PDP Archives - Cybersecurity, intellectual property and domain names news

ICANN73 or the difficult equation of preserving a weakened global model

In recent years, ICANN, the regulator of a “universal resolution” of the Internet for all Internet users, has been confronted with new difficulties that are weakening the body and its model. Its mode of operation has had to be adapted to an unprecedented global pandemic and its model of a global Internet is now being questioned by the growing desire of states to emancipate themselves from it, with the tragic conflict in Ukraine pushing the Urals a little further away from the Rockies. But the difficulties also come from its immediate environment with the rise of alternate roots. It is in this context and following a previous edition marked by tensions around the subjects that make up its topicality and which are struggling to move forward, that the 73rd summit opened with great expectations.

For once, the 73rd ICANN meeting did not kick off on a Monday, the day scheduled for the first working sessions. On Sunday 6 March, ICANN published a communiqué stating that its Board of Directors had decided to allocate an initial sum of US$1 million in financial assistance to support access to the Internet infrastructure in emergency situations in Ukraine. This was a way to launch an edition where the conflict in Ukraine was bound to be on everyone’s mind and in many debates.

The conflict in Ukraine in the background

Indeed, on Monday afternoon the very first plenary session of the summit, that of the GAC, the body representing governments, began with a condemnation of Russia’s actions in Ukraine. Several members of the GAC, including France, took the floor.

Two weeks earlier, Ukraine was hit by the first Russian strikes. Ukraine, through Mykhailo Fedorov, Deputy Prime Minister and Minister of Digital Transformation, asked ICANN to target Russia’s access to the Internet by revoking specific country code top-level domains operated from Russia, revoking SSL certificates associated with the domain names and shutting down a subset of root servers located in Russia. ICANN responded negatively to this request in a letter from Goran Marby, ICANN’s CEO, to the Minister, reminding that ICANN’s mission is to take steps to ensure that the Internet operates in a global and non-politicised manner. ICANN is a neutral body, Goran Marby repeated at the Public Forum that closed the summit.

Prospects for ongoing policy development processes

During the previous ICANN summit, tensions were palpable in certain bodies, especially the one representing the registries, due to policy development processes that have become longer with additional stages such as the ODP (Operational Design Phase) that now intervene between the return of final recommendations and the Board’s vote on them.

The first subject to be affected by the ODP stage is the Standardised System for Access to domain name Data. This system, known as SSAD, has been under discussion for more than three years as part of a policy development process known as ePDP, of which SSAD is part of phase 2. It is intended to return to a more uniform model of access to domain name registration data for legitimate requests. However, the ODP, which has just been finalised six months later than the initial estimated timetable, has highlighted the difficulty of framing this project. The number of users is in fact estimated at between 25,000 and 3 million to address 100,000 to 12 million requests, values that lead to a particularly wide range of implementation and maintenance costs (from 34 to 134 million US dollars) and consequently to access costs for the future system that are very difficult to evaluate, the idea being to finance the system exclusively with access costs. At ICANN73 , a way out was suggested: Create a pilot project to limit the risks, in other words, envisage a small-scale SSAD before considering the next steps.

It has been noted that regarding phase 1 of the aforementioned ePDP there is now a finish line. It is estimated to be completed by the end of 2022. This phase aims to create a perennial policy to replace a Temporary Specification that addressed the GDPR in the domain name eco-system in 2018.

The other major topic is that of a next series of new generic extensions. Let’s remember that the previous series will celebrate its ten years in 2022. Since then, it has been a policy development process (PDP) that stretched from December 2015 to February 2021 when the body representing generic policies, the GNSO, adopted the final recommendations report. Last September the ICANN Board decided to initiate an ODP process that could last until early next year. This topic has been the subject of much criticism as the finish line seems to be getting further and further away, even though it has been ten years since the last round. Nevertheless, one option was discussed at ICANN73, that of starting the implementation work without delay, a proposal that, while it rather displeased the ICANN CEO, was rather positively received by the ICANN Board, which should however only vote on the recommendations of the final report of the PDP process after the end of the ODP.

Geopolitical, legislative and regulatory aspects – a new feature

Among the novelties of this summit was a plenary session devoted to geopolitical, legislative and regulatory aspects. This session provided an overview of the many initiatives coming from institutions such as the United Nations, the International Telecoms Union, the Council of Europe and the OECD, as well as from States such as Russia with its digital sovereignty law and China with its law on cybersecurity and data security. This session also allowed to clarify perceptions such as ICANN’s position on the European NIS2 directive. Goran Marby indicated that ICANN does not have an official position on this issue.

The return of the GDD/GDS summit?

Until 2019, ICANN proposed a more operational summit called GDD Summit in addition to the three policy summits. This was abandoned in the context of the global pandemic and has not been mentioned since. The possibility of relaunching this mechanism was put on the table at ICANN73. There could therefore be a fourth annual ICANN meeting as early as the end of this year, with November being mentioned as a possible date. However, between now and then, there will be ICANN74 in June and ICANN75 in September, two events where the hybrid mode, face-to-face and remote, should be in place.

Nameshield Comments

ICANN 73 was undeniably marked by the conflict in Ukraine. A conflict that paradoxically allowed to find a semblance of unity with the outline of solutions as the fact of allowing the Ukrainian registrars to derogate from the ICANN policies through a device called “extraordinary circumstances” and to recall the ICANN to its fundamentals, an apolitical body working for a global Internet. By mapping out the geopolitical, legislative and regulatory contexts, the body also seems to have realised that the world ahead may make it even more difficult to preserve its model of a globalised internet. The feeling after this summit is that more concrete proposals and perspectives have been given on some of the subjects discussed.

For the next round, it is the threat of alternative roots to the DNS that could give an unexpected boost to the current process. These roots that tend to develop could cause collisions between requests if one day identical TLDs cohabit in two environments, a risk that is all the more increased if ICANN marks the step on a future round. Another risk is to be challenged for the allocation of regulatory TLDs when an identical TLD would exist on an alternate root.

Image source: ICANN’s website

ICANN72, between prioritisation needs and fragmentation risks

At the end of October, the 72nd ICANN summit was held, devoted to the development of policies that impact the domain name system (DNS) and the global Internet community. As already announced during the past summer, this latest annual meeting was to be held by videoconference in the time zone of Seattle in the United States. “Sleepless” were therefore not in Seattle but rather in Europe.

The thorn in the side of the next round of new generic extensions

A month before this summit, ICANN announced the schedule for the Operational Design Phase (ODP) for one of the most anticipated topics by the contracting parties: the organisation of a future round of applications for new generic extensions. The ODP is a new mechanism now linked to the policy development process (PDP). It is similar to a project scoping exercise as it aims to identify the steps, risks, costs and resources to be allocated to implement a project, in this case a new round of generic extensions. The PDP was conducted between 2015 and 2020, with the submission of a final recommendations report to the ICANN Board in March of this year. However, it is not until February 2023, almost two years later, that the Board should consider these recommendations, the time to let the ODP conduct. Indeed, ICANN confirmed before the opening of ICANN72 that this scoping phase should last sixteen months in its entirety, including ten months for the conduct of the ODP, three months upstream to initiate the latter and in particular to constitute the teams that will conduct it and three months downstream to conclude the work. This timetable surprised many of the contracting parties and gave rise to much discontent. These discontents were particularly expressed through the Brand Registry Group that represents and promotes the interests of its members, dotBrand owners. For most members, things are not moving fast enough and the ODP would even be partly useless since some aspects overlap with the work already conducted during the previous PDP. Another aspect pointed out was the cost of the ODP estimated to $9 million, which is not a small amount.

The clouds are gathering as are the processes underway

As the other sessions scheduled during the week-long summit progressed, it was clear that the clouds continued to gather in the weather of ICANN’s policies. For example, the announcement of the launch of an expedited policy development process (ePDP) to review the Uniform Domain-Name Dispute Resolution Policy (UDRP), which allows for the recovery of disputed domain names, caused a great deal of misunderstanding, given that a review of all rights protection mechanisms (RPMs) has already been conducted between 2016 and 2020 and its final recommendations have not yet been examined by the ICANN Board. Now this review to validate the recommendations is scheduled to take place at best in the summer of 2022, by which time the aforementioned ePDP should be finalised. This example illustrated the gap that is being created between the community’s expectations for decisions and ICANN’s decision-making bodies, which seem to be overwhelmed by the policy negotiation processes that are piling up and stretching out over time, risking rendering decisions obsolete if they are made too late. According to some participants, this even affects ICANN’s ability to continue to carry out its mission as set out in its founding documents: To preserve and enhance the operational stability, reliability, security and global interoperability of the Internet.

“Prioritisation”, the word is out

On the first day of the sessions, ICANN CEO Goran Marby defended himself against the idea that the Board was slow to make decisions. He pointed out that the Board had recently examined 228 recommendations from the Competion Consumer Choice & Consumer Trust (CCT), which had just conducted a review to assess the extent to which the expansion of generic TLDs, gTLDs, had promoted competition, consumer confidence and consumer choice. 166 have been approved to date, 44 placed on hold and 18 rejected. Many of these measures are correlated with research and data collection to better understand market trends for new gTLDs.

Goran Marby also justified the delays in decision-making by the large number of ongoing and overlapping issues and by the fact that ICANN sometimes needs additional expertise to make decisions. In response to the criticisms, he also indicated that ICANN is now working on some form of prioritisation, a wish expressed by NAMESHIELD that seems to have been heard. However, Marteen Botterman of the Board nuanced this by specifying that prioritisation is not the Board’s responsibility, as it must ensure that the multi-stakeholder model is respected and must therefore maintain a certain neutrality on the subjects submitted to it.

A risk of fragmentation

From an organisation that has difficulty in making decisions, to its questioning, there is only one step. From the first day of the sessions, Goran Marby, who was particularly involved in the exchanges, spoke of “threats to ICANN”. ICANN is working on a risk management framework for the organisation. He also spoke of the need to talk more closely with governments as the current governance model is being challenged. Indeed, one only has to look at Russia to see that in November 2019, the Russian government introduced new regulations that create a legal framework for centralised state management of the internet within Russia’s borders. Russia has also proposed to hand over the management of the root servers to BRICS (Brazil, Russia, India, China and South Africa) member states. Proof that the States are going on the offensive in terms of their legislation, recent European directives also have an impact on the governance model, such as the General Data Protection Regulation (GDPR) and the forthcoming NIS2 (Network and Information Systems) directive, subjects which were also recalled at the summit. In China, for example, a law strengthening controls on digital services operated in China has just been adopted.

The failure of the ICANN governance model, if confirmed, could lead to a fragmentation of the DNS as we know it today, a fragmentation which takes shape as ICANN becomes bogged down in sterile debates. This summit has highlighted that the community and ICANN leadership have identified this major risk. The challenge for the future is to address it. We will watch the next ICANN summit scheduled in March 2022.

The observation that DNS regulation policies are bogged down, particularly at ICANN72, was widely shared by NAMESHIELD well before this summit. In particular, NAMESHIELD had expressed the need to prioritise topics in agreement with the community during the ICANN72 preparatory sessions. NAMESHIELD, which participates in working groups working on recommendations in the context of the periodic reviews conducted by ICANN, also advocated for re-enchanting voluntary work and helping diversify representatives in these working groups, in particular from small structures. Indeed many volunteers are now overwhelmed by the increasing volume of topics to be considered as the processes accumulate and decisions do not follow. New participants are discouraged from taking an interest in these topics by lengthy and cumbersome processes.

Image source : David Mark via Pixabay

ICANN66 at Montreal – A contrasting summit

During the first half of November, the 66th ICANN Summit was held in Montreal, Canada. This third and final annual summit devoted to policies applicable to Internet naming was eagerly awaited as the topics under discussion are numerous. At its closing, however, it left many participants a little bit disappointed.

A preview of the topics and postures during the weekend before the official launch of the Summit

The weekend before the official opening of the Summit is usually an opportunity to get an overview of the topics and postures involved. Not surprisingly, the expedited Policy Development Process (ePDP) which aims to develop a consensus rule to specify future conditions of access to personal data that are no longer published in the WHOIS, the domain name search directory, due to GDPR, is one of the major topics.

Among other related topics, the replacement of the same WHOIS by the RDAP (Registration Data Access Protocol) probably next year for generic domain names. This replacement is not insignificant when we know that WHOIS has been in use for nearly 35 years.

The body representing governments, the GAC, has weighed up the issue of domain name abuse, which has taken off considerably on the new generic extensions launched in 2012. When we know the rise of Internet practices aimed at weighing on elections in certain countries and the economic impact of computer attacks and hacking, we understand that this subject is being pushed by the GAC. While one of ICANN’s topics is to clarify in their texts the notion of malicious uses, this term refers to domains registered for phishing, malware, botnets and spam, the other part concerns the means to stem them. The existence of abusive domains indeed threatens the DNS infrastructure, impacts consumer safety and threatens the critical assets of public and commercial entities. Finally, and not surprisingly, the subject of a future round of new generic extensions has also been on many lips.

ICANN66 at Montreal - A contrasting summit — *Cherine Chalaby at the ICANN Summit held in Montreal*

“The best ICANN summit”, really?

During the traditional opening ceremony, which brings together all the guests for one hour (2500 according to Goran Marby, ICANN CEO) in a huge room to listen to various speakers, including Martin Aubé of the Quebec Government’s Ministry of Economy and Innovation, Cherine Chalaby, one of the ICANN Board members whose term ends at the end of the year, told his audience that ICANN66 would be the “Best ICANN summit”. It must be said, however, that at the end of the week of debates and meetings, which followed one another at a sustained pace, while the subjects under discussion are really numerous, the feeling regarding this assertion was more than mixed for many participants.

First, the expeditious process for access to WHOIS non-public data is progressing with a framework constrained by ICANN and the Personal Data Protection Authorities. The outcome of this process is envisaged between April and June 2020 and it is currently a centralized model where ICANN would allow the future lifting of anonymity of data that are now masked due to GDPR which holds the line.

Then the subject that was probably most often mentioned during this new summit week concerned abuses with domain names. For ICANN, the subject is central because it is directly correlated to its totem: the stability of the Internet for which they are the responsible. Since February 2019, ICANN has been publishing some metrics on malicious practices identified through DAAR, their Domain Abuse Activity Reporting.

Their latest report presented in Montreal shows that 364 extensions (mainly new generic extensions from the 2012 round) revealed at least one threat posed by one of the domain names activated on these extensions. More worryingly, new generic extensions would still account for nearly 40% of malicious uses, compared to 60% for historical generic extensions. This figure should be highlighted with the volume of these two categories of extensions. Indeed, out of just over 200 million generic names, new generic domains represent only 15% of the total number of registered names. ICANN therefore wants this subject to be taken up by the entire community present in Montreal.

Proposals were made by the various bodies present, some of which went so far as to request a policy development process (PDP). This last proposal, if it were to obtain ICANN’s approval, would have the unfortunate consequence of postponing the hypothetical schedule for a next round of new extensions, a subject that interested many of the guests present in Montreal. Indeed, for ICANN, the problem of the concentration of malicious practices in the new generic extensions must be solved before any future round, so that the PDP still in progress on the review of the last round of 2012 has gone almost unnoticed.

If the rules are slow to evolve on malicious uses, your Nameshield consultant can already provide you with adapted solutions to your needs on this key matter.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ppwp_wp_session	30 minutes	No description
visit	30 minutes	No description