2019-03-31

News Review 1) Almost No One Wants To Be ICANN EPDP Phase 2 Chair

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2019-03-31) with analysis and opinion: Features •  1) Almost No One Wants To Be ICANN EPDP Phase 2 Chair, 2) EPDP Needs Independent Legal Counsel, 3) Other ICANN News: a.Public Comment Periods Closing in April, b. Tweet of the Week, 4)a. New gTLDs' Cannibalizationb. Digital Identities & Privacy, 5) ICYMI: EU Copyright Directive, and more, 6) Most Read.

1) Almost No One Wants To Be ICANN EPDP Phase 2 Chair:
"The deadline for the EOI response has passed and there was only one respondent. In light of the EPDP and GNSO Council discussions in Kobe, I think it’s appropriate to extend the deadline for two weeks to Monday, 8 April while providing some additional details about the anticipated work load and pace/intensity of Phase 2. I hope this will inform potential Chair candidates and encourage a more robust response.  We have updated the attached EOI document accordingly, which will be posted later today."--Keith Drazek, GNSO Chair, 25 Mar 2019.
More info at Deadline Extended | ICANN.orgExpressions of Interest Sought for Chair of GNSO EPDP on the Temporary Specification for gTLD Registration Data – Phase 2. 

Editor's note: it's not hard to understand why almost no one wants the job--the dysfunctional and endless meetings, inept work plans, and ill-informed EPDP team members, all apparent in Phase 1 and its Final Report, should give pause to anyone considering the position--plus ICANN Org's push to be the 'sole gateway' for third-party access to redacted WHOIS data, and ICANN Org controlling all EPDP resources and support, including legal advice (EPDP does not have independent legal counsel). Anyone competent would likely demand assurances and changes in the EPDP meetings, work plans, processes, legal counsel arrangements, and available resources, agreed to up front and signed off by both ICANN Org and the GNSO Council, which might not be acceptable to an ICANN Organization used to manipulating PDPs in order to get the outcomes it wants. Otherwise, I suggest GNSO hire, and ICANN pay for, a competent professional knowledgeable in the GDPR, to co-chair EPDP Phase 2 along with current Acting Chair, Rafik Dammak. Under that scenario, there likely would be no need for professional mediators as were used extensively in the dysfunctional EPDP Phase 1, with mixed results.

2) The EPDP Team Needs Independent Legal Counsel: 
As noted above, the EPDP team does not have independent legal counsel. Bird & Bird, a London-based international law firm is advising both ICANN Org and the EPDP team. The Bird & Bird legal memos are here.

Editor's note: the most recent Bird & Bird memo dated 8 Mar 2019 "Advice on the legal basis for transferring Thick WHOIS" is indicative of the problems in having the EPDP team use ICANN Org's counsel (Bird & Bird) for legal advice. This March 8th memo is troublesome, in part, because it appears to approach its analysis cognizant of ICANN Org's known preference for a thick Whois model, and states one or more substantive factual errors, for example:
3.13. The thick Whois model eliminates a step that stakeholders might need to undertake in order to access the full Whois data set. Whereas under the thin Whois model, a stakeholder might need to first consult the registry to identify the relevant registrar before approaching the registrar to access the data, under the thick Whois model, the stakeholder would be able to obtain the full data set from the registry directly (provided the stakeholder can demonstrate an Authorised Purpose).--Bird & Bird legal memo, p.4.
The bold language in the quoted paragraph above from the March 8 Bird & Bird legal memo is factually incorrect. The identity of the registrar is non-redacted free public information available online under both thick and thin Whois models, so there is no need to "first consult the registry to identify the relevant registrar." Unfortunately Bird & Bird repeats this error again in its legal memo at page 5:
"The difference between a thick and thin Whois policy would mean that stakeholders would need to take only one minor additional step (i.e. checking a registry to identify the relevant registrar) in order to access restricted data."
How the lawyers at Bird & Bird came to this misunderstanding is unclear. Almost everyone understands the registrar is still listed in the public WHOIS data post-GDPR, irrespective of whether the Thin or Thick WHOIS model is being used (see graphic below).
source: http://archive.icann.org/en/topics/new-gtlds/thick-thin-whois-30may09-en.pdf
I can think of many more factual reasons why the 'Thin model' is much more preferable than the 'Thick model' under the GDPR, none of which were apparently ever presented to, nor considered by, Bird & Bird's lawyers before conducting their legal analysis and issuing their legal opinion memo. I think most would agree that any attorney's 'legal opinion' or 'legal analysis' based upon an incomplete or erroneous set of factual reasons, may be worthless.

Apparently no one on ICANN's legal staff or the EPDP 'Legal Committee' bothered "articulating" an accurate and complete set of facts to the Bird & Bird lawyers in connection with the 'Question Presented.' The main input to Bird & Bird for the memo appears to have been GNSO's "Thick Whois Report" issued 21 October 2013, before enactment of the GDPR. To get a good legal memo, there first needs to be a dialogue between attorney and client. Who communicated with the lawyers at Bird & Bird about this memo, the factual setting and background, and the 'Question Presented,' on behalf of the respective clients, the EPDP team, and ICANN Org?

The name of the registry operator is not in the WHOIS data set (Thick or Thin, redacted or non-redacted). The registrar's name is the only 'contracted party' identified, so it makes even more sense under Bird & Bird's logic and reasoning for registrars (which also collect the data) to hold the data and not transfer the personal data constantly to 3rd parties the registrar does not control, and for good reason should not trust (i.e., registry operators and ICANN), who might then unlawfully process the data or erroneously disclose the data to fourth parties, in violation of the GDPR or other privacy laws.

From a practical point of view, ICANN set up its ill-conceived new gTLDs program of over 1200 new gTLDs so that the new gTLDs could be (and are) 'bought and sold' like used cars, so the public never knows whether a particular new gTLD is in the process of "changing hands" from one registry operator to another, until the process has been completed and notice of that fact is then published somewhere in the bowels of ICANN's website, whereas a change of the registrar of record is always reflected in the unredacted WHOIS data. Any party desiring data on a domain name or registrant should, optimally, always seek out the registrar of record, not the registry operator nor ICANN. The registrar will not only have the full WHOIS record, but also other data not within the WHOIS data set which could be provided in response to a lawful Court order, subpoena, warrant, or other legal process, sought by law enforcement, a governmental agency, or even a private party, including in an 'emergency' situation. Neither ICANN nor the registry operators have, nor should they have, access to that additional personal data. I recognize ICANN Org's apparent desire to expand its power and authority beyond that ever contemplated, to be the 'sole gateway' to registrants' personal data. In fact, like most registrants, I am particularly uncomfortable with ICANN Org holding or having unlimited access to registrants' personal data since ICANN Org has a record of acting imprudently in so many cases as to render itself de facto "untrustworthy." 

It may be that the Bird & Bird lawyers are confused about what is provided in the Whois distributed data base of publicly available non-redacted information, irrespective of whether the Whois model is "thin" or "thick." Unfortunately, the legal memo appears to rely on the apparent factual error above to support its reasoning and conclusions, stating that "ICANN and the relevant parties articulated clear benefits to implementing the thick Whois policy for security, stability and reliability purposes."

In other words, ICANN Org and unknown 'relevant parties' have been "articulating" to Bird & Bird an incomplete or erroneous version of "facts" and "reasoning" in order to get the legal opinion ICANN Org and 'relevant parties' wanted. One really can't blame Bird & Bird, ICANN Org is the "paying client" not the EPDP team. However, this is a serious problem for the EPDP teamnot having independent legal counsel. This last legal memo from Bird & Bird is also troublesome for reasons other than given above. But since it is only ICANN and its contracted parties who are going to be sued under GDPR, maybe we shouldn't care?

Remedy? 1. The EPDP team should add a few non-lawyers to its EPDP Legal Committee in order to keep the EPDP lawyer-members honest; and 2. the EPDP Team should retain its own independent legal counsel free from ICANN Org and unknown 'relevant parties' interference, inappropriate influence, and ex parte "articulating."

3) Other ICANN News
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
a. Public Comment periods closing in April, 2019:

b. Tweet of the Week: From .SUCKS to .ORG - How ICANN Californicates the World Wide Web

4) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. New gTLDs' Cannibalization--Verisign Domain Name Industry Brief as of end of Q4 2018
Editor's noteafter subtracting the net increases of ccTLDs (8.2M) and .COM (7.1M) from the total net increase of all TLDs (16.3M), the grand total net increase of all the other gTLDs (including new gTLDs), is only 1 million YOY, indicating ICANN's mismanagement of gTLDs, irresponsibly flooding the market with over 1200 new gTLDs since 2014, which have generated little net new growth overall in gTLDs (if you exclude .COM which is in a class by itself). The new gTLDs'  cannibalization of all gTLDs overall--both within new gTLDs and older gTLDs (except for .COM)--will only get worse when ICANN and its "community" mindlessly continue to delegate even more new gTLDs in the next round. There is no "lack of awareness" problem with new gTLDs, that's a 'false narrative' pushed by the new gTLDs domain industry and some at ICANN as an excuse as to why the new gTLDs have failed so miserably in the marketplace from original predictions and expectations. Go to GoDaddy.com and look around, you have to step around and over the new gTLDs in order to register a .COM domain name.

b. Digital identities and privacy: Time to change how domain names are registered?--aei.org:
"... A new digital identity service has both government and commercial viability for validating transactions, record keeping, and regulatory compliance. Instead of trying to fit old policies with new regulations, let’s hope innovators embrace technology to move us forward to a better, more productive way of using the internet."

5) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
EU’s Parliament Signs Off on Disastrous Internet Law: What Happens Next?--eff.org (graphic)
EU Copyright Directive: "The European Parliament has abandoned common-sense and the advice of academics, technologists, and UN human rights experts, and approved the Copyright in the Digital Single Market Directive in its entirety ... Unlike EU Regulations like the GDPR, which become law on passage by the central EU institutions, EU Directives have to be transposed: written into each member country’s national law. Countries have until 2021 to transpose the Copyright Directive, but EU rarely keeps its members to that deadline, so it could take even longer. Unfortunately, it is likely that the first implementation of the Directive will come from the countries who have most enthusiastically supported its passage. France’s current batch of national politicians have consistently advocated for the worst parts of the Directive, and the Macron administration may seek to grab an early win for the country’s media establishment ..."--eff.org. See also: Europe is splitting the internet into three--how the Copyright Directive reshapes the open web--theverge.com.

FTC announces inquiry into the privacy practices of broadband providers--The Federal Trade Commission wants to know what data your ISP is collecting about you--theverge.com.

For-Profit Monopolies Which Censored RussiaGate Skeptics: "We either take down Facebook and Google and turn them into tightly regulated transparent public utilities available to all or they will destroy what little is left of American democracy."--CharlesHughSmith.

Fighting censorship and expanding internet freedom--cfr.org: "internet rights advocates would do well to reign in their exuberance for the power of markets alone to expand political liberties." See also The State of Internet Freedom Around the World--pcmag.com.

From freedom to despair: the internet’s short but fast highway to hell--crikey.com.au.

Net Neutrality: Will Congress Save Internet Freedom?--entrepreneur.com.

The global rise of Internet sovereignty--China and Russia want the global internet to look more like theirs. Some argue they are beginning to succeed--codastory.com.

Russia: Vladimir Putin signs sweeping internet-censorship bills--publishing "unreliable socially significant information" can lead to big fines--arstechnica.com and Russia is Censoring More Than Just the Internet--themoscowtimes.com.

New Zealand Christchurch massacre another internet-enabled atrocity?--thehill.com.

Every Minute Online Is a Battle for Consumer Attention--pcmag.com.

South Africa In Risk of “Passive” Internet Censorship with New Law--technadu.com, and Why South Africa’s online freedom is at risk--The Film and Publication Amendment Bill stands to change South African content creation drastically--thesouthafrican.com.

"How Cam Models Are Finding Freedom in Cryptocurrency"--"online performers are moving into the high-tech realm of digital currency"--rollingstone.com.

"Alleged Child Porn Lord Faces US Extradition"--websites that could only be accessed using the Tor Browser Bundle, which is built on the Firefox Web browser--defendant holds dual Irish-US citizenship, was denied bail and held pending his nearly six-year appeal process to contest his extradition--krebsonsecurity.com.

6) Most Read this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com

-- John Poole, Editor  Domain Mondo 

feedback & comments via twitter @DomainMondo


DISCLAIMER

Domain Mondo archive