Uncategorized

In our newest article on CircleID, Zak Muscovitch asks: Is there a downside to misusing the UDRP to attempt a domain name hijacking? Read the full article on CircleID

On Friday, November 16th, ICA filed a letter addressed to Göran Marby regarding the .COM Registry Agreement, arguing that ICANN should reject any attempt by Verisign to increase its fees. Higher fees for Verisign are not justified, as demonstrated by the following four key points:

Read the full letter here.

The ICA released a must-read statement on the price increase of .com domains earlier today! Shortly after the National Telecommunications and Information Administration (NTIA)’s recent announcement allowing Verisign to pursue increased .com registry fees, Verisign published a blog post questioning the business practices of registrars and domain name investors. The ICA, on behalf of its registrar and domain name investor members, had previously spoken out against a .com fee increase, as did others in the domain industry. Rather than justify a fee hike, Verisign attempted to shift the community’s attention elsewhere. Yet the issue remains that the fee cap currently in place was put there for good reason: because there was no justification for any increase and because the public needed protection from excessive fees. Higher fees for Verisign are not justified, as demonstrated by considering these four key points:

• Verisign is a provider of technical registry services, it does not own the .com name space;
• Unlike Verisign’s fees, the prices set by registrars and domain name investors are held in check by competition;
• Verisign is already well-paid for its services, as evidenced by its substantial profits; and
• ICANN need not approve fee hikes; on the contrary ICANN ought to assert its right to set reasonable fee levels for its hired registry manager.

Read the full statement here

As the domain name community knows, the ICA has been warning of an impending price hike on .com domain name registrations. We publicized the issue, launched a website to increase awareness of the issue, created a petition that attracted over 2,000 signatures, and advocated for our position directly to David Redl, the head of NTIA, as well as to the Department of Justice, and to ICANN.

We are disappointed to see that Verisign and the NTIA have made a deal to enable potential .com price hikes as well as other changes to the .com Registry Agreement.

The ICA is carefully reviewing this development and will continue to make domain name registrants’ concerns heard, particularly at ICANN which has the ultimate jurisdiction to permit or decline changes to the Registry Agreement.

We thank our members and friends for their support and encourage the domain name community to join us as we continue to advocate for domain name registrants’ rights.

In its letter to David Redl of the NTIA, the ICA urges that the NTIA extend Amendment 32 to the Cooperative Agreement between the Department of Commerce and Verisign, which is set to expire on November 30, 2018. Read the full letter, which was submitted on October 18th, 2018, here.

In its letter submitted to the ICANN board on October 9th, 2018, ICA pointed out the absence of any ICANN oversight over the UDRP such as an office or staff, regular review process, complaints procedure, or contracts with existing UDRP dispute resolution service providers. ICA requests that ICANN includes a budget for such oversight in its current budgeting process. Read the full letter Here: Letter to ICANN Board of Directors – October 9, 2018

Guest post by Greg Thomas

The shot clock is ticking towards expiration of the NTIA-Verisign Cooperative Agreement — yet stakeholders are AWOL on completing accountability safeguards at root of the Internet.

It is remarkable — for all the wrong reasons — that only two months remain before the National Telecommunications and Information Administration (NTIA) must make a fateful decision on how it will address its’ long-standing Cooperative Agreement with Verisign — the private-sector corporation that edits the authoritative address book of the Internet’s Domain Name System (DNS), maintains two of the DNS root servers, and operates the .com and .net registries of the Internet, undoubtedly one of the most lucrative concessions ever granted.

 

Yet, despite representing a unique and singular opportunity to finish the critical task of improving accountability at the root zone of the Internet — and in stark contrast to the herculean effort to develop accountability mechanisms for the Internet Corporation for Assigned Names and Numbers (ICANN) prior to the transition of the Internet Assigned Names Authority (IANA) in 2016 — the much-vaunted global community of stakeholders is deafeningly silent. Whether from fatigue, attention-deficit disorder, or a failure of imagination, the absence of meaningful engagement and public dialogue by AWOL stakeholders is nothing less than dereliction of duty.

To be fair, I’ve spent nearly a decade thinking about this inflection point — perhaps longer and in greater detail than most. By way of introduction, I got my first real taste of the strange world through the looking-glass — that is, Internet governance — when I was recruited by Verisign in 2009 to help design the company’s strategy for renewal of the .net and .com registry agreements in 2011 and 2012, respectively, and with an eye on the horizon for the 2017–18 renewal cycle.

Early in 2010, I delivered a multi-year strategic plan that heavily focused on a long-term effort to build trust with the Internet’s global community of stakeholders and the U.S. Government — an approach that was sorely lacking after years of boorish, heavy-handed and appallingly tone-deaf missteps by the company and its predecessor, Network Solutions. My proposals, which anticipated the possibility that the .com concession was renewed but with constrained pricing, were all but dismissed and I was asked to leave the company not long after, in May 2010.

I was rehired in late 2013, to build a cross-company strategic perspective for the 2017–18 renewal cycle, this time including disposition of the Cooperative Agreement. The hallmark of my second stint at the company was the IANA transition and efforts to ensure that appropriate accountability safeguards were in place prior to removal of ICANN’s “training wheels”: the soft power represented by Uncle Sam’s ability to yank the lucrative, yet zero-dollar IANA procurement contract. In April of 2016, I departed Verisign, this time under my own steam, to focus my energy on other business ventures and my family, which was devastated by the sudden, unexpected loss of my father due to cancer the year before.

While pursuing other ventures, I have continued to observe developments in Internet governance from afar with the expectation that, at some point, there would be some indication of activity by some of the many interests vested in the details of any potential disposition of the Cooperative Agreement.

Yet, crickets.

Over the summer, in an effort to help spur discussion on the topic, I submitted comments for a notice of inquiry by NTIA on “International Internet Policy Priorities.” To my knowledge, the only other comments on the Cooperative Agreement were submitted by the Internet Commerce Association, an industry group representing domain investors. Additionally, GoDaddy offered some thoughts in testimony provided during a Senate hearing around the same time. The lack of focus on this issue quickly turned into a personal sense of alarm, as Summer is turning into Fall, and the calendar continues to march towards November 30th.

During the IANA transition, NTIA and ICANN were adamant that the Cooperative Agreement with Verisign was outside the scope of work required for completion before the procurement contract with ICANN expired. In hindsight, that was probably a wise decision — especially considering that, even without the thorny details of the Cooperative Agreement, the stakeholder community required a temporary extension of the procurement contract in order to complete its work.

To be clear, while a temporary extension may be similarly required here, I do not believe that the same intensity of purpose is necessary to address the disposition of the Cooperative Agreement. Although it is impossible to be certain, due to the mysterious unavailability of the original NSF-Network Solutions Cooperative Agreement, a review of the amendments available on the NTIA website suggests that only this remains relevant: NTIA’s unilateral right to review and amend the .com registry agreement between ICANN and Verisign for the stated purposes of promoting consumer choice and competition in the domain name market.

NTIA has gone to great lengths to assert that its authority is very narrow, but let’s cut to the chase: the ability to effectively set the wholesale price from which a billion-dollar public company derives more than 90% of its’ annual revenue is the very large stick which permits NTIA to speak so modestly. As I stated in my submitted comments, I do not believe it is feasible nor desirable to extend the Cooperative Agreement beyond the time necessary to ensure that a successor mechanism is in place that offers the same or better accountability safeguards for the corporation controlling a vast proportion of the DNS.

In the United States, the regulation of competition is vested in the Antitrust Division of the Department of Justice and the Federal Trade Commission. Both of these agencies are equipped with professionals possessing the experience and expertise to help foster the dynamic competition that best regulates healthy markets. Additionally, both agencies are experienced at negotiating and enforcing consent decrees with private-sector corporations, which is the solution I have previously suggested should be considered as an effective successor to the Cooperative Agreement.

Consider that, in the absence of any meaningful leverage, Verisign need only comply with a small number of technical key performance indicators (KPIs) in order to benefit, in perpetuity, from its’ presumptive right of renewal to this lucrative concession. This will only serve to allow the company to retreat further into a fortress shielded by legal provisions with which it can deflect anyone seeking redress or even basic cooperation beyond what is required for contractual compliance. One need only look at the history that includes the Cooperative Agreement to begin imagining a future without it. Or, consider the justification for the current accountability mechanism, as recounted to me in 2017 by a Clinton Administration official who helped insert this provision into the Agreement, “…time was running out and we weren’t worried about ICANN. We had to do something to keep them (the registry operator) from running away with the Internet!”

I don’t claim to have any monopoly on answers, or even good ideas. However, it is unacceptable to sit idly while one of a very small number of effective accountability safeguards expires. Take issue with me or my views, but I challenge anyone to defend the wisdom of permitting a corporation that controls so much of the core of the Internet to collect their share of Mammon while sitting comfortably behind impenetrable walls constructed from a presumptive right of renewal and a wide moat filled with basic technical KPIs; to argue with a straight face that competition is sufficiently present to regulate the domain name market and its hegemon.

Further complicating matters is the pragmatic reality that, although some have called for it, the .com registry agreement is not likely to ever be put out for open bid. The possibility that a non-US company could win a truly impartial and proper bid process overseen by ICANN is a national security non-starter. And anyone concerned about the global effects that could result from regulating an American company that is subject to U.S. jurisdiction — that is, indeed, a proverbial stone’s throw from the White House — can find ample and recent precedent for regulating entities domestically without being overly concerned about effects in other jurisdictions. Simply look at the EU’s implementation of its’ General Data Protection Regulation, which has largely had the effect of creating global privacy regulation by local fiat. What’s good for the Old World’s goose is just as good for the New World’s gander.

In the end, if so many economically and otherwise vested interests, including domain investors, copyright and trademark owners, law enforcement, new generic Top-Level Domain operators, and others, allow the path to be chosen for them at this crossroads — in effect, to fail to finish the job of ensuring effective accountability safeguards for the last of the two remaining pillars of the original IANA triad — then perhaps we really are through the looking-glass and, as the Cheshire Cat would observe, we’re all mad here.

On July 17, 2018, the Internet Commerce Association (ICA) submitted its feedback to the United States’ Department of Commerce in connection with the National Telecommunications and Information Administration’s Notice of Inquiry on International Internet Policy Priorities.

The message was clear. Two major issues need immediate attention;

1.   Root Zone Management and ICANN’s Inherent Conflict of Interest with the Verisign monopoly on .com domain name registrations; and

2.   Failure of the ICANN Multistakeholder Model to Satisfactorily Address Whois Access and Accreditation in Light of the GDPR Fiasco.

Below is the ICA’s letter to Assistant Secretary for Communications and Information and Administrator, David J. Redl.

____________________________________________________________________________________________________________________________________

July 17, 2018

Honorable David J. Redl

Assistant Secretary for Communications and Information

and Administrator, National Telecommunications and Information Administration

U.S. Department of Commerce

Washington, DC 20230

Dear Mr. Redl:

RE: NTIA Notice of Inquiry (06/05/2018): International Internet Policy Priorities

I write to you on behalf of members of the Internet Commerce Association. Founded in 2006, the Internet Commerce Association (the “ICA”) is a non-profit trade organization representing domain name investors, website developers, domain name secondary marketplaces, escrow service companies, registries, and related service providers.

The ICA is comprised of responsible businesses and individuals who have joined together to improve public confidence in Internet commerce. Based in Washington D.C., the ICA’s mission is to assist with the development of domain name related policy and to advocate for fairness in government policy and regulation.

ICA members own and operate approximately 10 million .com domain names and provide crucial domain name-related services to many thousands of their respective customers. As such, our members play an integral role in the operation and use of the Internet, and an open and secure Internet is of utmost interest to our members.

As interested stakeholders on the NTIA’s international internet policy priorities, we are pleased to provide you with our comments and recommendations pursuant to your above-noted Notice of Inquiry dated, July 5, 2018, on “International Internet Policy Priorities” (the “Notice”). We hope that our comments and recommendation herein will assist you with identifying your policy priorities. We note that you invited comments on the full range of questions presented in this Notice, including on issues which were not specifically raised. Our comments herein are primarily in response to the “Multistakeholder Approach to internet Governance”. To the extent that any of our comments do not directly address the four specific questions raised, our comments are in connection with “other issues which were not specifically raised” but were nonetheless part of your invitation for comments.

Background –A Crucial Role for American Leadership

We applaud your remarks to the Federalist Society Executive Branch Review Conference on April 17, 2018, in Washington, D.C., wherein you stated that “NTIA and the Department of Commerce [are] thinking about the future of American leadership every day”. We also support your aforementioned remarks wherein you stated that the objective must be “to ensure that the Internet is open, secure, and providing maximum benefits to the American people”.

The NTIA has previously expressed its support for the “multistakeholder model” of ICANN governance, and the ICA also generally supports the multistakeholder model. ICANN is fortunate to have thousands of dedicated volunteers, experienced staff, and competent leadership who all work very hard contributing to the multistakeholder model and the ICA is proud of its long-term commitment and contributions to the multistakholder model.

Nevertheless, the NTIA can and must continue to play a role in providing crucial oversight and providing a bulwark against apparent failures of the multistakeholder model in order to protect the Internet and American interests in particular. The ICA sees a need to reform and possibly restructure the multistakholder model in order to enable stronger ICANN leadership so that crucial issues can be addressed in a timely and effective manner, while at the same time enable the multistakholder model to be less subject to capture by the industries which it in effect regulates, and more responsive to and accountable to the public interest.

NTIA has recognized the important role that the United States has to play in protecting and promoting an open Internet and in strengthening the global marketplace for American digital products and services,^[1] and therefore can and should show American leadership in terms of improving the current multistakholder model which is central to an open and strong Internet. In particular, nowhere is the need for American leadership more apparent than with regards to;

1. Root Zone Management and ICANN’s Inherent Conflict of Interest with the Verisign monopoly on .com domain name registrations; and
2. Failure of the ICANN Multistakeholder Model to Satisfactorily Address Whois Access and Accreditation in Light of the GDPR Fiasco.

Multistakeholder Model and NTIA’s Oversight of Root Zone Management and the .com Registry

The multistakeholder model has unfortunately not been effective in preventing Verisign, Inc. (“Verisign”) from using its lucrative monopoly position to continually be rewarded with a ‘no-bid’ contract for the exclusive operation of the .com registry.  Notwithstanding the IANA transition, this is an area where NTIA retains de facto control of important Internet resources. NTIA’s objective in providing “a secure Internet” can be accomplished right alongside NTIA’s objective of “providing maximum benefits to the American people”. Unfortunately, that is not the case now with regards to the .com monopoly and American leadership is required to rectify the situation.

Verisign, Inc. (“Verisign”) has to-date, operated the .com registry in a manner linked to Verisign’s management of the root zone. These two crucial tasks however, need not be inextricably intertwined as the root zone management function is distinct from and can be fully separable from the contractual right to operate the .com registry. Nevertheless, whether root zone management is tied to the operation of the .com registry as it is now, or whether it is separate and distinct, the imperative remains that the NTIA should effectively exert crucial oversight over the .com registry to ensure the maximum benefit to the American people while protecting the management of the root zone.

The ICA recommends that the NTIA show American leadership by taking immediate steps to open the .com registry operation for a competitive procurement process in an effort to lower costs to American business and consumers, as well as millions of Internet users and businesses worldwide. Currently, Verisign is unjustifiably enjoying record and windfall profits as a result of its monopoly over the registration of .com domain names, and this contract need not and should not be tied to the operation of the root zone management functions. A secure root zone management can be achieved while also enabling a fair and competitive business environment that benefits the American people. Left without NTIA oversight and/or the exercise of NTIA influence, ICANN is likely to allow Verisign, to have free reign to set prices in a perpetual no-bid contract.

As NTIA is well aware, Reston, Virginia-based Verisign has been granted a monopoly to operate the .com registry.  There are approximately 133.9 million .com domain names registered. Verisign, a public company with a market capitalization of over $18 billion and net income in 2017 of US $457 million on revenue of $1.14 billion, enjoys a monopoly as the registry operator for all .com and all .net domain names pursuant to a contract with Internet Corporation for Assigned Names and Numbers (“ICANN”).

Verisign’s cost to operate the .com registry has been estimated at less than $3 per domain and possibly less yet it currently charges $7.85 per .com domain per year.  This imposes an unjustified cumulative multi-billion dollar “monopoly tax” on American Internet users.

Verisign’s 2006 contract with ICANN gave it the right to increase .com prices 7% in 4 out of the 6 years of its contract. It agreed to a similar deal with ICANN in 2012, only to have the U.S. Department of Justice step in and say that the new six-year contract shouldn’t have price increases.[2] That fixed the wholesale price of .com domain names at $7.85 per year. On September 15^th, 2016, ICANN’s Board approved the extension of Verisign’s .com agreement and simultaneously approved an extension of the existing $7.85 ceiling on .com wholesale prices through 2024. The wholesale price is the price that Verisign charges registrars such as Arizona-based Godaddy, the world’s largest domain name registrar.

Any increase in the .com wholesale cost would be passed along to American consumers and businesses at the retail level. Notwithstanding that price cap extension, the wholesale pricing of .com domains could be revisited by ICANN and Verisign if NTIA does not extend a separate Cooperative Agreement currently in force through November 30, 2018, or alternatively, does extend it but with a different pricing control, or even allows ICANN and Verisign to renegotiate without NTIA oversight.

The massive scale of this problem cannot be understated. If Verisign were to be permitted to exploit its monopoly by raising prices by 10%, it would result in hundreds of millions of dollars in additional windfall profits from its monopoly, on the backs of American businesses and consumers. This in turn would cause tremendous economic harm to American consumers and businesses who have little choice but to continue to register their .com domain names in the absence of any recognized satisfactory alternative to the dominant .com gTLD.

The fact is that .com domains are considered the global standard for online branding.  The market value of .com domains reflects that .com domains are perceived differently from any other extension.  A .com domain will have a market value at least ten times higher than a corresponding domain in a different extension.  This demonstrates that the market perceives other domain extensions as qualitatively different from .com.  In effect, a .com domain is a different product from a domain in another extension, and it cannot be substituted without a substantial loss of utility.  The availability of other extensions does not therefore serve as a constraint on .com’s pricing power. The dominance of .com is demonstrated by 93% of the top 50 US websites operate from a .com domain.  The three top sites that aren’t listed under a .com domain (wikipedia.org, craigslist.org and att.net) still have the corresponding .com domain out of necessity.

The power of .com is recognized in the start-up community.  According to venture capitalist Paul Graham, “The problem with not having the .com of your name is that it signals weakness… a marginal domain suggests you’re a marginal company.” Despite any so-called competition from new gTLD extensions, the growth in registrations of .com domains far outpaced that of the new extensions.  The arrival of hundreds of new gTLD’s has had little discernable impact on the market dominance of .com domain names.

According to Verisign’s own 2018 Domain Name Industry Brief, the .com domain name base totalled approximately 133.9 million domain name registrations, and combined with the 14.4 million .net domain names which Verisign also operates as a monopoly, Verisign experienced an increase of 4.6 million total domain name registrations, or 3.3% year over year. Compare this with new gTLD domain name registrations which were a mere 20.3 million and experienced a net decrease of 400,000 domain name registrations or 2%. Clearly, market conditions remain extraordinarily favourable to Verisign, with new gTLDs having no appreciable impact on .com registration rates and posing no significant competition whatsoever.

Furthermore, even if there were any factors which negatively affected Verisign’s market conditions, a decrease in the .com price would be expected in order to increase demand.  Yet in the absence of market constraints on .com prices, any attempt to raise prices would constitute an entirely unjustified monopoly tax on those Americans using .com domains, and who are unfortunately a captive market of a large and powerful monopoly.

Verisign’s cost to operate the .com registry has been estimated at less than $3 per domain and possibly less, yet it currently charges $7.85 per .com domain per year. What is even more outrageous, is that in 2017, Verisign’s operating margin was 60.7%. It made $447 million in net profits on revenue of $1.17 billion. Verisign’s stock price has tripled in the last five years, with investors no doubt happily counting on Verisign to continue reaping outrageous profits from Internet consumers and businesses under and entirely unjustified monopoly.

The NTIA should therefore show American leadership and stand up for American consumers and American business – as well as the millions of foreign Internet users and businesses – who are being preyed upon by Verisign’s monopoly. The operation of the .com registry can and should be operated by an operator who is eager to take on the contract but is willing to offer substantially lower .com pricing. Given the tremendous windfall profits that Verisign has to-date enjoyed, this is easily achievable for an operator in a competitive environment. The operation of the .com registry should be put out for tender, separate and apart from the operation of the root zone management functions. American companies such as Google, Amazon, and Neustar, are all likely able to provide competitive bids for the same or better operation of the .com registry at the same or lower cost, thereby ensuring that the crucial .com registry remains operated in America.

It may be that as a result of competitive bids, Verisign is forced to lower its prices but is able to be the successful bidder, and that would also be a success for the NTIA and American consumers and business. There is no doubt that Verisign or another qualified operator can continue to offer stable and secure .com registrations while charging reasonable prices instead of exorbitant and outrageous price gouging. Moreover, NTIA should follow the example of .us, which was subject to a competitive procurement process[3], as well as the examples of .au and .fr.[4]

With the potential expiry of the Cooperative Agreement and its potential extension on November 30, 2018, the time is now for the NTIA to step in and ensure fair pricing for .com domain names, which form the bedrock of the Internet.

Left without crucial American leadership and oversight on the contractual right to operate the .com registry, ICANN is susceptible to catastrophic conflict of interest to the detriment of American Internet users and businesses. ICANN receives an estimated $34 million a year from Verisign after having “renegotiated” with Verisign in 2012 for an extension of the .com Registry Agreement. Without NTIA oversight over this crucial contract which has to-date been a “no bid” contract, ICANN – which is facing serious financial challenges as a result of expanding its mandate and financial mismanagement – would be permitted to once again strike a deal with Verisign wherein Verisign would self-servingly pay ICANN more than the current $0.25 per .com domain name registered in a “quid pro quo” for being able to unjustifiably jack up the price of .com domain names to the public. That would assist ICANN with its self-created financial issues and would more than satisfy Verisign who would have a free hand to reap untold profits through its monopoly. But crucially, there would be no one looking out for Internet users and businesses.

The Internet community must look to the NTIA for relief and to stand up for an open, secure, and fair Internet that encourages Internet business and which does not allow one company to reap outrageous and disproportionate financial gains behind closed doors with a no-bid contract under the apparent auspices of ICANN’s multistakeholder model, with little accountability and ICANN’s natural and apparent financial self-interests. If the NTIA wants to demonstrate American leadership for the benefit of Americans and for the world Internet community at large, there is no better place than with .com pricing.

Failure of the ICANN Multi-stakeholder Model to Avoid the GDPR Crisis

As you correctly pointed out in your testimony to the Senate Commerce, Science and Transportation Committee on June 13, 2018, the NTIA is justifiably “concerned that the security and stability of the Internet is being inadvertently compromised by pressure to comply with the European Union’s General Data Protection Regulation (GDPR)”. As you pointed out in your testimony, Whois information is critical for law enforcement, cybersecurity, intellectual property enforcement, and consumers looking to ensure the legitimacy of websites.

But access to Whois information is also critical for the domain name investment industry, which is a multimillion dollar industry as evidenced by the massive secondary domain name markets operated by Sedo and Afternic, and also by established domain name escrow services providers such as Escrow.com. The companies which conduct hundreds of millions of dollars of domain name purchase and sale transactions, rely upon access to Whois records for consumer protection by verifying registrant details and ensuring that transactions are bona fide.

In addition, numerous professionals including but not limited to established domain name brokerages such as Media Options, auctioneers such as Heritage Auctions, law firms such as Dentons, IP consultants such as Marksmen and BrandIT, and investigators such as Kroll, all rely on Whois records for a multitude of crucial tasks in the public interest on a daily basis. These crucial tasks include but are not limited to validating website and domain name ownership to ensure transparency and accountability for commercial activity and transactions, conducting forensic portfolio audits and domain name portfolio appraisals, broker and legal due diligence including chain of title examination via historical Whois records, investigating and reporting on fraudulent use of domain names and online abuse, asset investigation and recovery, and identifying parties to prospective civil proceedings. Journalists and researchers also rely on Whois to protect against corruption, inform the public, and for academic analysis. Accordingly, such entities have a legitimate interest in access to the Whois and such access is crucial for American Internet users and businesses.

Despite the crucial public interest in maintain open access to the Whois database, ICANN failed to provide any one of several possible solutions which would have avoided GDPR effectively destroying Whois as we know it, such as the following potential solutions;

a) preemptively lobbing for a GDPR that expressly recognizes that the Whois a crucial public database that should be accessible in the public interest;

b) requiring the consent of registrants in registration agreements, to processing and publication of their Whois data;

c) standing up for an interpretation of the GDPR which would provide continued and unimpeded access to the Whois, like EU countries did for their own corporate and trademark databases; or

d) create an accreditation and access model available immediately upon the implementation of GDPR on May 25, 2018.

Instead, and despite years of notice, ICANN’s multistakeholder model somehow failed to protect American Internet users and businesses who rely upon the Whois. Even after failing to stop GDPR from being drafted in a manner which outrageously fails to take into account the important public interest in Whois, it was still within ICANN’s mandate and ability to at least fight for a restrictive interpretation that inter alia; a) did not purport to apply GDPR to legal persons as opposed to natural persons; b) which did not purport to consider email addresses as personal data; and c) and which did not put pressure on registrars to treat all non-European data personal data as ‘European personal data’ out of fear of inadvertently including European personal data in the Whois.

Now, ICANN has unfortunately been left scrambling to create a temporary Whois data model for its accredited registrars, but which fails to provide for any immediate accreditation and access model. In fact, the ICANN Business and Intellectual Property Constituencies, recognizing the urgency of the matter, presented a proposed model to ICANN for accreditation and access which recognized and addressed the requirement that these kind of entities amongst others, receive access, but ICANN failed to adopt or implement it, and instead embarked on a long but “expedited” policy development process to ostensibly create a long-term Whois model for all registrars, but this will likely at least take a year, and in the meantime legitimate users of the Whois are left without the tools that they rely on. This is a regrettable failure of the multistakeholder model, and this failure demonstrates the need for NTIA to show American leadership in improving it for the benefit of everyone, including American Internet users and businesses.

Although we applaud the NTIA’s efforts to continue pushing for the preservation of the features that make the WHOIS service valuable to Internet stakeholders, including through its role in the GAC, stronger measures are likely required to be taken to ensure immediate access to Whois by Americans with legitimate interests. If ICANN’s multistakeholder model is ill-equipped to exert pressure and influence on the EU, or if ICANN’s multistakeholder model is unable to take effective and immediate action to create a Whois accreditation and access model as appears to be the case, the NTIA must step up and protect American interests and the interests of all those worldwide that have fallen under the heavy and ill-advised hand of the EU’s GDPR. American Internet users and businesses who have enjoyed and relied upon access to Whois in the public interest, should not be subjected to foreign laws under penalty of heavy fines and prosecution by foreign nation states, and NTIA should push for measures that enable American registrars to continue to collect, process, and make available complete Whois records, in the public interest.

We would be pleased to discuss our comments with you at your convenience.

Yours truly,

INTERNET COMMERCE ASSOCIATION

per: Zak Muscovitch

General Counsel, ICA

[1] See; Assistant Secretary Redl’s testimony to the Senate Commerce, Science and Transportation Committee on June 13, 2018, at Page 6.

[2] See, “Verisign CEO discusses 2018 .com contract renewal and price increases”, Domain Name Wire, December 2, 2015.

[3] See; https://www.ntia.doc.gov/other-publication/2014/contract-operate-us-country-code-top-level-domain-awarded-neustar

[4] See https://www.auda.org.au/news/afilias-chosen-to-supply-au-registry-services/, and also see; https://www.afnic.fr/en/about-afnic/news/general-news/2782/show/afnic-awarded-fr-management-after-competitive-tender.html