News Review: GDPR, ICANN EPDP Dysfunction, & WHOIS Misuse

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-09-09) with analysis and opinion: Features • 1) GDPR, ICANN EPDP Dysfunction, & WHOIS Misuse2)a. ICANN v. EPAG, b. SSR2, c. RDAP, and more, 3) a. Donuts, Domains, Fadi Chehade, Abry Partners & The Greater Fool Theory, b. Dumb Domainers, c.ICANN Survey, 4) ICYMI, 5) Most Read & Top Geolocations.

1) GDPR, ICANN EPDP Dysfunction, & WHOIS Misuse
Photo of ICANN CEO Goran Marby - ICANN's GDPR Train Wreck ©2018 DomainMondo.com
Definition of "train wreck" -- a chaotic or disastrous situation that holds a peculiar fascination for observers.
Expedited Policy Development Process (EPDP) on Temporary Specification for gTLD Registration Data (graphic)
ICANN EPDP Team Meetings coming up: Tuesday Sep 11, and Thursday Sep 1313:00 UTC, 9am EDT. Non-members of the EPDP Team can follow the EPDP meetings via Adobe Connect: https://participate.icann.org/gnso-epdp-observers, or audio cast via browser or application.

Editor's note: links to the transcripts, Adobe Connect recordings, and MP3 audio, will be posted in UPDATES below (as made available by ICANN). Note that links to EPDP meetings' transcripts are usually posted on the GNSO calendar within 24 hours). See also EPDP Team wiki, mail list, Temp SpecEPDP Charter (pdf), GNSO's EPDP page, & weekly updates to GNSO Council.

Thursday Sep 13, 2018, EPDP Team Meeting (wiki page); Agenda in slides embed below:

a. 9/13 Meeting transcript (pdf), Chat transcript (pdf) embed below, Adobe Recording, and MP3.

b. 9/13 Notes & Action items (embed below), Action Items; re: agenda item 4 (Introduction to Appendix A), see DSI for Appendix A here; The data matrix for item 3 can be found here (under background documents).

c. EDPB Advice (pdf)(embed below):

Tuesday Sep 11, 2018, EPDP Team Meeting (agenda in meeting slides embed below).

a. 9/11 Meeting Transcript (pdf)  Adobe Recording, MP3Chat transcript (pdf) embed below; notes and action items;
b. 4.4. purpose overview by Thomas Rickert here and attachment; Google Sheet EPDP Team input (last 3 columns) by 19.00 UTC on Friday 14 September to allow the leadership team to work with Thomas and Benedict to prepare the subsequent discussion on this overview.

9/11 Chat transcript (highlighting added):

c. GDPR Training--Ayden Férdeline (NCSG) Sep 10: "This training is hopelessly inadequate and intended to ‘check a box’ rather than impart in EPDP members any new knowledge. The course is intended to take 45 minutes to complete and, from what I understand, has a retail price of £20 per user. The course offers no training on the powers of supervisory authorities, on how to perform a data protection impact assessment, or on privacy by design, among other obvious deficiencies in its curriculum. I was under the impression we were looking for a course that would take at least three hours to complete, if not one day. We cannot be taught too much in one day, but we could be taught a lot more than can be learned in this 45 minute course (which can be completed a lot quicker than that actually) intended for front-line employees. This is so disappointing and really does us a great disservice. This is not the training we needed, and it should have been obvious from the price alone it was not intended to be used by those who would be tasked with designing a GDPR-compliant policy or system." 
Chris Disspain: "Do you have an example of the sort of training to which your refer?"
Ayden Férdeline"Yes, I would be looking to the catalogue of courses offered by the [International Association of Privacy Professionals](https://iapp.org). They have a number that I think would be sufficient for our purposes (some that looked suitable to me were those at the “train”, “GDPR ready”, “engage”, and “expertise” levels, but NOT “awareness”). We need to know how to implement the GDPR in a way that meets regulatory requirements while minimising risk to ICANN and the contracted parties, which is exactly what the 45-minute £20 course ICANN has found us does not help with (and was never intended by the provider to do)."
d. Triage Report 
Triage Report to be submitted to the GNSO Council Sep 11, 2018, excerpt: "The objective of this Triage Report is to document the EPDP’s level of agreement on specific provisions within the current Temporary Specification for gTLD Registration Data .... essentially no section of the Temporary Specification will be adopted without modifications. " (emphasis added)

* * * * * * *
Highlights from last week's ICANN EPDP Team meetings--excerpts from EPDP meeting Sep 6, 2018, transcript (pdf), references are to the transcript page number:

Kurt Pritz (the inept EPDP Chair appointed by the GNSO Council): "the triage report, you know, to me does not constrain us in any way in our future deliberations. I’m going to go ahead and [send] this [the triage report] to the GNSO Council ..." transcript, p. 4.

Kurt Pritz: "Can somebody from staff answer that? I think I know the answer but I’ve screwed up before." p. 5.

Alan Greenberg (ALAC): "I must admit I’m somewhat confused. Milton had suggested that we put together, you know, drafting teams, I think anyway, I think what he said is to not have competing individual positions suggested. I’ve heard that we have assigned or asked specific people to try redrafting. I haven't heard about any actual multi-group, multi-person teams being put together to try to find a consensus drafting which Amr sort of implied when in his intervention, and we are clearly getting competing proposals here. So I’d like some clarity on how are we supposed to move forward? We seem to be doing – going in three different directions at once and I’m not sure that’s really helpful." p. 12.

Mark Svancarek (BC): "Sorry for piling on with complaints about us having to review the last  document submitted last night as the first document to review this morning, but I just have to pile on. I really think this conversation has been pretty ineffective ..." p. 32.

Alan Greenberg (ALAC): "I have to say I find this whole thing surreal. We’re discussing this as if these are definitive changes and should we accept them or not but James has said these were largely drafted from registrar point of view ignoring other ICANN needs, so I’m not quite sure why we're doing this but I’ll continue ..." p. 36.

Thomas Rickert (ISPCP): "So I’m struggling with this entire discussion and I think that if we ask whether this group – what people think we're trying to achieve here we will probably get as many answers as we have participants on the call ..." p. 39.

More info and updates on last week's meetings in last week's News Review. Note also:
• The EPDP Team will finally get its requested GDPR training;
• Early Input from ICANN AC/SOs to EPDP Team;
• Comment on the 20 August 2018 “Draft Framework for a Possible Unified Access Model" from RySG & RrSG (pdf);
• 4 September 2018 Letter from ICANN CEO Göran Marby to Tucows CEO Elliot Noss (pdf) re: ICANN Registration Data Privacy, in reply to 7 June 2018 Letter from Elliot Noss to Göran Marby (pdf), embed below:

• Worth Reading Again: September 25, 2017 Memo (pdf) to ICANN's failed RDS WG re: Final responses to EU data protection questions re gTLD Registration Directory data.
•  Letter from ICANN CEO Göran Marby to GAC Chair Manal Ismail 04 Sep 2018 - Request for Guidance on GDPR and Providing Access to Non-Public WHOIS Data marby-to-ismail-04sep18-en.pdf [pdf, 305 KB].
•  Letter from Independent Compliance Working Party to ICANN (Jamie Hedlund), et al. 06 Sep 2018, re: ICWP Priorities, icwp-to-hedlund-et-al-06sep18-en.pdf [pdf, 132 KB].

WHOIS Misuse Study:
WHOIS Misuse of Registrants' Data--from the EPDP mail list (emphasis and links added): "Piscatello’s blog post is almost pure fiction. For example, he claims that there’s no evidence that Whois affects spam, when systematic research commissioned by ICANN itself concluded: “The main finding of the descriptive study is that there is a statistically significant occurrence of WHOIS misuse affecting Registrants’ email addresses, postal addresses, and phone numbers, published in WHOIS when registering domains in these gTLDs. Overall, we find that 44% of Registrants experience one or more of these types of WHOIS misuse. Other types of WHOIS misuse are reported, but at a smaller, non-significant rate. Among those, a handful of reported cases appear to be highly elaborate attempts to achieve high attack impact.”"

Editor's note: the draft study (pdf) and final study (pdf) referenced above. Comments to the final WHOIS Misuse Study commissioned by ICANN are here. Of note are the comments submitted by the At-Large Advisory Committee (pdf): "The ALAC will support any useful measure to abate misuse," and the Noncommercial Users Constituency (pdf): "measures must now be taken to protect Registrants."  Excerpt below:

See also: https://whois.icann.org/en/file/misuse-study-final-13mar14-en.

2) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. ICANN v. EPAG Domainservices, GmbH--English Translation of ICANN's Response to EPAG's Comment on ICANN's Plea of Remonstrance  [PDF, 178 KB]. Original filing in German here (personal identifiable information was redacted by ICANN). More case documents here.

b. SSR2: The ICANN Security, Stability, and Resiliency of the Domain Name System Review Team (SSR2) finally re-started its work, holding an in-person meeting 22-23 Aug 2018, after being paused by the ICANN Board of Directors in October 2017. Read more here.

c. RDAP: Moving Forward with RDAP | ICANN.org (RDAP is an eventual replacement for WHOIS protocol).

d. KSK Rollover: Preparing for the KSK Rollover | verisign.com: the KSK rollover is currently scheduled for 11 Oct 2018, subject to final approval by the ICANN Board of Directors.

e. ICANN Board Genval Workshop: September 14-16, the ICANN Board will be convening in Genval, Belgium, a town just south of Brussels, to hold its fifth workshop of calendar 2018. More here. Also, the ICANN Board will be holding a public Board meeting in Genval, Belgium: 16 Sep 2018, 08:00 – 09:00 UTC / 4am-5am EDT (US), in English only, via listen-only Adobe Connect: https://participate.icann.org/opencommunity/
Participant Code: 5542211258; Additional access numbers here.

f. ICANN Global Domains Division (GDD) General Operations Handbook for Registrars in Chinese 面还提供其他语种:2018年8月21日registrar-handbook-21aug18-zh.pdf [pdf, 409 KB]

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. Donuts, Domains, Fadi Chehade, Abry Partners & The Greater Fool Theory
FLASHBACK--US Senator Ted Cruz: ICANN CEO Fadi Chehade Is Misleading the United States Senate--"Chehade Should Recuse Himself From All ICANN Decisions That Could Impact The Chinese Government"--February 23, 2016.
Definition of "Donut" (American English) In informal speech the phrase is used to highlight stupidity, e.g., "You Donut"
  1. An individual who is extremely stupid. Lacks intelligence and common sense.
  2. An idiot. A mild insult often used in the work places of southern England.
  3. Somebody who does something incredibly stupid. An idiot.
Editor's Analysis and Opinion: Fadi Strikes (Out) Again! The largest new gTLDs registry operator (more than 200 new gTLDs), Donuts Inc., announced Sep 5, 2018, that it had entered into an agreement "to be acquired by Abry Partners," a private equity firm in which former ICANN CEO Fadi Chehade is now a partner. Terms and timing of the agreement were not disclosed, but Abry's investment is reportedly only for a majority stake in privately held Donuts, and does not provide any additional cash for the company, instead, it provides a way for original investors in Donuts to exit.

While still ICANN CEO, Chehade announced in May, 2015, he would leave ICANN in March 2016, long before his contract ended on June 30, 2017, and did not disclose his reasons for serving as ICANN CEO for only 3½ years, instead of his full term. In August, 2015, he announced that after leaving ICANN he would be a "Senior Advisor on Digital Strategy" at Boston-based Abry Partners, adding, "I expect to add other roles to my portfolio and will update you all as appropriate." Later in December 2015, Chehade announced from Wuzhen, China, that he would serve, after he left ICANN, as Co-Chair of an advisory committee to the government of China's World Internet Conference (WIC), described by Professor Milton Mueller as "[l]ike almost everything in China, the WIC is unabashedly state-driven ... a vehicle for the Chinese [Communist] Party-state’s policy agenda ..." 

As ICANN CEO, Chehade's pet project was the NetMundial Initiative, which "crashed and burned" when ICANN and the World Economic Forum stopped funding it in 2016. In February, 2015, at a DNA meeting during ICANN52, Chehade stated, "I need to understand it [the domain name industry] more and spend more time in it, no question."  While at ICANN, Chehade was known for hiring and promoting his cronies to management positions within ICANN. Chehade promoted, in June, 2013, his childhood friend and former co-worker, Akram Atallah, to the then second-highest paid position at ICANN, President of the Global Domains Division (GDD), which is now the highest paid position at ICANN at  $745,615.00 per the most recently available IRS 990 (pdf), p.56 of 81.

Perhaps it was for some or all of these reasons, that Abry Partners decided to venture into an industry where it has no experience--the domain name industry--despite what Abry says on its website, abry.com: "Abry invests in private equity, preferred stock and debt securities within our sectors of expertise."

The Abry-Donuts deal may be both getting out while the getting's good (for the original investors in Donuts) and an example of the greater fool theory. If so, it may be just another version of what is described in the article at the next link below, only at the TLD (top-level domain) level.

b. Domaining: The “Dumb Domainer” Industry and How it Operates | ricksblog.com.

c. Trademarks & Domain Names: Participate Now in the Sunrise and Trademark Claims Survey | ICANN.org. [Editor's note: I've already completed the survey, and I encourage all registrants to complete the survey which takes less than 15 minutes.]

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a. Why the Whole World Should Be Up in Arms About the EU's Looming Internet Catastrophe--eff.org:
"The link tax means that only the largest, best-funded companies will be able to offer a public space where the news can be discussed and debated. The censorship machines are a gift to every petty censor and troll (just claim copyright in an embarrassing recording and watch as it disappears from the Internet!), and will add hundreds of millions to the cost of operating an online platform, guaranteeing that Big Tech's biggest winners will never face serious competition and will rule the Internet forever."

b. California Consumer Privacy Act of 2018 becomes effective on January 1, 2020. It includes some aspects of the EU’s General Data Privacy Regulation (GDPR), such as the right to be forgotten, "but it raises the ante"--jdsupra.com.

c. New GDPR-Inspired Data Laws In Brazil And India--jdsupra.com.

d. Cyber Norms: A Farewell to Norms |  internetgovernance.org: "Exhibit A: Russian 'meddling'--The current hysteria about Russian influence operations in the U.S. is deserving of a Sherlock Holmesian title: “Russian Influence Operations and the Curious Case of the Inverted Norm."

e. Facebook: How Duterte Used Facebook To Fuel the Philippine Drug War | buzzfeednews.com: due to "heavy subsidies that keep Facebook free to use on mobile phones, Facebook has completely saturated the country. And because using other data... is precious and expensive, for most Filipinos the only way online is through Facebook ..."

5) Most Read this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

DomainMondo.com's readers by geolocation--top 3 countries--results the same for week and month:
  1. United States of America (US)
  2. People's Republic of China (CN)
  3. Federal Republic of Germany (DE)

-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


Domain Mondo archive