News Review: 1) ICANN EPDP & GDPR, 2) ICANN vs EPAG (Again)

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-08-19) with analysis and opinion: Features • 1) ICANN EPDP & GDPR re WHOIS Data, 2)a. ICANN vs EPAG (Again), b. ICANN GDPR Update Callc. Delaware Secretary of State, d. Registry Operators Handbook, e. .New gTLD .PHARMACY, 3) a. GoDaddy $GDDY, b. Tucows $TCX, c.Verisign $VRSN, Domain Brief Q2 20184) ICYMI: When China Rules The Web, Censorship & InfoWars,  5) Most Read.

UPDATE Aug 20, 2018: Possible Unified Access Model Published for Community Input | ICANN.org
 Draft Framework for a Possible Unified Access Model for Continued Access to WHOIS Data - ICANN.org
Draft Framework for a Possible Unified Access Model for Continued Access to Full WHOIS Data – For Discussion [PDF, 521 KB]
"This proposal is a working draft intended to facilitate further discussions with the EDPB [European Data Protection Board] and the ICANN community. It outlines basic parameters based on ICANN org's current understanding of the GDPR, so that we can continue to seek input from the EDPB."--ICANN CEO Goran Marby (more here).
Original Post (with additional UPDATES):
ICANN EPDP Team Meetings this week: Tuesday Aug 21, and Thursday Aug 23, 13:00 UTC, 9am EDT. Non-members of the EPDP Team can now follow the EPDP meetings via Adobe Connect: https://participate.icann.org/gnso-epdp-observers, or audio cast via browser or application (e.g., iTunes).

Each EPDP meeting's documents, including agenda, slides and chat transcript, as well as links to the MP3 audio and Adobe Connect recording, when available, will be posted on each meeting's respective wiki page (click on each respective date above). Links to EPDP meeting transcripts will be on the GNSO calendar approximately 12 hours after each meeting ends. Other useful EPDP links: EPDP Team wiki, mail list, and Temporary Specification.

Thursday, 23 August 2018 EPDP Meeting #7: Chat transcript (pdf); Recordings: Mp3 and Adobe ConnectMeeting transcript (pdf); High-level notes and action items here.
1. Roll Call & SOI Updates;
2. Welcome and Updates from EPDP Team Chair;
3. Preliminary input on Triage Report (deadline for input: Friday, 24 August at 19:00 UTC);
4. Proposed approach for moving forward, including review of proposed project plan;
5. Commence deliberations and review of Appendix D – Uniform Rapid Suspension (pdf) (a/k/a "scorecard");
6. Commence deliberations and review of Appendix E – Uniform Domain Name Resolution Dispute Policy (pdf);
7. If time allows, commence deliberations and review of Appendix G: Supplemental Procedures to the Transfer Policy - AppendixG-P1 (pdf) and AppendixG-P2 (pdf);
8. Wrap and confirm next meeting to be scheduled for Tuesday 28 August at 13.00 UTC.
August 23 Meeting Slides embed below:

UPDATE 21 Aug 2018--Editor's note: the EPDP Team meeting on August 21st got off to a very rough start, with the EPDP Team Chair Kurt Pritz rearranging the agenda and bringing up an administrative matter at the beginning and sidelining the meeting for over half an hour with his proposal, allowing (e.g., the IP Constituency and/or Business Constituency and/or GAC) to double-up their presence at the Face-to-Face (F2F) meeting scheduled for the last week of September in LA, by unilaterally 'changing the rules' on "balance" by permitting EPDP members and alternates who come to LA for the meeting, inside the meeting room at the same time (i.e., "tag teams")--thereby destroying the group dynamics, room dynamics, and balance of respective interests which was so laboriously dealt with by the GNSO Council in drafting the EPDP Charter. That Kurt Pritz saw nothing wrong with this, and was willing to subvert the group dynamics and process in this way, indicates how unqualified and what a poor choice he was to be EPDP Team Chair.
"I just think it's not fair what's going on here in terms of this positive attitude and somebody is causing a delay. We're not the ones proposing a rule change here, are we? We had an established set of rules regarding the participation of alternates. I was told that (unintelligible) attend the telephone meeting, I was cut off from the email list. I was not allowed to get into the meeting even though I could have attended 20 minutes of it. And now, people are proposing to change the rules in ways that are indeed wasting a lot of time. And yes, of course it's going to make a difference if people have five - people who are supposed to have three representatives at the meeting have six representatives there shuffling back and forth. It's going to make a difference in the overall tenor, and balance, and they're going to go to dinner, and they're going to lobby. So don't pretend like these concerns that we have are not real and stop putting the onus for this change on us. We didn't propose the rule change. You did. So if your proposed rule change is causing us to waste a lot of time, then own up to it. Withdraw your proposed rule change and let's get on with the business. But let's just stick to the existing rules, which is that if you can't attend, your alternate attends. End of story."--Milton Mueller (NCSG) Aug 21 transcript, pp. 10-11.
The EPDP Chair Kurt Pritz confirmed his unilateral rule change over objections, after the EPDP meeting concluded on Thursday, Aug 23, 2018. It will be interesting to see who shows up in Los Angeles for the face-to-face meeting Sept 24-26.
August 21 meeting: spreadsheet and slides (pdf) (embed below), Adobe Connect Recording, MP3 audio, chat transcript (embed below), high-level notes and action itemsnote on the ICANN Procedure for Handling WHOIS Conflicts with Privacy Law, meeting transcript (pdf).

Chat transcript Aug 21 2018 below:

Highlights from the EPDP Team meetings Aug 14 & 16 (emphasis added):
"Frankly, I think ICANN, the organization, is going ahead and creating an access model. So I think we want to sit with them and understand what they're doing and what we think our remit is. And so anything that's provided by ICANN to the community doesn’t land with a thud and everything we do takes advantage of the work that they’ve already done."--Kurt Pritz, EPDP Team Chair, Aug 16 transcript, pp 4-5.
Farzaneh Badii (NCSG): "... I just wanted to make a very first comment about [the] Goran [Marby, ICANN CEO] letter about the access model. I never understood what [the] ICANN plan is, ICANN Org, for providing this access model, why it's asking for comments, do they want to come up with an access model and receiving comments from us. And are they going to implement it? Is there a timeline for implementation? ..." (Aug 16 transcript, supra at p.5)
Milton Mueller (NCSG): "... I'm kind of disagreeing with what you said, Kurt, about there being this kind of coupling of the temp spec with the issues related to URS. I haven't heard any specific evidence as to how there is a problem or conflict caused by the temp spec in terms of the execution of URS ... I heard both of the registry operators saying that there is no problem and that these issues should be resolved in the RPM working group. So I'm not quite understanding. I know that certain stakeholders really want to talk about access and they want to turn this temp spec proceeding into an access proceeding but if that's the agenda, we're going to have to resist it because I don't think there is an access issue here that is not already handled by existing procedures ..." (Aug 16 transcript, supra at pp. 10-11)
Theo Geurts (RrSG): "... I guess I’m not understanding the discussion completely here. From my point of view, I think the URS and the UDRP are working out. I mean, trademark holders can file a complaint and the process is being kicked off and it’s working. So, I wouldn’t spend too much time on this on something that is working. Every contracted party has to balance the rights of the data subject compared to the interests of the trademark holders. So, I think the balancing act is there and it’s pretty much a safeguard for abuse on a couple of levels ..." (Aug 16 transcript, supra at p. 14)
Stephanie Perrin (NCSG): "... I just wanted to recall Thomas Rickert’s excellent question about whether ICANN has an overall plan for compliance with GDPR because this discussion is a pretty good illustration of what we were worried about when the NCSG basically tried to limit the scope of the EPDP to a very narrow one ... I would recommend that we start a parking lot for issues that need to be resolved as a result of GDPR implementation but are not necessarily part of this particular spec. Because if we dragged everything and, unfortunately, we will have to examine all of the details surrounding all of the policies. And unfortunately, many ICANN policies will have to be rejigged as a result of GDPR compliance ... So, let’s start a parking lot, and if we have time we can fix all of these things. And if not, we leave them to the next PDP." (Aug 16 transcript, supra at pp. 14-15)
Milton Mueller (NCSG): "... So, let’s just clarify this. It’s all in writing about reasonable access. Registrars are already required to provide reasonable access under the temp spec. Now, the leap that (Alex) and (Mark) were making is that, oh, it’s part of our mandate that we have to have a policy to define what reasonable access means. That is actually not necessarily the case. If we agreed that this is going - reasonable access is going to be defined by registrar by registrar basis based on what jurisdiction they are in, what policies there are, that would be the status quo under the temp spec. Now, I know that a lot of people don’t want that ... But the question of whether we get or need a uniform access policy is not demanded by EPDP’s charter. Instead, the charter says ... we have to answer a bunch of gating questions before we decide whether and what the uniform access policy would be. So, yes, I think this issue seems to be a sticking point and it doesn’t need to be. If you want to talk, you know, what we do first is we decide what parts of the temp spec we’re going to keep and what is now a consensus policy. And then we answer the gating questions and then we get into the issue of, do we need a uniform access policy or how to redefine reasonable access. I think the sequence is very clear. And we can avoid going over this again and again if people simply recognize the sequence and the question of defining reasonable access is, indeed, an open question, not one that we must do." (Aug 16 transcript, supra at pp. 17-18)
Mark Svancarek (BC): "Well, as promised five minutes ago, if we’re going to state that access is not an appropriate topic, then I will have to, of course, intervene and say that I think it is. So, thank you to Dr. (Mueller) for clarifying his position. I have to say, I feel like this is - I’ve not really understood where he’s coming from. So my understanding is that he’s saying that there is no requirement that we will eventually end up on a particular unified access model. And I suppose that’s correct. But I think perhaps we should be very careful about the words we use when we talk about this because many of us are saying the word reasonable access and other people are perhaps making much broader, more sweeping statements that could be interpreted as we don’t have to talk about access at all. And I think those sort of disconnects are resulting in a lot of overhead in the discussions and confusion and concern." Kurt Pritz: "Thanks, (Mark) and if it’s okay with everybody, I’ll bring this part of the overhead discussion to a close." (Aug 16 meeting, supra at pp. 19-20)
The CyberSecurity Risks of an open, public WHOIS directory: 
Theo Geurts (RrSG): "... And I wanted to respond on a couple of things that are happening in the chat regarding security, transfers, domain name hijacks and I would like to point out that now that WHOIS [registrant data] by most registrars is redacted that one of the biggest attack vectors used by criminals and hacking folks is now gone because now there’s no details that give a hacker the ID on which email address or which email account he has to hack. It’s no longer visible. It makes it a lot harder for a criminal to hack such accounts because it’s no longer displayed ... we do have the feeling that domain hacks actually have gone down ... So having the email address no longer in the ... WHOIS ... is like making it 50% more secure, that I’m not sure I’m correct in the percentage but it makes it a lot more difficult to hijack or steal a domain name . . . .  we’re getting less complaints, the transfer process got easier, our resellers are more happier so that simplification in the process I was kind of amazed how that worked out on an operational level. So, so far we are pretty positive ... so for us it’s working out really, really great." (Aug 16 meeting, supra at pp. 28-30)
Editor's note: see also the note further below about the cybersecurity risks of fax numbers and fax machines.

Note also: GNSO Council meeting 16 Aug 2018, excerpts from Chat transcript (pdf) re EPDP:
Keith Drazek (RySG): Thanks for the EPDP update Rafik. On the point of the EPDP Vice Chair/Council Liaison roles, I am ok with you doing both. This is a unique situation where the size of the group is limited in size .... I think the next step in the Charter is to focus on the list of questions related to the Temp Spec and gating for the other discussions. Marika Konings: The triage is expected to help inform priorities and the detailed work plan going forward. And as Rafik mentioned, we do have a high level timeline that outlines the different milestone delivery dates ... Pam Little, RrSG: Have we seen a work plan developed by the EPDP Team? Marika Konings:@Pam - that is still in development. As said, the triage effort is expected to help inform how to tackle the Temporary Spec / Charter questions ... Ayden Férdeline: Yes, the EPDP is not making much progress, if any ... Some participants from Advisory Committees spend time on calls asking for things that could be resolved over email, i.e. please can you call out to our Observer who has poor Internet ... A lot of time is being spent relitigating what is in the charter, too, particularly as it relates to access."
More information (links to recordings, transcripts, documents) re: the Aug 14 and Aug 16 EPDP Team meetings on last week's News Review
ICANN's GDPR Train Wreck ©2018 DomainMondo.com (graphic)
Definition: "train wreck" (noun) a chaotic or disastrous situation that holds a peculiar fascination for observers.
See also:
  • ICANN CEO Goran Marby (in photo above) and EPDP Chair Kurt Pritz's emails.
  • EPDP & ICANN's Picket Fence (pdf): ICANN's 'Picket Fence' circumscribes ICANN's authority with regard to domain names.
  • Why ICANN Should Not Require Collecting, Much Less Publishing, Registrants' Fax Numbers--FAX HAX: fax machines pose a huge vulnerability to the cybersecurity of businesses and other organizations, according to a new studyA fax number is the only thing required to carry out the attack. Many fax machines run on decades-old protocols that are easy for hackers to penetrate, says Israel-based soft­ware com­pany Check Point. Most fax lines are connected to an organization's larger IT network, so after a cyber intruder makes their way into an insecure fax machine, everything else, regardless of what other cyber protections are in place, can become easy targets--TheHill.com.
  • Working Paper (pdf) on standards for data protection and personal privacy in cross-border data requests for criminal law enforcement purposes (Budapest, Hungary, 9/10 April 2018)--datenschutz-berlin.de.

2) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICANN v. EPAG Domainservices, GmbH: ICANN's Plea of Remonstrance (in German)[pdf, 2.27 MB]. The English Translation [pdf, 276 KB] is embed below (personal identifiable information has been redacted by ICANN) 17 August 2018:

Prior filings in the case are here. See also English Translation of EPAG’s Comment on ICANN’s Submission of Letter from European Data Protection Board [pdf, 517 KB] 1 Aug 2018.

b. ICANN Community Leaders' GDPR Update Call, 13 Aug 2018 (pdf) excerpt below:
GDPR update call 13 Aug 2018 Adobe Connect recording and Audio Recording [MP3, 3.77 MB].

c. 14 Aug 2018 Letter of Delaware's Secretary of State (pdf) to ICANN re: new gTLDs that meet the definition of “company endings” including, but not limited to, .INC, .CORP, .LLP, .LTD, .COMPANY and .LLC (letter embed below):

d. ICANN Global Domains Division (GDD) 
 ICANN GDD General Operations Handbook for Registry Operators
General Operations Handbook for Registry Operators (revised) 15 Aug 2018 gdd-ops-handbook-registry-operators-15aug18-en.pdf [pdf, 429 KB].

e. New gTLD .pharmacy notice of beach of registry agreement (pdf), status as of 17 Aug 2018:
 breach notice .PHARMACY
source: ICANN.org

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. Domain Name Registrar GoDaddy $GDDY:
GoDaddy shares fall after pricing its secondary public offering of 10.4 million shares from selling stockholders--marketwatch.com 15 Aug 2018.

b. UPDATED: Domain Name Registrar Tucows $TCX Q2 2018:  Tucows management posted responses to questions of general interest to the Company’s web site here (pdf) on Wednesday, August 22 at 9:00 a.m. EDT.

c. Domain Name Registry Operator (.COM, .NET et al) Verisign $VRSN--Tracking Warren Buffett's Berkshire Hathaway (NYSE:BRK.A and NYSE:BRK.B) Portfolio - Q2 2018 Update:
VeriSign Inc. $VRSN shares were first purchased by Berkshire in Q4 2012 at prices between $34 and $49.50. The position was more than doubled in Q1 2013 at prices between $38 and $48. The following quarter saw a one-third increase at prices between $44 and $49. Q1 and Q2 2014 also saw a combined ~17% increase at prices between $47 and $63. $VRSN currently trades at ~$150 and the Berkshire position is ~0.91% of Berkshire's total portfolio, about 10% ownership interest in Verisign. Read more at SeekingAlpha.com 15 Aug 2018.

See also The Verisign Domain Name Industry Brief Q2 2018 | verisign.com:
  • 10 largest top-level domains (TLDs) in the world (.png)--4 gTLDs + 6 ccTLDs--can you name in the correct order, all top-ten TLDs? 
  • The second quarter of 2018 closed with approximately 339.8 million domain name registrations across all top-level domains (TLDs), an increase of approximately 7.9 million, or +2.4% year over year.
  • Total new gTLDsdomain name registrations decreased by approximately 2.5 million domain name registrations, or -10.4%  year over year, ending the second quarter of 2018 with a total of only 21.8 million domain name registrations.
  • Legacy gTLD .COM domain name registrations increased by 6.4 million, or +5.0% year over year.  As of June 30, 2018, the .com domain name base totaled approximately 135.6 million domain name registrations (as compared with 129.2 as of June 30, 2017).  
  • Legacy gTLD .NET domain name registrations decreased by 1.0 million, or -7.0% year over year. As of June 30, 2018, the .net domain name base totaled approximately 14.1 million domain name registrations (as compared with 15.1 as of June 30, 2017). 
  • Total country-code TLD (ccTLD) domain name registrations were approximately 149.7 million at the end of the second quarter of 2018, an increase of approximately 5.5 million domain name registrations, or +3.8%, year over year.

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com

"... given China’s size and technological sophistication, Beijing has a good chance of succeeding—thereby remaking cyberspace in its own image. If this happens, the Internet will be less global and less open. A major part of it will run Chinese applications over Chinese-made hardware. And Beijing will reap the economic, diplomatic, national security, and intelligence benefits ..."
  • "It will be a dark day for internet freedom if Google has acquiesced to China’s extreme censorship rules to gain market access."--Patrick Poon, China Researcher at Amnesty International--amnesty.org.
  • The Unlikely Activists Who Took On Silicon Valley and Won: Facebook and Google made billions mining personal data, and fought off anyone who threatened to stop them. Then came a challenge in their own backyard--NYTimes.com
"Political power is a malleable thing, Mactaggart had learned, an elaborate calculation of artifice and argument, votes and money. People and institutions — in politics, in Silicon Valley — can seem all-powerful right up to the moment they are not. And sometimes, Mactaggart discovered, a thing that can’t possibly happen suddenly becomes a thing that cannot be stopped."
  • Censorship & InfoWars:
Infowars Website Traffic Explodes After Silicon Valley Blacklists Alex Jones Empire | zerohedge.com"They are using me as a test case to try to bring an EU style web censorship"--Alex Jones. InfoWars Videos, Podcasts, and Social Posts Have Disappeared. Here's Why Its Website Won't Be Next | Fortune.com: Internet infrastructure companies like web hosts, registrars, and CDNs were right to largely remain neutral in Infowars-like debates, civil rights experts say.
Alex Jones is far from the only person tech companies are silencing August 12, 2018, by David Greene, civil liberties director and senior staff attorney for the Electronic Frontier Foundation (eff.org): "Facebook, Twitter, Apple and other companies routinely silence voices in marginalized communities around the world that struggle to be heard in the first place, replicating their offline repression."
  • Internet Freedom, Free Speech & Free Press: If the US government prosecutes Julian Assange and WikiLeaks, it will mark a point of no return--zerohedge.com.

5) Most Read Posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


Domain Mondo archive