News Review: GDPR, ICANN & WHOIS Data, EPDP Dysfunction

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-08-11) with analysis and opinion: Features •  1) GDPR, ICANN & WHOIS Data, EPDP Dysfunction2) Other ICANN news: a. Odd Correspondence, b. .ISLAM, .HALAL, c. Contract Compliance, and more, 3) Names, Domains & TMs: a. Another ICANN new gTLD .BRAND #FAIL, and more, 4) ICYMI, 5) Most Read.

1) GDPR, ICANN & WHOIS Data, EPDP Dysfunction
UPDATE: EPDP Team Meeting #5 Thursday, 16 Aug 2018 at 13:00 UTC 9am EDT. Meeting agenda:
1. Roll Call & SOI Updates
2. Welcome and Updates from EPDP Team Chair
3. Summary of responses to EPDP Input Survey Part 3 - Results for Appendix D: Uniform Rapid Suspension, Appendix E: Uniform Domain Name Dispute Resolution Policy, Appendix G: Supplemental Procedures to the Transfer Policy

4. Substantive Discussion of Temporary Specification:
  • Part 3 of the Survey can be found at https://www.surveymonkey.com/r/7PWQPP7
  • Appendix D: Uniform Rapid Suspension
  • Appendix E: Uniform Domain Name Dispute Resolution Policy
  • Appendix G: Supplemental Procedures to the Transfer Policy
5. Confirmation of action items and questions for ICANN Org, if any
6. Wrap and confirm next meeting to be scheduled for Tuesday 21 August at 13.00 UTC.

UPDATE 15 Aug 2018: Non-members of the EPDP Team can now follow the EPDP meetings taking place on Tuesdays and Thursdays at 13:00 UTC via Adobe Connect (view only for alternates and observers): https://participate.icann.org/gnso-epdp-observers, or audio cast via browser or application (e.g., iTunes).

August 16 meeting spreadsheet, and slides (pdf) embed below. Chat transcript (pdf), replay of mp3 audio and Adobe Connect recording (allow several seconds for recording to open). High level notes and action items here. 16 August 2018 Meeting transcript (pdf). Other links: EPDP Team wiki,  mail list, and Temporary Specification.

EPDP Team Meeting #4 Tuesday, August 14 at 13:00 UTC 9am EDT. Meeting agenda, background document, slides (embed below), chat (pdf), Mp3 recording, Adobe Connect Recording.

Meetings August 7 and August 9, 2018, notes:

"Triage" summary above--"Initial indications are that the level of consensus is low."--Kurt Pritz, EPDP Chair
EPDP Team meeting August 7, 2018, excerpts (emphasis added):
“… the third takeaway was given the lack of consensus I think we should get over this triage section right away. I think I had a fond dream that there would be some minor differences on some points and we’d, you know, we’d discuss them, find a resolution so we tick another box where there’s consensus but given - I don't think that’s possible so I think it’s important for us to make a triage report to the GNSO and then get into the heavy lifting work right away.”—EPDP Chair Kurt Pritz, 7 Aug 2018 transcript, pp. 5-6 of 46.
"... the clause that says, you know, if there’s a conflict between the temporary spec and other portions of the agreement, the temporary spec will prevail and then it goes onto say, “Unless ICANN determines in its reasonable discretion that this temporary specification shall not control,” is problematic. So many found that clause to be problematic ..." --EPDP Chair Kurt Pritz, 7 Aug 2018 transcript, supra, p. 10.
Milton Mueller (NCSG): "... What matters here is the actual purpose of ICANN, not us specifying other uses of third parties. That we have to get the rationale first ... our purpose is a limited one consistent with ICANN's mission." 7 Aug 2018 transcript, supra, p. 19. 
Milton Mueller (NCSG): "... that question reveals the misunderstanding that is causing about - I’d say about 50% of the disagreement here. First of all you’re always - to have a domain name registration, you're always going to be collecting a significant amount of personal information, you need to know who’s registered the name, who owns it ... how they [can] be contacted ... law enforcement will always be able to request that data under their law for legitimate purposes ... I assume none of us want ICANN to be collecting our social security numbers as Americans or our national identity cards in a number - or (ADHAR) number, if you're an Indian citizen. I think we’d all view that as kind of creepy, wouldn’t we? I hope. But that in fact would greatly facilitate law enforcement, if they did that, right? So it’s a very simple line ... ICANN will collect ... data for its own purposes. Law enforcement will issue subpoenas or have some kind of access mechanism that when they have a legitimate purpose gives them access to it. But ICANN’s purpose is not to be law enforcement on the internet; that’s not the reason it collects the data it collects. To me this is very obvious and simple and I don't think it should be construed as me or anyone saying that law enforcement will never have access to data that they need to solve crimes." 7 Aug 2018 transcript, supra, pp.24-25.
Milton Mueller (NCSG): "... the reason we greatly dislike [Temporary Specification] 4.4.2 and anything like it is it seems to say that we’re just opening the door to anybody who wants the data to get it as long as it’s some kind of a legitimate interest not outweighed by the fundamental rights of relevant data subjects. So essentially you're begging the entire question here. You're saying we’ll provide access to anything and everything as long as it’s legal but again, ICANN is in no position to determine what is legal; it’s the GDPR and other privacy laws that determine what’s legal. So why is this [4.4.2 of the Temporary Spec] even in here?" 7 Aug 2018 transcript, supra, p. 33.
Milton Mueller (NCSG): "... there is no public interest definition in ICANN's maintenance of the directory service in its core mission and - as somebody who has 30 years of experience in telecommunications regulation under a public interest standard, I think you really got to move away from that claim as fast as you can." 7 Aug 2018 transcript, supra, p. 36.
Chat transcript Aug 7, 2018 excerpts:
  • Stephanie Perrin (NCSG): "The entire temp spec starts with the assumption that WHOIS should be maintained to the maximum extent possible. This is not necessary, today, given the possibilities RDAP brings. A de novo approach is required."
  • Milton Mueller (NCSG): "The only collection issue that has been contested under GDPR is Admin and Tech contact."
  • Milton Mueller (NCSG): "so really, is that all we are debating here - whether Admin and Tech contact should be collected?"
  • Benedict Addis (SSAC): "... I've never seen a case where LE [Law Enforcement] needed Admin or Tech contacts." [Addis is a former Law Enforcement Officer]
  • Milton Mueller (NCSG): "right, Benedict, so there's not much of a collection issue here is there?"
  • Benedict Addis (SSAC): "Yep, I agree - as long as there’s no mission creep!"
  • Benedict Addis (SSAC): "And can we get rid of fax numbers whilst we’re at it ..."

Editor's note: since ICANN's incompetent management team, which wrote the Temporary Specification, obviously neither understands the domain name industry nor ICANN's own mission and purpose, a little historical review may be helpful. Where does this Admin and Tech contacts requirement originally come from? RFC1591 (1994) which deals with top-level domains (e.g., .COM, .NET, .ORG, and ccTLDs): 
"1) The key requirement is that for each [top-level] domain there be a designated manager [registry operator] for supervising that domain's name space. In the case of top-level domains that are country codes [ccTLDs] this means that there is a manager that supervises the domain names and operates the domain name system in that country. The manager must, of course, be on the Internet. There must be Internet Protocol (IP) connectivity to the nameservers and email connectivity to the management and staff of the manager. There must be an administrative contact and a technical contact ... the administrative contact must reside in the country involved."
It's way past time for ICANN to stop being "stuck on stupid." As I have noted before, the only registration data (re: the "registrant") necessary for the ICANN RDS and/or WHOIS is the name, address, phone number, and email address, of the legal entity or person registering (i.e., the "registrant") the domain name, also referred to as the legal and lawful "domain name holder" a/k/a the "responsible entity or person" for the police to contact about a domain name. A registrar may have much more information about one of its registrants (billing, credit cards, other contact info, etc.) but NONE of that additional information about a registrant, or the registrant's organization, is necessary for ICANN's purposes and mission. My registrars may have all kinds of information about me and my companies, none of which is ICANN's business beyond the name, address, phone number, and email address of the registrant of each gTLD domain name. Requirements for an "admin contact" and "tech contact" for each domain name, in addition to the domain name registrant's contact information, are unnecessary, and in most cases redundant and duplicative, as Tucows CEO Elliot Noss talked about at ICANN62, as well as problematic in view of GDPR requirements.  

Frankly, ICANN (and much of the "ICANN community") is clueless because ICANN excludes most Registrants from participating in the "ICANN community"--there is no Registrants Stakeholder Group nor any other group within ICANN that primarily represents the millions of entrepreneurs that comprise the vast majority of domain name registrants globally (the ICANN Business Constituency is essentially just another branch of the IP Constituency--big corporations and their lawyers and lobbyists interested in enforcing "Intellectual Property Rights"). That is a major reason why ICANN is failing the global internet community generally, and the needs of millions of domain name registrants worldwide.

See also: ICANN Chairman's letter re: EPDP costs (pdf), and Answers to the questions posed to ICANN Org from the Tuesday, 7 August 2018 EPDP Team meeting. More info in last week's News Review

 ICANN's GDPR Train Wreck
  • ICANN loses injunction bid in dispute over WHOIS data in Germany | out-law.com (Legal news and guidance from Pinsent Masons law firm): The EDPB [European Data Protection Board] guidance effectively requires ICANN to "go back to the drawing board to make its rules around the collection and use of WHOIS data compliant with the General Data Protection Regulation (GDPR)"--Karen Gallagher of Pinsent Masons, an expert in data protection and IP law.
  • "Internet overseer ICANN loses a THIRD time in Whois GDPR legal war - US org told by German court its delusional claims in privacy rules battle are not credible"--Kieren McCarthy, theregister.co.uk.

2) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a.  Odd Correspondence published by ICANN 10 August 2018:
 Marby Letter re ICANN Brussels regional office activities
9 Aug 2018 Letter from ICANN CEO Göran Marby to Willem Debeuckelaere (pdf), re: "activities of the Brussels Branch Office" in reply to 16 July 2018 Letter from Willem Debeuckelaere to Jean-Jacques Sahel (pdf). Editor's note: see Brussels Branch Manager and Legal Representative ICANN Resolutions 2017.06.24.12 – 2017.06.24.15.

b. New gTLDs .ISLAM and .HALAL: 1 Aug 2018 Letter from Attorney Mike Rodenbaugh to ICANN Outside Legal Counsel Eric P. Enson (pdf), embed below:

See also:

c. WHOIS & GDPR--ICANN Contract Compliance--3 August 2018 Letter from ICANN (Maguy Serad) to Ben Milam re ICANN WHOIS Enforcement Process. See also 13 July 2018 Letter from Ben Milam to Maguy Serad.

d. Overtasked: GNSO Project List (pdf)

e. ICANN Board Committees Reports (Jan-Jun 2018)

f. 9 Aug 2018 Letter from GAC (pdf) to GNSO re IGO Curative PDP Final Report.

g. New gTLDs .INC, .LLC, .LLP: Correspondence and Resolution (pdf) to ICANN from the National Association of Secretaries of State (NASS).

h. 8 Aug 2018 Letter from ICANN to NTIA (pdf) re: NTIA's letter of 16 April 2018 regarding Port 43 access and modifications to DNS Resource Records.

i. ICANN Global Domains Division (GDD) General Operations Handbook for Registrars (pdf).

Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. Another ICANN new gTLD .BRAND Extortion Racket #FAIL: 
Editor's Note: The Friday, July 13, 2018 Letter at the end reads like a termination notice to ICANN CEO Goran Marby
b. Yes, ICANN is a Public Menace--IDN or Internationalized Domain Name homograph attack, also known by the names “homoglyph” and “script spoofing,” attackers are able to register lookalike domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin and Greek or other scripts--securityboulevard.com.

c. Famous Four Media, GRS Domains, Domain Venture Partners et al--insider battles, changes in ownership and/or control and/or management, of 16 high-volume new gTLDS--a total of 5,370,991  (as of Aug 10, 2018) domain names, being 21.67% of all new gTLD domain names registered, of which many, if not most, may drop over the next 12-24 months under the new pricing policy--read more at domainincite.com. Editor's note: Add another chapter to the continuing saga of incompetent ICANN and its new gTLD registry operator "partners." 

d.  Cryptocurrency Handshake (handshake.org) is aiming to be a "wholly democratic and decentralized certificate authority and naming system," and has raised $10.2 million to replace the current digital entities maintaining internet infrastructure.--linuxjournal.com. See also the project's GitHub page: https://github.com/handshake-org. Editor's note: Replace ICANN? Sounds too good to be true!

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
  • China is "now exporting its model of a censored internet to other countries, including Vietnam, Tanzania and Ethiopia"--NYTimes.com.
  • US: Senate Democrats Are Circulating Plans For Government Takeover Of The Internet--reason.com.
  • Uganda: A social media tax, freedom of speech and Uganda--ft.com
  • China: "Click this link and you can get The Register banned in China ... thanks to that subversive dissident Winnie the Pooh"--theregister.co.uk
  • US: "Facebook, Twitter, Google are killing free speech--lifesitenews.com. Krieger: "Stop Complaining And Just Delete Facebook"--zerohedge.com.

5) Most Read this past week on DomainMondo.com:
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor, Domain Mondo 

Editor's note: this edition of News Review was published early this weekend to accommodate summer vacation schedules.

feedback & comments via twitter @DomainMondo


Domain Mondo archive