1) ICANN60 Recap: ICANN Board Crashes The Party in Abu DhabiICANN Board Suspends SSR2 Review Team Work on October 28:
ICANN Meeting 60 - GNSO Working Session: (10/29/2017 02:55): Keith Drazek (RySG): "The scope of the SSR2-RT is pretty clearly detailed in the new, post-transition ICANN bylaws."... GNSO Chair James Bladel: "it's an open question whether the ICANN Board can pause the work of the SSR2-RT" ... Wolf Ulrich: "nobody understands what the Board's problem with the SSR2-RT is" ... Michele Neylon: "it would be helpful to get clarity" ... Chat (10/29/2017 03:00) --Keith Drazek (RySG): For additional context, prior to the IANA Transition, the Review Team members were appointed by the ICANN CEO and GAC Chair. Post-transition, the SOs and ACs are responsible for the appointment of RT members. Also, if I'm not mistaken, the SSR2-RT recommendations are binding and the Board is obligated to accept them. It appears there's some discomfort with these parameters. Susan Kawaguchi: Can we deny the request? and move on?
ICANN GNSO Council Meeting, 1 Nov 2017(pdf): "Okay. Then let's move on to Agenda Item Number 5 ... Agenda Item Number 5 is a discussion on the SSR2 review team, which if you had told me a week ago that I would have been speaking more about SSR2 than GDPR, I would have probably laughed at you. But that's exactly how it went down this week."--GNSO Council Chair James Bladel.Editor's note: Out of the gate, ICANN's Board of Directors, on the first day of ICANN60, Oct 28, took the unprecedented and questionable action of suspending the work of the Security, Stability, and Resiliency Review Team appointed by ICANN AC/SOs' Chairs as mandated by ICANN's bylaws Article 4. Section 4.6, and it became the lingering lead issue of ICANN60 throughout the entire meeting, including the last day, notwithstanding pending pressing issues of complying with EU's GDPR by next May, next steps in dealing with the contentious issue of new gTLD .AMAZON, ICANN's U.S. jurisdiction and the implications of OFAC brought up in the course of Accountability WS-2's work, and a myriad of other issues expected by stakeholders to be the focus of their work this past week at ICANN60.
On the last day, Friday, Nov 3, 2017, the beleaguered SSR2 Review Team, still in Abu Dhabi after almost everyone else had flown the coop, held its previously scheduled all-day face-to-face meeting with little more to do than "review feedback" from ICANN60 sessions, and then begin putting back the pieces the ICANN Board had left strewn about Abu Dhabi. For more read ICANN60, Abu Dhabi, ICANN Board Suspends SSR2 Work and Statement from SO/AC Chairs, Nov 2, 2017, on the suspension of the Security and Stability Review.
#ICANN60 GAC/Board, UK: what steps will b taken 2 ensure Board never needs 2 take unprecedented step of pausing an independent review again?— Samantha Dickinson (@sgdickinson) October 31, 2017
Where in the bylaws does #ICANN Board have the power to suspend the Security and Stability Review Team? https://t.co/ouvK228h6n— Eye On ICANN (@EyeOnICANN) October 29, 2017
b. Governmental Advisory Committee (GAC) Communique (pdf): The GAC elected Manal Ismail (Egypt) as Chair to complete the two-year term of Thomas Schneider. The GAC elected as Vice Chairs: Guo Feng (China); Ghislain de Salins (France); Milagros Castañon (Peru); Chérif Diallo (Senegal); Pär Brumark (Niue). The GAC discussed follow-up on previous advice re: 1. Application for .amazon and related strings; 2. 2-Character Country Codes at the 2nd Level; 3. Red Cross and Red Crescent Protections. Several GAC members "expressed major concerns regarding the draft report from the sub-group on jurisdiction. These members consider that it falls short of the objectives envisaged for Work Stream 2, and that its recommendations only partly mitigate the risks associated with ICANN’s subjection to US jurisdiction, which makes the adoption of the report unacceptable" (emphasis added). GAC Consensus Advice to the Board: 1. Intergovernmental Organization (IGO) Protections; 2. Enabling inclusive, informed and meaningful participation in ICANN; 3. GDPR / WHOIS; 4. Applications for .amazon and related strings--a. The GAC advises the ICANN Board to: i. continue facilitating negotiations between the Amazon Cooperation Treaty Organization’s (ACTO) member states and the Amazon corporation with a view to reaching a mutually acceptable solution to allow for the use of .amazon as a top level domain name.
I understand why governments are upset because I was there when the ICANN bd said yes to the GAC, when it meant no. #ICANN60— Jeff Neuman (@jintlaw) October 31, 2017
c. GDPR & WHOIS: Data Protection/Privacy Issues | ICANN.org.
#ICANN60 GAC/Board mtg, @icann_president: we are in discovery phase when it comes to understanding the law re GDPR & its impact on Whois/RDS— Samantha Dickinson (@sgdickinson) October 31, 2017
d. WS2-Accountability: see Co-Chairs Statement from CCWG-Accountability Meeting in Abu Dhabi | ICANN.org and ICANN Jurisdiction: CCWG-Accountability WS2, Friday Oct 27, Abu Dhabi.
e. Public Forum #2--Domain name registrant's complaint about new TLDs that "don't work" on the internet--Public Forum excerpts (as transcribed unedited, emphasis added)(pdf):
f. Public ICANN Board Meeting (Editor's note: see tweet below on why all ICANN Board Meetings should be public and accessible online):
#ICANN director leading discussion on name collisions has a major conflict of interest as service provider to corp, mail and home applicants— thereforeICANN (@thereforeICANN) November 2, 2017
g. Competition, Consumer Trust and Consumer Choice Review (CCT)
ICANN60 Interview With Jonathan Zuck and Drew Bagley: progress and next steps of the Competition, Consumer Trust, and Consumer Choice Review from CCT Chair Jonathan Zuck and CCT Independent Expert Drew Bagley of securedomain.org. In this interview produced by ICANN, Zuck and Bagley share information about the CCT Review, including next steps. More information at ICANN.org.
2) Other ICANN news
Data Protection/Privacy Statement--Statement from ICANN Contractual Compliance | ICANN.org: "As discussed at ICANN60, the extent of the impact of the GDPR on WHOIS and other contractual requirements related to domain name registration data is uncertain. The ICANN Board, org and community are engaged in multiple efforts to assess the impact of the GDPR on registry and registrar obligations in ICANN agreements and policies, and we continue to work with the Hamilton law firm to understand this impact. At this point, we know that the GDPR will have an impact on open, publicly available WHOIS ... During this period of uncertainty, and under the conditions noted below, ICANN Contractual Compliance will defer taking action against any registry or registrar for noncompliance with contractual obligations related to the handling of registration data. To be eligible, a contracted party that intends to deviate from its existing obligations must share its model with ICANN Contractual Compliance and the Global Domains Division." (emphasis added)
Approved Board Resolutions | Refinement of string similarity review in IDN ccTLD Fast Track Process | ICANN.org: Resolved (2017.10.29.05), the Board thanks the ccNSO, GAC and SSAC for collaborating to address the issue related to string similarity review and for developing the "Joint ccNSO SSAC Response to ICANN Board on EPSRP". Resolved (2017.10.29.06), the [ICANN] Board approves amending the Final Implementation Plan for IDN ccTLD Fast Track Process as suggested in the Joint ccNSO SSAC Response. The President and CEO, or his Designee(s), is directed to incorporate the amendment into the Implementation Plan previously adopted by the Board on 30 October 2009 (and amended on 5 November 2013) and implement the amendment as soon as practicable.
Approved Board Resolutions | Defer Compliance Enforcement of Thick WHOIS Consensus Policy for 180 Days | ICANN.org: "Resolved (2017.10.29.04), the President and CEO, or his designee(s), is authorized to defer compliance enforcement of the Thick Whois Consensus Policy for 180 days to allow additional time for the registrars and Verisign to reach agreement on amendments needed to applicable registry-registrar agreements to implement the Policy and for Registrars to undertake system modifications required to enable the thin to thick migration and additional modifications, if any, required for GDPR compliance."
Minutes – Board Risk Committee (BRC) Meeting | ICANN.org 2 Nov 2017: "... ICANN organization will consider moving to a different auditor next year when it moves to NIST framework. One significant change ICANN organization has made internally this year was to reorganize within the engineering and IT function and integrated cybersecurity (which used to be a stand-alone function) with DNS engineering and networking teams. It was noted that cloud based security testing is becoming a part of ICANN organization's normal rhythm as 40 percent of the services utilized at ICANN leverages some aspect of cloud."
Letter from ICANN General Counsel & Secretary John O. Jeffrey to Jetse Sprey | ICANN.org:
01 Nov 2017 Issue: Gemeente Amsterdam FRL Registry B.V. (new gTLDs .FRL, .AMSTERDAM) jeffrey-to-sprey-01nov17-en.pdf [604 KB] "... your clients appear to have violated its obligations under the Registry Agreement ..."
3) Names, Domains & Trademarks
See also: EFF to ICANN's Registrars: Don't Pick Up the Censor's Pen | EFF.org and
EFF to ICANN's Registries: Don't Pick Up the Censor's Pen | EFF.org: "... Our whitepaper broke down these choices in detail, explaining how some of the weakest protection for free speech comes from those domain registries whose policies offer additional privileges to trademark or copyright holders, or to overseas speech regulators. Amongst the worst examples that we called out were Donuts and Radix, who have a side-deal with the Motion Picture Association of America (MPAA), bestowing it with a "Trusted Notifier" status that allows it to recommend domains for the registrars to suspend, without review by a court. We also called out the Domain Name Association (DNA) for a Shadow Regulation-style proposal to construct a private copyright arbitration system for its member registries, which include the Public Interest Registry (PIR) responsible for .org domains, and to promote that system of private law as an industry standard. This proposal was developed behind closed doors, fueling our concerns about its capture by copyright holders. Although the DNA and PIR shelved these plans after EFF brought them to light, the DNA is still pushing a similar pharmaceutical industry-penned policy that would allow for the rapid suspension of domains used for online medicine sales, bypassing any legal process. To give a final example, the new gTLDs contain an excessive level of protection for trademark holders when compared with most of the original gTLDs and ccTLDs. ICANN has imposed the requirement that all new gTLD registries utilize a secret Trademark Clearinghouse database to give priority access to brand owners when first offering their new domains for sale ("Sunrise Protection"), and to warn off registrants who register domains that might give rise to a trademark claim. Some registries have gone even further to offer brand owners additional protections that the ICANN community had rejected as requirements for the new gTLD program. An example is Donuts' DPML-Plus program that prevents the public from registering new domains that are merely typographically similar to a trademarked brand ..."
Google no longer lets you change domains to search different countries | TheVerge.com: "Google said that it’ll now deliver search results relevant to your current location no matter which domain you visit. So if you’re in New York and visit google.ru, you’ll still get results relevant to New York City. Fortunately, it’ll still be possible to escape your country’s results. You’ll be able to change locations, you’ll just have to do it through the settings menu at the bottom of google.com ... The policy of always serving local results will now apply to desktop and mobile searches, as well as Google Maps and the iOS Google app."
4) ICYMI Internet Domain News
Data Breaches: U.S. Sen. John Thune (R-S.D.), chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled “Protecting Consumers in the Era of Major Data Breaches,” at approximately 10:00 a.m. on Wednesday, November 8, 2017, to examine data breaches. The hearing will feature testimony from current CEO of Equifax and past Yahoo! CEO Marissa Mayer.--U.S. Senate Committee On Commerce, Science, & Transportation | commerce.senate.gov.
The DDoS Attack Against Dyn One Year Later | forbes.com: "... we now find news of a botnet which is reportedly spreading on IoT devices again ..."
Nov 4-5, celebrate the life and work of Aaron Swartz at the Fifth Annual Aaron Swartz Day and Hackathon | blog.archive.org. Aaron would have turned 31 on November 8.--eff.org
5) Top 3 Most Read Posts (# of pageviews Sun-Sat) this past week on DomainMondo.com:
Securing Consumer Credit Data in the Age of Digital Commerce (video)
2. News Review | ICANN60, Abu Dhabi, ICANN Board Suspends SSR2 Work
3. Ad Agencies & Brands Vs Google $GOOG, Facebook $FB, Amazon $AMZN
-- John Poole, Editor, Domain Mondo