2018-04-29

News Review | GDPR Moratorium Just Another ICANN 'Fantasy'

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-04-29) with analysis and opinion: Features •  1) ICANN's GDPR Train Wreck News: 26 Days Until May 25 a. GDPR Moratorium Just Another ICANN 'Fantasy', b. ICANN Was Warned Repeatedly, c. WHOIS and GDPR--separating Fact from Fiction & Hysterics, d. NCSG "Must Read", e. Liar, Liar, Pants on Fire! 2) Other ICANN news, 3) Names, Domains & Trademarks, 4) ICYMI, 5) Most Read.
plus ça change, plus c'est la même chose--the more things change, the more they stay the same--ICANN.dysfunctional | Computerworld.com Dec 12, 2011: "... ICANN today is a dysfunctional and self-justifying organization ..."
1) ICANN's GDPR Train Wreck News--Days Until May 25: 
ICANN President & CEO Goran Marby's Letter to Article 29 Working Party (pdf)
a. GDPR Moratorium Just Another ICANN 'Fantasy'--Incompetent ICANN Management Team's Delusional Plan for a GDPR 'Moratorium':
"The GDPR does not allow national supervisory authorities nor the European Data Protection Board to create an 'enforcement moratorium' for individual data controllers ... Data protection is a fundamental right of individuals, who may submit complaints to their national data protection authority whenever they consider that their rights under the GDPR have been violated."--Article 29 Working Party. See Europe fires back at ICANN's delusional plan to overhaul Whois for GDPR by next, er, year | TheRegister.co.uk: "ICANN had made the concept of a moratorium the central pillar of its effort to become compliant with the law. But its entire strategy was built on a fantasy."--Kieren McCarthy, former ICANN staffer, writing in The Register (link above) (emphasis added); read the Article 29 Working Party's full statement here.
b. ICANN Was Warned, Repeatedly (since 2003), by the EU Article 29 Working Party
06 June 2013 Letter (pdf) to Steve Crocker, ICANN Chairman, and Fadi Chehadé, ICANN CEO, from the Article 29 Working Party (excerpt):
"In general, we repeat that the problem of inaccurate contact details in the WHOIS database cannot be solved without addressing the root of the problem: the unlimited public accessibility of private contact details in the WHOIS database. In that light, the Working Party welcomes the growing number of [ccTLD] registries in Europe that are offering layered access to the WHOIS data."
c.  WHOIS and GDPR--separating Fact from Fiction & Hysterics
WHOIS afraid of the dark? Truth or illusion, let's know the difference when it comes to WHOIS | InternetGovernance.org"... WHOIS isn’t going dark; the only fields that are going to be cloaked are those that cybersecurity researchers and investigators might not even need in order to do their jobs. Those who need additional information, such as law enforcement agencies involved in a legitimate investigation, will be able to get more. In this post, we will explore the small changes coming to the WHOIS, and we will reveal how little an impact they are likely to have when you fight spam, botnets, and DDoS attacks ... ICANN has had a long history of violating basic data protection norms ... The privacy rights of domain name registrants have been ignored for far too long by ICANN ..."

Identity Theft via the ICANN Public WHOIS: How to Steal Someone's Identity in 45 Minutes | tomsguide.com [When your target also happens to be a domain name registrant, start with ICANN's  free and public WHOIS as your first step. In many, if not most cases, it will give you the target's name, full address, phone number, email address--everything any cyber criminal or scammer needs to get started. For the rest, see Tom's Guide at the link aboveOf course this may all change when the European Union's GDPR becomes enforceable May 25, 2018.]

13 April 2018 Data Protection/Privacy FAQs | ICANN.org [PDF, 76 KB] excerpt:

d. ICANN Non-Commercial Stakeholders Group re: ICANN’s Non-Compliance with European Data Protection Law (pdf)--a "must read"--embed below:

e. Liar, Liar, Pants on Fire!
Data Protection/Privacy Issues Update: Summarizing our Recent Meeting with Article 29 Working Party (WP29) Technology Subgroup April 23, 2018 | ICANN.org by Göran Marby, ICANN President and CEO:  "... Today in Brussels, ICANN org's Akram Atallah, John Jeffrey, Elena Plexida*, and Theresa Swinehart joined me ... to meet with the Article 29 Working Party (WP29) Technology Subgroup ... We reiterated to the WP29 that we are committed to compliance with the law ..." [*Elena Plexida, a former EU agency employee, is a recent ICANN hire.]

Editor's note: I asked ICANN CEO Goran Marby on February 22, 2018, on the ICANN Quarterly Stakeholder Call: "When did you first become aware of the ramifications of the EU GDPR for ICANN?" 
Marby answered that he first became aware of the ramifications of the EU GDPR for ICANN, in May (2016), shortly after he started as ICANN President and CEO.
Now Marby seems to have changed his story. In his April 23 blog post, Marby now claims: "... One question that has been asked many times is: why didn’t we start the process earlier? I guess there are many answers to that question, but one might be lack of awareness ..." 

As I have noted before (pdf), lying is part of the corporate and organizational culture of ICANN. But why does lying appear to be continually endemic at the highest levels of ICANN? Probably because ICANN has not had principled leadership for a very long time, and the ICANN organizational culture accepts lying as a "normal" way to interact with people in order to avoid accountability. Frankly, in any functional and accountable modern corporation, under similar circumstances, the CEO and "management team" responsible for this "train wreck" would resign or be fired.
"[T]he United States government is also dissatisfied with ICANN. The Commerce Department said it had canceled a request for proposals to run the so-called Internet Assigned Numbers Authority because none of the bids met its requirements: “the need for structural separation of policy-making from implementation, a robust company wide conflict of interest policy, provisions reflecting heightened respect for local country laws and a series of consultation and reporting requirements to increase transparency and accountability to the international community.”"--March 18, 2012, New York Times.
 Related:
  • 27 April 2018 Letter from ICANN (Jamie Hedlund) to Graeme Bunton (pdf) re: ICANN RrSG Audit Postponement Request: "Thank you for your letter of 20 April 2018, requesting postponement of the 2018 Spring Registrar Audit to allow registrars adequate opportunity to implement changes required to comply with Europe's General Data Protection Regulation [GDPR]The April 2018 registrar audit round is on hold ..."
  • eco/i2Coalition Update Webinar On ICANN Contracted Party GDPR Compliance | i2Coalition.com: "On May 9th, we will provide an update on the current status of the compliance, analyze the correspondence with the Article 29 group, and discuss possible solutions. We will walk through the eco GDPR Domain Industry Playbook and will take a look beyond WHOIS e.g. data for registration, data required to be escrowed and data retained under ICANN’s contracts. May 9th 10 AM – 11 AM ET (Washington D.C.) 2 PM – 3 PM UTC 4 PM – 5 PM CEST (Berlin)" Editor's note: register for the webinar at the link above.

2) Other ICANN news
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICYMI New gTLD .WEB UPDATE: New gTLD .WEB: Afilias vs ICANN, Verisign $VRSN & Nu Dot Co?Afilias drops "bomb" on ICANN Board--16 April 2018 Letter from Arif Ali (Afilias) to ICANN Board (published by ICANN April 23, 2018 and embed in full at the link above)--excerpt:
Afilias requests the aforementioned updates because it intends to initiate a CEP and a subsequent IRP against ICANN, if ICANN proceeds toward delegation of .WEB to NDC. Afilias also reserves the right to pursue claims against ICANN in a court of law. As Afilias has previously informed ICANN, it has numerous objections to ICANN’s conduct with respect to NDC’s actions during the .WEB auction and its agreement to assign Verisign the .WEB gTLD, including but not limited to the antitrust and competition issues raised by Verisign’s acquisition of the .WEB gTLD. (emphasis and links added) 
b. ICANN62 GNSO Draft schedule | ICANN.org (pdf) (as of 26 Apr 2018, subject to revision).
 ICANN 62

c. ICANN Public Comment Periods Closing in May (subject to change):

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. Verisign $VRSN Q1 2018 financial results:
  • End of Q4 2017: 131.9 million .COM domain names and 14.5 million .NET domain names 
  • End of Q1 2018133.9 million .COM domain names and 14.4 million .NET domain names
For the first quarter of 2018, a net increase of 2 million .COM domain name registrations. .COM is the most popular and market-dominant (in the U.S. and globally) top-level domain (TLD). The pricing of .COM domain names is thankfully, price-controlled by NTIA (U.S. government), not ICANN. [Editor's note: under ICANN's sole control, the gTLD .COM would start to decline just like .NET, as ICANN has proven to be incompetent.]

A continuing decline of 100,000 .NET domain name registrations due to mismanagement of .NET pricing by incompetent ICANN. World's ten most popular TLDs (2017 data) here. .COM ranks first ('by a mile'), and .NET ranks fifth (behind .COM, .CN (China), .TK (Tokelau), .DE (Germany) and just ahead of sixth-place .UK (United Kingdom) and seventh-place .ORG.

Verisign reported revenues and EPS that exceeded Wall Street's consensus estimates, the stock closed Friday at $118.30 per share, a 33% gain YOY. Market capitalization of $VRSN as of Friday: $11.26 billion. Verisign management also reported the company is already discussing with NTIA the Cooperative Agreement (which controls .COM pricing) which can be extended (and hopefully will be) by NTIA beyond November 30, 2018. Verisign management also said it is waiting for ICANN to delegate .WEB but is not including any .WEB revenue in 2018 guidance. More information here.

b. ccTLD .EU: 
Euro idiocrats backtrack on plan to kill off Brits' 300,000 .eu domains | TheRegister.co.uk. EU now proposes to open .EU for registration by anyone in the world. More information here. [Editor's note: a smart move to open up .EU.]

c. Google On How To Reverse A Site Move & Go Back To Original URLs | seroundtable.com.  Editor's note: a good resource for those "suckers" who got "conned" into switching their domain names to one of ICANN'new gTLDs whose known problems (since at least 2003) include "failing to work as expected on the internet" otherwise known as "ICANN's Consumer Fraud Scheme" or ICANN's euphemistic phrase "universal acceptance issues."

d. $GDDY: GoDaddy surpasses one million customers in India | business-standard.com.

e. ICYMI--Editor's note: a good read even if you don't live in Australia--ccTLD .au domain review released | Department of Communications and the Arts | communications.gov.au.

See also Disneyland trips and more: Police called into 'dot au' dispute | thenewdaily.com.au: "The auDA self-regulatory model ... appears to be running out of time to get its governance and accountability in order" and  Grumpier.com.au | Member Site.

f. Crypto domains--darkreading.com: ".bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says."

g. Authorities bust world's largest DDoS-for-hire service & seizes its domain | hackread.com

h. Registrars Suspend 11 Pirate Site Domains, 89 More in the Crosshairs | TorrentFreak.com

h. French Gov't Illegally 'Seized' France.com, US Owner Says | Law360.com

i. Melbourne IT will change its name to Arq Group to underline the shift away from its historical domain name registration and hosting business.--afr.com.

j. China Trademarks: The De Facto Public Domain Mark | ChinaLawBlog.com: "... the Chinese Trademark Office (CTMO) and the Chinese court system have different standards for what makes one trademark “confusingly similar” to another, which is the statutory basis for determining whether one trademark conflicts with another. To make things even more confusing, neither the CTMO nor the Chinese court system has a uniform, clearly articulated standard ..."

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a. Iran: Iran bans government bodies from using foreign message apps | apnews.com. [Editor's note: Iran has a point, you don't know who to trust anymore, for example, knowledgeable domain name registrants certainly don't trust ICANN, and if you are a user of messaging apps, do you really trust Facebook's Messenger or WhatsApp?] See also Google’s new Chat service shows total contempt for Android users’ privacy | Amnesty.org"baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users’ communications." And also  Russia: Russia blocks Google, Amazon IP addresses in bid to ban Telegram | cnbc.com and An 'internet civil war' has erupted in Russia | AlJazeera.com.

b. EU: EU proposes regulating how web platforms treat businesses | TheHill.com: "would require platforms such as Google to be more transparent with businesses about their placement in search engine results, which can have a huge impact on a company’s success." See also Facebook says users must accept targeted ads even under new EU privacy law | Reuters.com.

c.  Censorship: A Recent Update from Google Could Severely Hamper Anti-Censorship Tools | gizmodo.com: ".... Domain fronting is used to bypass censors by hiding the true endpoint of a connection ..."

d. U.S. vs. Internet Freedom: 
e. AFRICA:
f. Canada: Dear Canada: Accessing Publicly Available Information on the Internet Is Not a Crime | Electronic Frontier Foundation | EFF.org.

5) Most read posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com



Audience stats--Domain Mondo's readers' geolocation--top five countries: 1) U.S., 2) Germany, 3) France, 4) Norway, 5) China.

-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


DISCLAIMER

Domain Mondo posts: