News Review | Coming May 25, EU's GDPR, Are You Ready? ICANN Isn't

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-04-22) with analysis and opinion: Features •  1) Coming May 25: the EU's GDPR, Are You Ready? ICANN Isn't, 2) a. More ICANN new gTLDs Dysfunction, b. U.S. gov NTIA's Strange Letter To ICANN3) Goodbye Neustar $$, 4) ICYMI: "ICANN People" and more, 5) Most Read.

New gTLD .WEB Update April 23: Afilias drops "bomb" on ICANN Board (full letter embed here)

1) Coming May 25, EU's GDPR, Are You Ready? ICANN Isn't:
 ICANN's GDPR Train Wreck  ©2018 DomainMondo.com (graphic)
Just 1½ years after the IANA transition, the dysfunction, incompetence, and conflicts of interest, are self-evident as systemic throughout the California corporation officially known as the Internet Corporation for Assigned Names and Numbers, otherwise known as ICANN, as well as in its self-selected "ICANN community" dominated by "special interests" (trademark lawyers, corporate lobbyists, and contracted parties, i.e., domain name registrars and registry operators). Now ICANN, despite its international "global" pretensions, finds itself, inexplicably, unprepared for the European Union's General Data Protection Regulation (GDPR) which becomes enforceable May 25, 2018:
Data Protection/Privacy Issues Update 13 Apr 2018 | ICANN.org: "... On Thursday, we  received a letter [PDF, 400 KB] from the Article 29 Working Party where they provided recommendations on ICANN org's Interim Model for Compliance [PDF, 922 KB] with ICANN's agreements and the GDPR. In my reply [PDF, 313 KB] to Article 29 I again emphasize the need for additional time to further develop and implement the model, including a moratorium on enforcement until our model is in place ..."--Göran Marby, ICANN President and CEO (emphasis added)
Although everyone was given two years to prepare, ICANN's overpaid and incompetent management team, completely bungled GDPR preparations, leaving the ICANN organization and "ICANN community" scrambling to find ways to comply with the EU GDPR by May 25, 2018, now less than five weeks away. In response to the increasing alarm and anxiety, the ICANN Board of Directors indicated to the GNSO Council leadership team and the RDS PDP WG (RDS) leadership team on April 11, 2018, that the ICANN Board of Directors is considering a temporary policy/specification as outlined in the RAA Consensus Policies and Temporary Policies Specification as one possible means of implementing an ICANN interim GDPR compliance model (for registry operators see "Temporary Policies" on page 43 (of 99) of the ICANN Registry Agreement (pdf) approved July 31, 2017). Here's the complete note circulated by GNSO Council leadership:

Infographic: Are You Prepping for GDPR? | Statista source: Statista.com 13 Apr 2018, based on Hubspot.com Q3 2017 survey.

  • "If you think Facebook has problems, they’re nothing compared to the fiasco at the Internet Corporation for Assigned Names and Numbers [ICANN]. Americans should be far more alarmed about what’s happening with the obscure, private California company that oversees the Internet’s backbone ..."--WashingtonExaminer.com  April 16, 2018.
  • Privacy as an Afterthought: ICANN's Response to the GDPR | Electronic Frontier Foundation | eff.org: ".... Although EFF would have preferred a model requiring a court order or warrant for access to such personal information, it seems inevitable that tiered access will be based on some kind of ICANN-administered accreditation system. Community discussions on what that accreditation program should look like continue on a new ICANN discussion list, using the Business and IP constituencies' proposal as a starting point. But this is work that should have been finished long agoThe commencement date of the GDPR [May 25, 2018] has been known since the rule was adopted on April 27, 2016. Although its edges will be difficult for ICANN to navigate, its basic outlines are not rocket science; it has been obvious for over two years that more would need to be done to secure the personal information of domain name registrants. Unfortunately, ICANN's version of a multi-stakeholder process has broken down over this contentious issue of registrant data privacy. It therefore falls to ICANN's board to make the interim changes necessary to ensure that the WHOIS system is brought into compliance with European Union law. While this interim model may be replaced by a community-based access model in the future, institutional inertia is likely to see to it that the Board's "interim" policy constrains the outlines of that future model. This makes it all the more important that the ICANN Board listens to all segments of its community and to the advice of the Article 29 Working Party, in order to ensure that the solutions developed strike an appropriate balance between stakeholders' competing interests, and that the human rights of users are put first." (emphasis added)
[Editor's note--re: trademark lawyers and corporate lobbyists--inept ICANN, in a blatant conflict of interest, joined trademark lobbyist organization INTA, as a full member, during the dysfunctional, conflicted administration of former ICANN CEO Fadi Chehade].

2) Other ICANN news
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICANN new gTLDs subsequent procedures dysfunction: 
"The document also contains serious biases and preconceptions which are wrong and will not fly and we are running the serious risk of reproducing something so close to the Applicant Guidebook of 2012 that the world at large will be incredulous. The 2012 exercise produced results which are not acceptable internationally, certainly not to be repeated."--emphasis added, see full quote below.
ICANN Transcription New gTLD Subsequent Procedures Working Group call Monday, 16 April 2018 at 20:00 UTC (pdf) excerpt:
[Editor's note: it appears dysfunctional and inept, if not corrupt, ICANN, is on track to produce another severely flawed round of new gTLDs plagued with the same defects and mistakes as last time. The sole objective appears to be to generate more money via new gTLDs' consumer fraud and ICANN's .BRAND "extortion racket" (pdf).]

b. U.S. gov NTIA's Strange Letter To ICANN: 
NTIA Asks ICANN to Investigate GoDaddy Masking WHOIS Information, Review Accredited Registrar Issues | National Telecommunications and Information Administration | ntia.doc.gov April 16, 2018: "... request that ICANN look into two issues related to ICANN accredited registrars. First, the actions taken by GoDaddy last month to throttle Port 43 access and to mask the information in certain WHOIS fields ... Second, in the current configuration of the DNS marketplace, an ICANN accredited registrar is the single entry point for making modifications to domain name resource records ... NTIA sees merit in examining the roles other parties could play. One example is the feasibility and impact of allowing non-ICANN accredited registrars to offer services that manage specific DNS resource records, such as MX or NS records, directly with a registry ..."--David J. Redl, NTIA Administrator, full letter here (pdf).

[Editor's noteU.S. government interference in ICANN affairs? Run it through the GAC, David, and get your unanimous consensus, before telling ICANN what to do, otherwise you are setting a precedent for China or Russia or Iran, to write their own letters "requesting" ICANN do something which you may not like.]

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
Goodbye Neustar $$: Neustar (domain: home.neustar), a top-level domain (TLD) registry services provider and technology company, which once was publicly traded (NYSE: NSR) but now is privately held by Golden Gate Capital and Singapore's sovereign wealth fund, has lost its lucrative, high-margin NPAC contracts which are now transitioning to the new provider iconectiv.com (part of Telcordia Technologies, Inc., U.S. subsidiary of Sweden's Ericsson)--"The Southeast Number Portability Administration Center (NPAC) Region, the largest of the seven U.S.regions, was transitioned on April 8, 2018. This was the first regional cutover of NPAC data and services and it followed the successful transition of Ancillary Services on March 4, 2018.  The Southeast Region includes Alabama, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Puerto Rico, and the U.S. Virgin Islands. The remaining regions are scheduled to cutover on May 6, 2018 (for the Mid-Atlantic, Midwest, and Northeast Regions) and May 20, 2018 (for the Southwest, West, and West Coast Regions)"--via FCC.gov April 12, 2018.

Just how much $$ will Neustar lose? 
"Once the [NPAC] contracts terminate, our annual revenue will decrease by approximately $500 million ... At the time of termination, our revenue and profitability will be dependent upon the success of our remaining business. If we are not able to replace this lost revenue and adjust our operating plans to support our remaining business, our total revenue and profitability may be materially adversely affected."--Neustar 10-Q, Oct 29, 2015 (emphasis added).

One analyst at that time wrote: "... there's good reason to believe the said contract represents NSR's [Neustar's] entire EBITDA profitability ... NSR isn't yet fully ready to recognize just how much profitability it stands to lose (hint: all of it)... NSR was charging nearly $500 million per year for something which is now being awarded ... for 7 years (at $142.9 million per year) … a reflection of the massive margins NSR is realizing on this contract ..."

Editor's note: the "new Neustar" is about to become a mere shadow of its former self. Neustar, which does business as Neustar Inc. and ARI Registry Services, is the largest new gTLDs backend registry services provider according to ntldstats.com/backend, but has been losing backend registry service contracts--Australia's ccTLD .au to Afilias beginning July 1, 2018, as well as some of the many terminated .BRAND new gTLDs.

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a. ICANN people think they are rock stars spending millions on meetings around the world! | OnlineDomain.com

b. Internet Tax: South Dakota e-commerce sale tax fight reaches U.S. Supreme Court | Reuters.com

c. DNS: What Is Cloudflare's DNS and How to Set It Up | tomsguide.com

d. Dark web more dangerous, more accessible than realized | La Vida | dailytoreador.com

e. Surveillance firm Terrogence, a US government vendor, has been building a massive facial recognition database from photos on Facebook, YouTube, and other sites--Forbes.com

f. Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices | US-CERT.gov

5) Four Most Read Posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


Domain Mondo archive