’s scope of action. Some of them concerned ccTLDs (country code Top Level Domains) where ICANN has no jurisdiction. ICANN also reiterated that obvious abuses must first be reported to the registry operators and registrars who manage the concerned domain names.

ICANN80 remained above all a working summit with few announcements even if the new face of the organization was made official, information that nevertheless had been leaked a few days earlier. The appointment of « Kurtis » Lindqvist should not overshadow the fact that Sally Costerton has been acting as interim president of the organization for almost a year and a half now, and that during this time her determination has undoubtedly ensured that some topics move significantly forward, in particular the next series of new generic extensions which is now well underway. Work on implementing the policies and the future bidding applicant guide is progressing, and the bidding window envisaged for April – June 2026 now seems attainable. The range of application fees announced remains imprecise, ranging from 208,000 to 293,000 USD, depending on the volume of applications expected. While internationalized extensions were in the spotlight, it is above all geographical extensions and trademark extensions, the so called dot brands that are the most relevant. They will be an ally in the service of the security, performance and reputation of their owners. A genuine asset in an increasingly complex regulatory and legislative environment where cyber attacks are becoming increasingly sophisticated.  To make a success of your future extension project and benefit from optimized solutions for your online assets, the key is to be well accompanied.

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit

From May 7 to 9, Paris hosted the ICANN Contracting Parties Summit.

The last time Paris hosted ICANN was in 2008 for ICANN32. Sixteen years later, ICANN returns to the French capital for the Contracted Parties Summit. The latter is a special event in the organization’s agenda, as it is not a policy-oriented event like the three annual summits flanked by the edition number (Editor’s note: ICANN79, for example). Before the covid pandemic, ICANN met its stakeholders once a year at a dedicated event. These summits, highly focused on operational aspects, only resumed in 2022 and now only take place every two years.

Over the course of three days, the contracting parties – registry operators and registrars – have the opportunity, during working sessions, to communicate their needs to the organization by directly questioning the ICANN Board of Directors, and to exchange views on common issues. In particular, these meetings provide an opportunity to compare approaches to policy changes and contractual modifications to be implemented, while also taking into account changes in the regulatory and legislative framework. One of the three days was entirely devoted to workshops on the abuses to which the contracts of the contracting parties have evolved in 2024.

Although only 150 to 250 people in total took part in the event, with the public holiday no doubt having a negative impact on attendance, it has to be said that there was plenty to do on the subjects that directly impact the contracting parties.

As a consequence of the GDPR in force since 2018, a perennial policy, the Registration Data Policy has just been promulgated to replace the Temporary Specification. This must be implemented by August 2025. Stakeholders also had to implement two amendments to their contracts with ICANN. The first was a protocol transition from Whois to RDAP (Registration Data Access Protocol). The second concerns abuse, with new obligations that make contractors more accountable in the event of proven abuse. The summit provided an opportunity to hear initial feedback on this major issue, to which some service providers are more exposed than others. To this the legislative framework can be added, in particular the European NIS2 cyber security directive, which will also have a major impact on registries, DNS resolution service providers and registrars.  It will come into force in October of this year. The most advanced countries in terms of transposition into national law, notably Croatia and Belgium, have shown that they are fully in line with the initial text voted by the European Parliament at the end of 2022. And the next round of new generic extensions must be prepared for the next application window announced for April 2026.  

From now on, ICANN will be meeting the Internet community in Kigali, Rwanda, from June 10 to 13, to discuss developments in Internet naming policies. This will be ICANN80.

ICANN78: Ahoy, the ICANN boat sails for 25 years

From 21 to 26 October, Hamburg in Germany, hosted the 78th ICANN Summit, the Internet’s regulatory body. Hamburg, the connected city par excellence and Germany’s leading intelligent city, succeeds Berlin as the second German city to host such a summit. Berlin hosted ICANN2 in 1999. This 78th edition brought together more than 1,600 participants from 175 countries and territories. It also marked the 25th anniversary of ICANN and the 20th anniversary of the Generic Names Supporting Organization (GNSO), the body responsible for policies applying to domain names in generic extensions.

De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023
De Elbschippers at the ICANN78 Welcome Ceremony, on October 23, 2023

ICANN faces new challenges

“On 30 September 1998, ICANN was incorporated as a private, not-for-profit organisation in the State of California”. With these words, Tripti Sinha, the Chair of ICANN’s Board of Directors, began a dense speech at the Welcome ceremony of ICANN78. She reminded us that most of today’s Internet tools, including smartphones, have been developed and launched during this period, and that while “25 years is not much”, “the world has changed remarkably” in the meantime. Today, it is the context of wars and technological transformations, in particular “artificial intelligence and quantum technology”, that constitute major challenges for the multiparty model. To these can be added alternatives to domain names that use the DNS, such as blockchain domains, which are outside the scope of ICANN. These were highlighted at ICANN78. Their protagonists like to call them “domain names”, while others would like to differentiate them by talking about “wallet domains”. ICANN’s interim President, Sally Costerton, made a point of emphasising the word “trust” in her introductory speech. “Trust is a fragile thing” she said, “difficult to build and easy to lose”.

On the subject of trust, Sally Costerton pointed out during the ICANN Board’s question and answer session that significant progress has been made on a number of important issues since her appointment in December 2022. In March of this year, for example, the first international Universal Acceptance Day was held, or how to make the Internet more inclusive and thus closer to the way its users use it. At the ICANN76 summit, also in March, the next series of new generic extensions was confirmed. More recently, the Registration Data Request Service (RDRS), a prototype of the future System for Standardized Access to Domain name registration data (SSAD) for legitimate requests, was launched. And the year 2023 will have seen a concrete proposal to strengthen the means of combating abuse of the DNS after years of fruitless exchanges. A proposal to revise the contracts of registry operators and registrars is currently being put to a vote by the parties concerned, with adoption expected between December 2023 and January 2024.

Registration Data Policy: Let it go let it go

The fact that ICANN represents numerous sensibilities whose interests are often divergent, but also that it operates with consensus as its totem, partly explains why the finish line is often far removed in time from the starting line. The Registration Data consensus Policy has not escaped this reality. This policy is intended to replace a Temporary Specification implemented as a matter of urgency on 17 May 2018, eight days before the General Data Protection Regulation (GDPR) came into force thus to integrate the GDPR requirements into the DNS ecosystem. The Registration Data Consensus Policy is the culmination of phase 1 of a Policy Development Process (PDP) initiated on this occasion. While a final report with a view to its implementation was issued at the beginning of this year, it was ICANN78 that enabled the implementation review team work to be concluded. The blocking point on the wording relating to the deadlines granted to operators to deal with urgent requests for access to registration data in the event of law enforcement, could be removed. The policy, which now has a permanent framework, will now be implemented by the parties concerned, registry operators and registrars.

The next round of new generic extensions

The next round of new generic extensions remained another major topic of this edition. While ICANN is now putting forward the date of April 2026 for the next application window (editor’s note: the previous window took place between January and April 2012), ICANN78 highlighted the progress made in implementing the recommendations arising from the Policy Development Process known as “PDP Subpro” (editor’s note: Subsequent Procedures). Earlier in March, some thirty recommendations had not been adopted by the ICANN Board and had been referred to the GNSO for clarification. Thanks to the work of a Small team, 12 additional recommendations have just been adopted by the ICANN Board, bringing the total number of adopted recommendations to 104. 13 remain in the balance and 7 have been rejected. For the latter, we will now have to assess their impact and consider remedies. The implementation team can therefore make progress on just over 80% of the recommendations arising from the Subpro PDP. The revised guide for future applicants is progressing in line with initial forecasts with at least 18 months to go.

The issue of closed generic extensions and diacritical letters

Considered but not proposed due to a lack of consensus in 2012, then discussed for five years, the topic of closed generic extensions was relaunched in 2022 with a view to a new series of generic extensions. In practice, they would allow organisations under certain conditions to use a generic term (editor’s note: for example .CHARITY) with the same rights as a brand extension. Access to the extension to create new domain names would therefore be very restricted. A year ago, a discussion group comprising the Governmental Advisory Committee (GAC), which represents governments, the At-Large Advisory Committee (ALAC), which represents end-users, and the GNSO was set up to try to address this issue. Last July, they proposed a framework detailing the many aspects to be considered to introduce this new type of extensions. However, at the end of their work, each body sent a separate letter to the ICANN Board of Directors, proof that their positions remained far apart. Barring any surprises, there should therefore be no closed generic extensions in the next round.

Québec, whose .QUEBEC was integrated into the DNS root in April 2014, has also invited itself into the discussions concerning the next series of new generic extensions. In 2012, Québec announced its wish to obtain .QUEBEC as well as .QUÉBEC. Although in the end they only applied for the non-accented version, they had hoped to be able to use .QUÉBEC as well. They were not granted this right because of a risk of similarity. ICANN78 highlighted the fact that perceptions remain different depending on whether or not .QUÉBEC is a variant of .QUEBEC. The pronunciation for French speakers is the same, but the presence of a diacritical letter (editor’s note: letters to which signs such as the acute accent, the grave accent, the circumflex accent, the umlaut are added) makes encoding in ASCII characters different and technically feasible. While their request has little chance of success, it has also served to focus attention on important issues for registry operators, where the answers provided are often ill-suited to their needs.

ICANN78 was ICANN’s last annual summit. All eyes now turn to 2024. A new year is approaching, which may or may not see the conclusion of contractual amendments to registry and registrar contracts, with specific obligations to remedy malicious use, the continuation of implementation work on the next series of generic extensions, the likely launch of an ICANN holistic review or even the prospect of the scheduled Sunset of the Whois protocol in early 2025.

For Europeans and companies operating on European territory, it is the NIS2 directive that will crystallise all attention, as it must be transposed into the national laws of the Member States by October 2024. On this subject, ICANN representatives indicated at the traditional closing Public Forum that the policies for generic extensions are not “in contradiction with the NIS2 directive and that the parties concerned have the latitude to implement measures to comply”. The European Top Level Domain Information Sharing and Analysis Center (European TLD ISAC) is to be commended on this point, as it will be a useful relay in implementing the NIS2 Directive in the domain name industry.

Nameshield, an independent European company that has been ISO 27001 certified since 2017, will comply with the directive and will be keen to help its customers to comply. Nameshield also has the expertise to manage your projects for new generic extensions.

Finally, in terms of leadership, the GNSO, the body responsible for generic extensions, now has a new Council team appointed at ICANN78, while ICANN Org will be appointing a new president in 2024. See you next year.

Image source : ICANN‘s website

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

ICANN confirms DENIC Services as sole ICANN designated registrar data escrow agent

In 2018, ICANN, which is in charge of allocating domain names and IP addresses, confirmed DENIC eG as the data escrow agent for registrars on behalf of the ICANN organization, alongside provider Iron Mountain, which has since been taken over by NCC Group. Five years later, on July 17, following a new call for tenders, ICANN has confirmed DENIC Services as its sole accredited escrow agent for the next five years. A fine recognition for this European player and subsidiary of DENIC eG, which notably manages .DE, Germany’s geographical extension with over 17 million domain names.

Stefan Pattberg, Director of DENIC Services, took the opportunity to answer our questions.

Could you please remind us what the role of a data escrow agent is?

It is important for the stability of the global Internet that domain names are not only being granted but accessible all the time, independently from the financial, operational, or legal status of the managing registrars or registries at a certain time. Obviously, the registration data is an important asset for a registrar or a registry, often the most important one, because it represents the relationship to the customer and is the source of income for the service providers. But it is not only of economic importance. There are also additional policy requirements and even legal regulation like GDPR to consider when handling such data.

The role of the Data Escrow Agent is to ensure that the registration data that is belonging to a domain is always safe and available, even in case that a registrar or a registry in charge of managing a domain are failing. In such a case the mission of the Data Escrow Agent is to release the registration data to another service provider taking on board the role of the previous failed party. That is a very important security feature for domain holders, making sure that their domain will always be available, and the ownership is always certain. If there is no need to release such a deposit, it is the duty of the Escrow Agent to safeguard the registration data according to all relevant policies and regulation in a manner, that there is no risk for the depositor that the data could be lost to a competitor or anybody else not being authorized to access it. Registries and Registrars using Data Escrow are delivering the registration data, daily or weekly, as so-called deposits to the Escrow Agent. A deposit is a composition of all relevant registration data in a special form, highly encrypted and even electronically signed by the sender. The agent validates the deposit. That means the agent checks whether the received deposit is from the right sender, is intact in its full integrity and that the data format is compliant to the international standards. The result of the validation is then being reported to all parties involved, the depositors and the beneficiaries. That creates transparency and transparency creates trust.

In what way is the designation of DENIC Services as the sole ICANN-accredited escrow agent significant from the point of view of data protection and security?

When ICANN started the Data Escrow program well back in 2007, there was only one Data Escrow Agent that has been chosen as Designated Escrow Agent for registrars. Designated Escrow Agent means that ICANN has selected this agent in a very ambitious process, checking the technical, financial, and operational capacities of such an agent, and that ICANN is paying this agent for the service being delivered to the registrars. So, if a registrar is working with a Designated Escrow Agent there should be high certainty about the stability and the quality of the service which is free of charge for the registrar. If the registrar wants to deposit with a non-designated data escrow agent, fees must be paid and the registrar needs to do all the checks, that ICANN is performing during the selection process, on its own.

The sole Data Escrow Agent in 2007 was an US-American company, following the US law and regulation. ICANN saw the upcoming need in 2017 to offer a solution being GDPR compliant. GDPR increased the level of data privacy in advantage of domain holders but raised questions about locations of data storage, transfer of deposits in and out of the European Union etc. After a Request for Proposal process in early 2018 , ICANN decided to nominate a second Designated Escrow Agent which was DENIC. To get the best focus on the service quality for customers, DENIC created DENIC Services as the new service provider for Data Escrow and Anycast DNS services to the Domain Name Industry. That was only five years ago.

As a German company and GDPR on the horizon, we have decided to build the new Data Escrow application with privacy-by-design. The two data centers that we are using for a GDPR-compliant 365 days, 24 by 7 service are within the European Union, one in Frankfurt and the second one in Amsterdam. Since the beginning of DENIC Services it was important, that we proof trustworthiness to our customers, especially in IT security, business continuity and data privacy. We are certified according to ISO27001 and ISO22301. The data centers are operated by DENIC which is having a famous track record in running critical infrastructure without downtime and in a safe and secure manner for more than 25 years. So, I think that using DENIC Services as the sole ICANN-accredited escrow agent takes a lot of worries away from registrars. They can focus on their core business, and we promise that “WE PROTECT YOUR BUSINESS.”

In March this year, ICANN started a new selection process for one or more global Designated Data Escrow Agents. We understood this as a challenge to show that we are not only the best option for those registrars and registries being under the GDPR regime, but even for others that must respect other legislation and data privacy regulation. Hence, we have built a second Data Escrow infrastructure in North Virginia in the USA. That means, registrars and registries have the choice now, where their deposits should be stored. Both infrastructures deliver the same kind of security and safety and run accordingly to the same service level agreements provided by ICANN.

The top reputation that we have in the market today, our track record of annual innovations, and the aspect of being able to give registrars the choice for the location of storage seem to be compelling to ICANN and now we are the Sole Designated Escrow Agent for all ICANN accredited registrars around the globe.

How did you feel about this designation?

We are very proud to be selected for this role which is of high importance for the stability of the global Internet. We see this designation as an appreciation for our hard work over the past five years. We did not only rethink Data Escrow from scratch, but we have also delivered new innovations all the time. We wanted to be the market leader in technology, service quality and customer satisfaction since day one, and we have achieved it. But we also accept this challenge with a certain humility. We know how big the task is and that despite all the preparation, we will experience things that are unplanned and unforeseen. But I’m sure that we have the right attitude, motivation, the necessary expertise and also the joy of serving our customers in our team to cope with it.

Do you think it will help to consolidate the multi-stakeholder model that was initiated by ICANN with the IANA transition completed in 2016?

That is one of the challenges for us. We must proof within the next five years that having one sole Designated Escrow instead of two, ends up with a better service and better results for the community. Having a working multi-stakeholder model in place, which is accepted by almost all parties involved, is a value per se in our today’s world. Is there room for improvement? For sure. We have many ideas how to improve the Data Escrow process and how to get more value out of it. But most of the times, we withdraw new ideas because it seems to be too complicated to come to a conclusion in a timely manner. With all the advantages in having a multi-stakeholder model in place, time is always an issue. If you look at the discussion and the planning around gTLD 2.0, I have the feeling since my beginning, that it is always happening in two years from now, but we are never coming closer to it. Having only one Designated Escrow Agent being in direct communication with all accredited registrars should help us, to re-gain some of the speed that we may have lost.

What are the next steps envisaged by DENIC Services to organise the transition to this new responsibility?

We are planning a transition period of around 12 months which is managed and monitored closely by ICANN. More than 2,500 registrars will join us in that period. This will multiply the number of our customers and the number of domains being escrowed with us. The good news is that we are well prepared for this. As soon as a customer has passed the data escrow change process with ICANN, we send out credentials to the customer for our Data Escrow Control Center. This portal not only delivers all kind of information about the daily business with 365 days, 24 by 7 approach, it offers a new on-boarding feature that puts the registrar in control of the on-boarding and offers a semi-automated process up to the successful delivery of the first deposit to us. For registrar groups or families, we offer a special server-to-server communication via Restful API, so that the technical service provider is controlling the whole on-boarding process in a fully automated manner. These two innovations only have reduced the time needed for on-boarding from weeks to days by purposefully reducing the number of potential error sources.

Registrars that are looking for more information about our service can visit the website welcome-rde.denic-services.de. This website provides answers to the frequently asked questions, offers a lot of information to download and invites to register for the webinars that we are offering for on-boarding.

And not to forget, during all the selection process, ICANN was very much valuing the service quality and was insisting in the expectation to get the same kind of service level for all new registrars that the existing customers are appreciating. We have therefore agreed to double our Data Escrow customer service team which is a huge invest in addition to all the IT development that we have made before. Hence, from October onwards, we will have one customer service teams for all registrars already on-boarded and a second team trained and focused on on-boarding of registrars joining us.

Interview conducted by Nameshield on 18-07-2023.

Image source : Bruno via Pixabay

ICANN77: Concrete progress and the search for a future leader

ICANN77: Concrete progress and the search for a future leader

Last month, the 77th Summit of ICANN, the Internet’s regulatory body, was held in Washington DC. This second summit of 2023 was once again rich in meetings and exchanges, with 90 sessions held over four days.

Here is a look back at the highlights of this event.

Successful outcomes

While ICANN summits have often left a mixed impression due to the multitude of subjects debated and processes made more cumbersome by the consensual approach sought by the organisation, we can welcome the fact that ICANN77 was marked by the successful conclusion of several of them, starting with the Registration Data Consensus Policy.

In May 2018 ICANN hastily applied a Temporary Specification to all stakeholders with a package of measures directly linked to the GDPR that the European Union had just applied. These measures included the masking of personal data in generic domain name registration databases. This set of obligations was intended to be renewable for one year and was to be replaced by a permanent framework. The body responsible for generic name policies, the GNSO, therefore quickly convened a process for developing new policies, a PDP, which was divided into several workstreams. Phase 1 of the PDP concerned the long-term binding framework they were looking for. The result was the Registration Data Consensus Policy, which has now been finalised. This work has been extended because the subject of personal data on domain names overlaps with many other texts (21 policies in all) which have also been revised. While stakeholders will have at least 18 months to apply the new policy, aspects relating to the collection, processing and storage of personal data linked to domain names will be altered.

Phase 2 involves the creation of a standardised system for accessing hidden personal data on domain name contacts for legitimate purposes, such as investigations into cybercrime. This resulted in the creation of a prototype that will be deployed this Fall. Over the next two years, this prototype should enable the organisation to validate whether or not it should develop a permanent global tool. It is therefore a reasonable step, because it is prudent. It would have been risky to develop a particularly expensive global system whose use was uncertain. But this issue is also directly linked to the accuracy of the data. What is the point of requesting access to masked contact data if it is unreliable?

On this subject, ICANN has launched a project in 2021 on the accuracy of registration data. But ICANN came up against the fact that in order to assess the accuracy of the data, it needed a legal basis for accessing the data. This forced the body to put this project on hold last year, when negotiations began to create a Data Protection Agreement between ICANN and the stakeholders.

Two contractual amendments in 2023

On the contractual side, it should be noted that the contracts linking ICANN with the registry operators on the one hand and the registrars on the other are in the process – and this is unprecedented – of being amended twice in the same year. The first revision will come into force next month to organise the transition between the Whois protocol and the RDAP protocol. The second revision, which is about to be put to the stakeholders for a vote, aims to step up the fight against DNS abuse. As far as DNS abuse is concerned, it should be remembered that this subject has long been a staple of ICANN summits, in the sense that it has been debated for several years without ever coming to a conclusion due to a lack of consensus. The need to step up action against these attacks has therefore never been so close to being written into the contracts.

ICANN is looking for its future leader

In another unprecedented development, on 21 December last year, ICANN announced the resignation of Goran Marby, its President. Sally Costerton took on the responsibility and was rapidly appointed Interim President of the organisation. This experienced leader, who already has around ten years’ experience in the organisation, was logically closely watched at ICANN76, but was also well received by the community. She took ownership of the issues very quickly and was very proactive in pushing them forward. ICANN77 was an opportunity to propose a session called CEO Search Committee. The profile of the future president was drawn up, along with his or her eight responsibilities: management of the IANA function, development of new DNS system policies, the program for new generic extensions, strategic management, management of the governance body, commitment and exchanges within the community, management of responsibility and, of course, the role of representative of the body. The perspective given for the appointment of this future face of ICANN is the second quarter of 2024.

The next round of new generic extensions at the centre of attention

As is often the case at ICANN summits, the subject of the next round of new generic TLDs was on the menu for most of the discussions. The fact that the previous application window dates back to the beginning of 2012 is obviously no coincidence. At her first summit as President of ICANN, Sally Costerton made good progress on this issue, with ICANN76 concluding with the ICANN Board adopting 98 of the 136 recommendations arising from the process of developing new policies for the next round. 38 recommendations remain to be clarified, and this work is currently underway, with completion scheduled for the second half of this year.

At the same time, implementation of the other recommendations and revision of the Applicant Guide Book have begun. However, two other subjects complete the picture: the possibility of creating closed generic TLDs, a sort of model similar to brand TLDs but which would be made possible on generic terms, and the revision of policies for internationalised TLDs and domain names, i.e. in native languages. The first subject should soon be put into orbit via a process of development of new policies planned over nearly two years. As for the second, its policy development process could last until November 2025. The organisation’s intention is to bring these two issues to a successful conclusion before the next round.

At the time of the 2012 round of new generic extensions, internationalised extensions and domain names were already being strongly promoted as a vector for the success of this innovative process. However, this was without taking into account universal acceptance, which was still in its infancy and which has fortunately made considerable progress since then. The RDAP protocol for registration data was also already considered as an alternative to Whois to be implemented with the new generic TLD program. However, RDAP is only set to replace Whois after a transition period of 18 months. As for closed generic extensions, they were also considered in 2012 but abandoned due to a lack of consensus. They could finally see the light of day under terms to be defined during the next round. As for abuse of the DNS, another subject that has been debated for years, it is also on the point of leading to additional obligations that will affect registries and registrars alike.

If Nameshield is already offering you solutions to help you deal with infringements of your online assets and your gTLD projects, it should be noted that the obligations incumbent on companies that manage domain names are constantly increasing, but also that with ICANN the issues are almost always resolved in the end.

See you in Hamburg in October for ICANN78.

Image source : ICANN’s website

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Candidate in March 2020 and then in March 2021, the city of Cancun finally had to wait until March 2023 and the end of the COVID pandemic to see a new edition of an ICANN summit in person. 2023, a very important year for the organisation. It will indeed celebrate its 25 years of existence while it is going through a risky period with an interim presidency after the resignation of its former President on 22 December 2022.

ICANN76, Sally Costerton, the new interim president of ICANN, makes her mark

Two women at the head of ICANN

Sally Costerton from the UK, who has been Vice President of Global Stakeholder Engagement (GSE) in charge of stakeholder engagement and awareness of ICANN and its mission worldwide since 2012, has been appointed interim Chief Executive Officer of ICANN following the departure of Goran Marby at the end of 2022. She is supported by Tripti Sinha who serves as ICANN’s Board Chair. Tripti is also Associate Vice President and Chief Technology Officer at the University of Maryland, in the Information Technology Division. This is the first time ICANN has had two women leaders. However, the situation echoes the creation of ICANN. As it was recalled at the opening ceremony, in 1998, when the US government gave ICANN the task of managing the DNS addressing system, a woman also held the position of Chair of the Board. This was Esther Dyson.

While leadership interims are rare at ICANN, this situation led to the organisation of a special session called “The Future of ICANN and the Next President and CEO”. A session where participants would have expected to interact with the new Board. This was not the case, as this session was like a kind of open mic without a direct interlocutor to express expectations towards the new Management of the organisation.

An interim presidency for a governance organisation also means a risky period, especially as there is no shortage of issues to address and the geopolitical context is tending towards increased fragmentation. However, although we do not know how long the interim presidency will last, Sally Costerton quickly made her mark at the start of the summit, when she declared, among other things, “I do not know everything, but I can rely on experts“. These words were reassuring and showed a pragmatic approach.

Transparency tested by experience

ICANN is a well-established organisation, as it has been holding summits for 25 years. The trend in recent years has been for the Supporting Organisations (SOs) and Advisory Committees (ACs) that make up the organisation to move towards greater transparency by opening up almost all their sessions to the participants. The most significant transformation has been in the GAC, the body representing governments, whose sessions were closed for many years before being fully open to all participants. This is an opportunity to salute the work of Manal Ismail, who after nearly six years at the head of the GAC is leaving her place to the Paraguayan Nicolas Caballero. A global tendency, therefore, of a nature to generate confidence, a key value to respond to the more and more numerous detractors of the ICANN governance mode.

But this tendency was reversed during this summit because many sessions were closed, “Closed sessions” to which even some affiliated participants could not have access neither in face-to-face nor in remote. Some of the participants were very upset and did not fail to point this out during the traditional Public Forum which usually closes the week of meetings.

Progress at a forced march?

The consensual approach, typical of ICANN, is both a strength for federating players around new obligations that are adopted, but also a weakness because it considerably slows down the progress of important work.

A striking example is the DNS abuse. Malicious use is indeed a real problem given the damage suffered by the affected Internet users. The GAC did not fail to recall this once again during a session where external experts were invited, such as a representative of the Federal Bureau of Investigation, the FBI. The latter indicated that in the United States, in 2022, more than 800,000 domain names were the subject of complaints causing losses of more than 10 billion US dollars. While the topic of DNS abuse has been a recurring theme at every ICANN summit over the years, it is clear that the consensus has shown its limits. Stakeholders in the GNSO, the generic name policy body, have never been able to agree on a way forward, whether it be a Policy Development Process or contract negotiations to revise stakeholder contracts with ICANN. After recent consultations with stakeholders, the GNSO finally decided on the second option, and the least we can say is that at ICANN76, the will was to reach a result quickly. An amendment to the registry and registrar contracts is being drafted and is expected to be presented in June and voted on by the parties concerned in October.  

The GNSO intends to build on the momentum of another contract amendment being voted on by stakeholders: an “RDAP” amendment. RDAP is an alternative protocol to Whois that provides access to domain names registration data. The outcome of the votes and thus the adoption of these contract revisions remained uncertain at the end of the ICANN summit as different thresholds of participation and favourable votes must be reached.

Partial adoption of recommendations for future rounds of new gTLDs

Another issue that some would like to see move forward more quickly is that of future rounds of new generic extensions. Indeed, the last window for applications for generic extensions dates back to January 2012. Since then, a policy development process has been conducted since 2015 to define a set of recommendations for the holding of new application windows. The Final report of this process was submitted to the ICANN Board in February 2021. In the autumn of 2021, ICANN surprised the community by announcing a scoping phase, an ODP (Operational Design Phase), which ultimately lasted until the beginning of this year. The board had not yet decided on the Final report of recommendations, a prerequisite to be able to start the implementation work of the recommendations. So the new interim president of ICANN was also very much expected on this subject.

And she quickly warned that the time was also for action on this subject: “You will see that things will be clarified” (editor’s note: on the next series of generic extensions), she declared during a session during the week. At the end of the week, at a Board meeting, 98 recommendations from the policy development process were adopted, with a further 38 put on hold as requiring further information. An implementation plan is also expected with a deadline set to 1st of August with a focus on internationalized domain names and extensions that ICANN organisation wants to focus on in future rounds and the need to clarify whether closed generic extensions will be offered.

Comments from NAMESHIELD

We can regret a return to a certain opacity in the decision making during ICANN76 where no less than 25 closed sessions were held. Nevertheless, this is perhaps where the progress made on subjects that were not progressing well came from, such as DNS abuse, a very important subject for NAMESHIELD, which offers several solutions to defend your online assets, and the holding of a forthcoming series of new generic extensions, where NAMESHIELD experts can also accompany you.

The other question was how the new interim ICANN President Sally Costerton, would handle her new role in a risky period for ICANN whose model is also increasingly challenged by States, international organisations and even technological alternatives. On this point, the new president appeared to be proactive, joining words to deeds, as on the subject of further series of new generic extensions. Sally Costerton seems to have already started to trace her way towards a full term CEO role for the organisation.

Image source : ICANN’s website

ICANN75, a dense summit before the ITU plenipotentiary meeting

Barely three months after the ICANN74 summit in The Hague, the one in Kuala Lumpur, 75th edition, has just been held. A second summit in hybrid mode, a mix of face-to-face and remote that claims almost 2000 participants from 112 countries, 60% of which were present on the spot. As if to better exist, two weeks before the particularly important appointment of a new secretary general at the head of the International Telecommunication Union, the technical counterpart of ICANN, ICANN proposed a dense summit. NAMESHIELD looks back over.

The sensitive appointment of a new general secretary at the head of the ITU

During the traditional opening ceremony of the ICANN75 summit, Goran Marby, the current head of the organization said “ICANN must be able to continue its mission for a single Internet“. This remark was referring to concerns about the upcoming appointment of a new general secretary to head the ITU, the UN agency in charge of regulating and planning telecommunications worldwide. After two mandates, the current secretary, the Chinese Houlin Zhao, will indeed give up his place to one of the two candidates in the running to succeed him: Doreen BOGDAN-MARTIN, an American or Rashid ISMAILOV, a Russian. Two candidates and two different visions of governance models as Goran Marby indicates: “One of the candidates wants the transfer of competences from the IETF (the Internet Engineering Task Force develops and promotes Internet standards) and ICANN to the UN“. During another question and answer session with the ICANN Board, the election was again invited in the exchanges since it was question of the increased risks of fragmentation of the DNS and the unique identifiers system if the ICANN missions are entrusted to the States. Later in the week, during a cross session between the ICANN Board and the GAC, the governmental body, the Russian representative of the GAC took advantage of a speech to answer in Russian to Goran Marby’s remarks, explaining that the Russian candidate at the head of the ITU does not want to dismantle the Internet. To better support his remarks he communicated the program of the candidate. Things calmed down at the end of ICANN75 during the traditional public forum, which we can regret that it lasted only one hour, a forum where once again the Russian representative of the GAC took the floor in English indicating that Russia is not against the Internet governance model and that it was necessary to take care to reflect the Russian position with accuracy.

The fragmentation of the ICANN model, a major concern

A sign that Internet fragmentation has become a major concern is that this topic was subject to a dedicated session. An interactive survey among the participants revealed that 53% of them consider that the Internet is already fragmented. The reasons mentioned are, on the one hand, the imbalance observed for access to the Internet from one continent to another, Africa being the least well endowed in this area. Other sources of fragmentation mentioned are the cost of subscriptions, which makes access impossible for the poorest, and the multiplication of laws at the state levels, which in some cases prevent full access to this resource, and in others prevent controlled access.

On the problems of connectivity in the world, Goran Marby emphasized the project “ICANN Ground”, a program under construction that will allow to solicit funds on specific needs. The endowment will come from the auctions of the new generic extensions round of 2012, some 233 million US dollars. Ukraine was the first state helped by ICANN with an emergency aid of 1 million US dollars made available in spring.

Is this good will enough to keep the unique Internet, totem of the organization? Indeed, apart from the political and societal fields, the technical alternatives, the so-called “alternative” roots, notably based on blockchain, have also been mentioned. These add new problems due to the lack of community and inter-community coordination with the DNS players. Name collisions indeed become inevitable.

So, to those who indicate that some actors are tempted to turn away from ICANN because of the length of the processes on the issues to be addressed, the organization answers that it is the price to pay for a community functioning by consensus. And on the subjects in debate, it is necessary to notice that there is no lack of them.

The period of amendments, the failure of the accuracy scoping team

As a sign that things are moving forward, the Registration Data Policy resulting from a revision of the Temporary Specification applied in response to the General Data Protection Regulation (GDPR) is entering its final stretch with implementation scheduled for early 2023. This policy will embed measures applied to registries and registrars on the collection, processing and storage of personal data related to domain names.

The Registration Data Access Protocol (RDAP), which is used to publish domain name registration data in the same way as Whois, will be gradually replaced by Whois from next year, with a transitional phase of 18 months, provided that the majority of stakeholders approve the project during a forthcoming consultation. The idea of introducing additional measures in the contracts of the stakeholders to fight against DNS abuse is also gaining ground.

Other topics are still in development, such as the next round of new generic extensions, which we discuss below, and the Standardized System to Access Data (SSAD), which is intended to standardize access to registration data in the case of legitimate requests. A prototype will be developed over a period of 9 months.

But we could also note what has been described as the “failure” of the Accuracy Scoping Team, a working group that was supposed to evaluate the measures on the accuracy of domain name registration data and to identify the possible policy gaps. Indeed, due to the lack of a legal basis to access the data and thus assess the accuracy of the data, their mission could not be carried out. Their work is therefore stopped.  

A next series of new generic extensions under the impulse of internationalized extensions

The next series of new generic extensions, still in the framing phase, has been mentioned as a response to fragmentation thanks to internationalized extensions, extensions in native language, which allow, according to the words of Goran Marby, “to bring the Internet closer to its users“.  He hopes that the next series of new generic extensions will be “a real success from the point of view of internationalized extensions because the Internet is too often perceived as a Western instrument“. The ICANN Board also mentioned these internationalized extensions as a response to the accelerated concentration of the market because they can help “raise awareness of the need for a diversified ecosystem“. Internationalized extensions should benefit from a new spotlight with the launch next year of the first Universal Acceptance Day, on February 16. This event is intended to mobilize the technical community to take into account this type of extensions and domain names.

Comments from NAMESHIELD

We could fear that with the proximity of this summit with the previous one, hardly three months have passed since the ICANN74, this summit lacks substance because of the lack of time to progress on the debated subjects. In fact, the third and last annual ICANN meeting is usually held at the end of October. It is necessary to notice that ICANN75 has not lacked substance, either on the subjects that were discussed or on the particularly high number of sessions: 167 and things move forward. As some participants have indicated, we can regret a certain lack of interactivity with, for example, a Public forum shortened to one hour and sometimes a bit simplistic answers like Internationalized gTLDs to mitigate the concentration of our sector. On this subject, we can remind that NAMESHIELD is an independent French provider.

If the year 2022 has seen fragmentation become a central topic of ICANN summits, one may wonder if this extremely dense summit, anticipated compared to previous years, did not seek to be perceived as a marker of the usefulness of the ICANN organization in the face of current challenges, a summit placed just before the decisive election of the new General Secretary of the IUT. To the numerous animated sessions in the arcane of the ICANN now makes place the silence to follow this determining designation for the perpetuity of the organization or as to better hold its breath.

ICANN74 between lessons of the pandemic and awareness of the richness of the Internet

Between ICANN66 in Montreal, Canada and ICANN74 in The Hague, Netherlands, thirty-two months and seven summits will have passed exclusively online. In 2020, the prospect of a return to face-to-face meetings was already being discussed under the heading of ‘hybrid mode’, a mixture of face-to-face and remote meetings. The question remained as to when this could be implemented. A more favorable health context was needed, with all the questions posed by covid variants and its repeated waves, and sufficient guarantees of security for the participants, who generally come from the four corners of the world. The 74th edition, which was held last month in The Hague, was finally chosen to experiment the ‘hybrid mode’.

The return of face-to-face meetings with the lessons learned from the pandemic

A return to face-to-face sessions in The Hague, but nevertheless extremely constrained, due to health security. Pre-registration was compulsory for all sessions, with a limited number of places per session. This meant that some sessions were already fully booked well before the summit. The compulsory pre-registration led participants to pre-register for sessions they were not sure they would attend in order to reserve a place. Each participant also had to be able to prove that their vaccination status was up to date. Tests were provided on site as well as temperature taking. Finally, masks and distancing measures were mandatory, hence the limited number of places per session. The organization also decided that everyone should go through the video conferencing medium, including those present on site, an idea that aimed to ensure that all participants could interact equally. For those connected remotely, it was also noted that, as promised, the organization planned shorter sessions, generally not exceeding one and a half hour and very often even one hour. The conditions were therefore met to guarantee safe conditions for those present and good conditions for those connected remotely.

Two ODP processes running in parallel

The subject of the next series of new generic extensions has been discussed in sessions of various bodies. The project is now in the Operational Design Phase (ODP), which consists of an assessment of the risks, tasks and resources required, and which is to be concluded with an Operational Design Assessment (ODA). A related subject, that of closed generic extensions, has entered a new sequence. The principle of a so-called “Small Team”, which includes representatives of the GAC, the body representing governments, the ALAC, which represents end-users, and the GNSO, the body in charge of generic policies, has been validated in order to discuss this subject and see if a compromise can be found to envisage next steps. In the 2012 round, it was not possible to create such extension models. The question is therefore whether such extension models will be possible in the next round. Regarding the ODA, the GNSO, which estimates its publication on 31 October, has mentioned a possible postponement of six to eight weeks due to another ODA that is also mobilizing many people on the creation of a Standardized Domain Name Registration Data Access System for legitimate purposes. The SSAD ODA with contrasting conclusions, particularly with regard to its number of potential users and its particularly high cost, was delivered on 25 January. Its findings are still being evaluated. The next step on this second subject is the creation of a sort of prototype called “SSAD Light” which could be based on technologies mastered by ICANN teams to limit delays and costs. The latter would help to validate or not the implementation of an SSAD with, in this case, a prior implementation phase.

Accuracy of registration data, an important issue

Among the many issues currently being examined, the accuracy of domain name registration data is an important one for Europeans. Indeed, it is the Regulation on the Protection of Personal Data, the GDPR, which has prompted ICANN to call for the removal of personal data from registration directories and which, in turn, explains the aforementioned SSAD project and the accuracy of data. How can we ensure that masked data is accurate?  In October 2021, a Scoping Team began a mission to evaluate the obligations related to the accuracy of registration data. It planned to verify the effectiveness of the accuracy of the data. Their findings were expected in June, but the measurement of effectiveness has been hampered by the difficulty of obtaining the necessary data, which is stored at the registrars. Transmitting all registration data to ICANN for research purposes requires a legal basis. The Scoping Team is thus put on hold.

This is particularly important because, as EURALO, the European part of the At-Large body representing end-users, has pointed out, Europe is about to adopt the NIS2 Directive. The directive is due to be voted on in the plenary session of the European Parliament in September before being published in the Official Journal and transposed in the 27 European states. EURALO recalled that NIS2 provides for specific obligations notably on domain name registration data, storage, access and verification and therefore interferes with the role of the regulator ICANN. Moreover, if specific measures apply only to European providers, this creates a disparity of obligations between players, not to mention that the transposition of the text could be unequal in the states. Accuracy at the ICANN level can help harmonize future obligations for all players regardless of their location.

The impact of regulations and disasters

At ICANN73, which followed the outbreak of the conflict in Ukraine, ICANN had the good idea of creating a session dedicated to geopolitical, regulatory and legislative aspects. This meeting highlighted the risks of fragmentation of the single Internet model advocated by the organization. This meeting was repeated at this summit and allowed to note that the initiatives of the States are increasingly interfering with ICANN’s role as regulator.

EURALO had the good idea of completing this panorama with a session on governance and multipartyism in times of emergency. This session consisted mainly of a round-up of At-Large representatives from different continents. The representative from Ukraine logically started the session. In a moving speech about the tragedy in her country, she reminded us that the Internet infrastructure in her country has been heavily impacted. For the Asia-Pacific region, the representative mentioned the volcanic eruption in Tonga in January 2022, which cut the submarine cables and caused a five-week blackout on the islands. She also mentioned the situation in Myanmar where the Internet has been cut off since a coup in February 2021. The representatives of the two American continents spoke of natural and climatic disasters such as Hurricane Maria in Puerto Rico, which had knocked out telecommunications antennas and the electricity network. For part of the population, electricity and Internet access had been cut off for several months. Finally, the representative of Africa recalled that today at least 60% of Africans do not have access to the Internet.

Our comments

The return to face-to-face meetings was not an easy task for ICANN. While many participants felt that the proposed framework was too restrictive, it seems that the organization worked quite well overall in allowing everyone to attend the sessions fairly. The protection measures also seem to have dissuaded many participants from coming, including the speakers scheduled for the week of exchanges who assumed to participate remotely. Indeed, the figures given by the organization indicate 1817 participants from 101 countries, half of whom attended remotely. A good point for the planet but the limit was the possibility to interact outside the sessions.

On the ongoing policy development and review processes, the sessions during the week of the event reminded us that there are a lot of issues being dealt with in parallel, undoubtedly too many issues. This inevitably makes it difficult to keep track of them and causes delays, such as the two ODPs being conducted simultaneously on SSAD and the next round of new generic extensions. However, the overall feeling is that the topics are moving forward, even if the finish line is often unclear.

The last day provided a break from policy issues as geopolitical and regulatory issues and the impact of disasters reminded us that the governance model and access to the Internet are two particularly fragile critical aspects. While NAMESHIELD offers you solutions to the risks associated with compromised names and malicious registrations, we must also remember that we are not all equal when it comes to accessing the Internet. In addition to stricter legislation, other risks such as armed conflicts or climate change must indeed also be considered.

Image source : ICANN’s website

ICANN73 or the difficult equation of preserving a weakened global model

ICANN73 or the difficult equation of preserving a weakened global model

In recent years, ICANN, the regulator of a “universal resolution” of the Internet for all Internet users, has been confronted with new difficulties that are weakening the body and its model. Its mode of operation has had to be adapted to an unprecedented global pandemic and its model of a global Internet is now being questioned by the growing desire of states to emancipate themselves from it, with the tragic conflict in Ukraine pushing the Urals a little further away from the Rockies. But the difficulties also come from its immediate environment with the rise of alternate roots. It is in this context and following a previous edition marked by tensions around the subjects that make up its topicality and which are struggling to move forward, that the 73rd summit opened with great expectations.

For once, the 73rd ICANN meeting did not kick off on a Monday, the day scheduled for the first working sessions. On Sunday 6 March, ICANN published a communiqué stating that its Board of Directors had decided to allocate an initial sum of US$1 million in financial assistance to support access to the Internet infrastructure in emergency situations in Ukraine. This was a way to launch an edition where the conflict in Ukraine was bound to be on everyone’s mind and in many debates.

The conflict in Ukraine in the background

Indeed, on Monday afternoon the very first plenary session of the summit, that of the GAC, the body representing governments, began with a condemnation of Russia’s actions in Ukraine. Several members of the GAC, including France, took the floor.

Two weeks earlier, Ukraine was hit by the first Russian strikes. Ukraine, through Mykhailo Fedorov, Deputy Prime Minister and Minister of Digital Transformation, asked ICANN to target Russia’s access to the Internet by revoking specific country code top-level domains operated from Russia, revoking SSL certificates associated with the domain names and shutting down a subset of root servers located in Russia. ICANN responded negatively to this request in a letter from Goran Marby, ICANN’s CEO, to the Minister, reminding that ICANN’s mission is to take steps to ensure that the Internet operates in a global and non-politicised manner. ICANN is a neutral body, Goran Marby repeated at the Public Forum that closed the summit.

Prospects for ongoing policy development processes

During the previous ICANN summit, tensions were palpable in certain bodies, especially the one representing the registries, due to policy development processes that have become longer with additional stages such as the ODP (Operational Design Phase) that now intervene between the return of final recommendations and the Board’s vote on them.

The first subject to be affected by the ODP stage is the Standardised System for Access to domain name Data. This system, known as SSAD, has been under discussion for more than three years as part of a policy development process known as ePDP, of which SSAD is part of phase 2. It is intended to return to a more uniform model of access to domain name registration data for legitimate requests. However, the ODP, which has just been finalised six months later than the initial estimated timetable, has highlighted the difficulty of framing this project. The number of users is in fact estimated at between 25,000 and 3 million to address 100,000 to 12 million requests, values that lead to a particularly wide range of implementation and maintenance costs (from 34 to 134 million US dollars) and consequently to access costs for the future system that are very difficult to evaluate, the idea being to finance the system exclusively with access costs. At ICANN73 , a way out was suggested: Create a pilot project to limit the risks, in other words, envisage a small-scale SSAD before considering the next steps.

It has been noted that regarding phase 1 of the aforementioned ePDP there is now a finish line. It is estimated to be completed by the end of 2022. This phase aims to create a perennial policy to replace a Temporary Specification that addressed the GDPR in the domain name eco-system in 2018.

The other major topic is that of a next series of new generic extensions. Let’s remember that the previous series will celebrate its ten years in 2022. Since then, it has been a policy development process (PDP) that stretched from December 2015 to February 2021 when the body representing generic policies, the GNSO, adopted the final recommendations report. Last September the ICANN Board decided to initiate an ODP process that could last until early next year. This topic has been the subject of much criticism as the finish line seems to be getting further and further away, even though it has been ten years since the last round. Nevertheless, one option was discussed at ICANN73, that of starting the implementation work without delay, a proposal that, while it rather displeased the ICANN CEO, was rather positively received by the ICANN Board, which should however only vote on the recommendations of the final report of the PDP process after the end of the ODP.

Geopolitical, legislative and regulatory aspects – a new feature

Among the novelties of this summit was a plenary session devoted to geopolitical, legislative and regulatory aspects. This session provided an overview of the many initiatives coming from institutions such as the United Nations, the International Telecoms Union, the Council of Europe and the OECD, as well as from States such as Russia with its digital sovereignty law and China with its law on cybersecurity and data security. This session also allowed to clarify perceptions such as ICANN’s position on the European NIS2 directive. Goran Marby indicated that ICANN does not have an official position on this issue.

The return of the GDD/GDS summit?

Until 2019, ICANN proposed a more operational summit called GDD Summit in addition to the three policy summits. This was abandoned in the context of the global pandemic and has not been mentioned since. The possibility of relaunching this mechanism was put on the table at ICANN73. There could therefore be a fourth annual ICANN meeting as early as the end of this year, with November being mentioned as a possible date. However, between now and then, there will be ICANN74 in June and ICANN75 in September, two events where the hybrid mode, face-to-face and remote, should be in place.

Nameshield Comments

ICANN 73 was undeniably marked by the conflict in Ukraine. A conflict that paradoxically allowed to find a semblance of unity with the outline of solutions as the fact of allowing the Ukrainian registrars to derogate from the ICANN policies through a device called “extraordinary circumstances” and to recall the ICANN to its fundamentals, an apolitical body working for a global Internet. By mapping out the geopolitical, legislative and regulatory contexts, the body also seems to have realised that the world ahead may make it even more difficult to preserve its model of a globalised internet. The feeling after this summit is that more concrete proposals and perspectives have been given on some of the subjects discussed.

For the next round, it is the threat of alternative roots to the DNS that could give an unexpected boost to the current process. These roots that tend to develop could cause collisions between requests if one day identical TLDs cohabit in two environments, a risk that is all the more increased if ICANN marks the step on a future round. Another risk is to be challenged for the allocation of regulatory TLDs when an identical TLD would exist on an alternate root.

Image source: ICANN’s website