News Review | EPDP Initial Report: ICANN GDPR Train Wreck #2

Domain Mondo's weekly internet domain news review (NR 2018-11-18 with analysis and opinion: Features • 1) EPDP Initial Report: ICANN GDPR Train Wreck #2,  2) Other ICANN news: a. Afilias & .WEB, b. More New gTLDs' Dysfunction,  c.ICANN in Paris, 3) Names, Domains & Trademarks: Cybersquatting?, Tucows $TCX, GoDaddy $GDDY, ICYMI re: .COM, 4) ICYMI Internet Duopoly: US & China, and more,  5) Most Read.

UPDATE Nov 21-22, 2018: ICANN has published the EPDP Initial Report (pdf) now open for comment by anyone until comments close Dec 21, 2018, 23:59 UTC.  A webinar is planned for Thursday 29 November at 14.00 UTC (more info at the link).

This will be the only opportunity for public comment, "speak now or forever hold your peace!" Read also the blog post by EPDP leadership Kurt Pritz and Rafik Dammak.

1) EPDP Initial Report: ICANN GDPR Train Wreck #2

Definition of "train wreck" -- a chaotic or disastrous situation that holds a peculiar fascination for observers.

UPDATE Nov 20: The EPDP working group's "initial report" will be published for public comment tomorrow, Nov 21, or next week. Latest version here (pdf).

UPDATE Nov 19: Editor's note: I removed the "?" from this post's title after the EPDP group spent the first 50 minutes of its call Monday, Nov 19, 2018, discussing what would actually be in the "initial report," and when it would be published--for more "color" review the Adobe recording, meeting transcript (pdf), and chat transcript. The Initial Report (pdf) "latest version." Timeline updates below. Monday's call was also notable in that EPDP Chair Kurt Pritz dropped off the call early, leaving ICANN staff member Marika Konings to chair the rest of the meeting. More info on the Monday meeting wiki page and action items.

EPDP meeting Tuesday Nov 20 (wiki page, docs, chat transcript, Adobe recording), 14:00 UTC (9am EST). See also GNSO Council EPDP page and updates. Links to all EPDP meetings' transcripts and recordings are on the GNSO calendar. Other EPDP links: wiki, mail list, action items, Temp Spec, EPDP Charter (pdf), Data Elements Workbooks (pdf).

EPDP Current Target Dates (updated since EPDP Chair's letter):

• 19 Nov 2018  21 Nov Publish Initial Report & Public Comment (30 days)
• ‌19 Dec 2018  21 Dec Public Comment period close on the Initial Report
• 1 Feb 2019 Submission of Final Report to the GNSO Council

EPDP meetings this week scheduled for Monday Nov 19 and Tuesday Nov 20 starting at 14:00 UTC (9am EST). "Sneak Peek"--as of Friday, Nov 16, 2018, the ‘hopefully almost final’ version of the EPDP Initial Report: Redline version (pdf) and Clean version (pdf).

Last week's (ending Nov 16) EPDP highlights:

Re: Report of small team on Roles & Responsibilities of ICANN and Contracted Parties (Registrars, Registry Operators) [Editor's note: Rickert controllers memo (pdf), ICANN org feedback (pdf)]

On Nov 13, 2018, Alan Woods (RySG) wrote: "Thank you Thomas [Rickert], and furthermore thank you for your very balanced approach to the very surprising and frustrating events of last night's call. I think you have hit the nail on the head here, and I echo your sentiments in the last paragraph. I got the distinct impression (however far from the truth that may be) that ICANN Org were holding their cards close to their chest, and although having been at the table of the ePDP, appear to be open to rejecting the work of the ePDP. These are discussions which should have been had day 1, openly and transparently, and in fact this proves the fundamental importance of the ePDP actually having substantive discussion of the roles and responsibilities prior to the interim report publication.

"To echo Thomas, and indeed Diane, who I also recall made the point very well during the meeting, the hopes and wishes of the parties as to the allocation of roles and responsibilities are irrelevant; such matters are decided with reference alone to the legal reality and legal facts as to the roles held in the processing situation. I would further note that a statement made last night, (with the stated proviso that my audio dropped and I rejoined just as this utterance occurred therefore I will need to recheck the transcript for both context and accuracy), that ICANN Org is not a controller as it does not itself perform actual processing of the data; this concept of controllership is simply incorrect. I also heard this statement in Abu Dhabi from ICANN and indeed from the same person, and I also then raised my objection in an attempt to clarify. To hear it repeated again, last night, was worrisome (to put it mildly)."

"I personally think, receipt of the memo, in its entirety, and not a mere summary, as was promised in the dying moments of the meeting, is now hugely necessary. I furthermore think at this point the question of independent outside counsel for the eDPD is now, moreso than ever, a required step."

Stephanie Perrin (NCSG): "I agree with Alan.  Somehow, every time we go back to the EPDP as a whole, it seems we become less precise and the summary is that everything is hunky dory.  It is not.  Yesterday's small team call was extremely important; many thanks to Thomas [Rickert] for his excellent chairmanship of that call.  I appear to be in the minority in supporting a delay in the release of our report, but I think it is extremely important to at least sketch out the implications of this evident failure to agree on the basic premises of data controllership and accountability." (source)

Re: Legal vs Natural Persons (Registrants):

Stephanie Perrin (NCSG): "Given that Cherine Chalaby has just written to Keith Drazek (GNSO Council Chair) to express worry over whether we are going to finish this thing on time, perhaps we ought to stick to what is within scope. It is not clear to me how a new policy requiring that a distinction be made between legal and natural persons is within scope. Further to this general remark, I do not see any way a registrar or registry can evade responsibility for "accidentally" collecting personal information. Consent has to be meaningful and informed. On accuracy....read the RDS reveiw Team II report which is doubling down on accuracy. I would certainly not sign on to this one, if I were a registrar." (source)

More on last week's EPDP meetings (ending Nov 16) on last week's News Review. Also note:

• Advocates draw battle lines over national (US) Privacy Law--TheHill.com.

• Facebook Failed to Police How Its Partners Handled User Data--NYTimes.com.

2) Other ICANN News

a. Afilias IRP Filing Deadline re .WEB 27 Nov 2018. CEP / IRP Status Update 13 Nov 2018 (pdf): Cooperative Engagement Process (CEP) and Independent Review Processs (IRP) No active IRPs,
Active CEPs:

b. More ICANN New gTLDs' Dysfunction: ICANN's Next Round of unwanted, unneeded new gTLDs that "fail to work as expected on the internet" and ripoff consumers (registrants):

GNSO Council: " ... The New gTLD Subsequent Procedures PolicyDevelopment Process Working Group is currently developing policy that may ultimately instruct PTI to place new gTLDs into the root. However, it is not anticipated that delegations would occur in FY20 [ending June 30, 2020]."

source: https://www.icann.org/en/system/files/correspondence/langdon-orr-neuman-to-nguyen-06nov18-en.pdf

Editor's note: Jeff Neuman SOI. See also this.

c.  ICANN in Paris: What Happens When A Non-Profit Has Too Much Money? Among other things, this.

3) Names, Domains & Trademarks

a. Smoothie maker alleges domain name shakedown--MarketWatch.com:

“It is not cybersquatting when someone comes along and decides to adopt your domain name as a trademark. There is a secondary market in domain names. People buy and sell domain names every day.”--Attorney John Berryhill.

Editor's note: also never adopt a hyphenated .COM domain name for your business without getting the exact match .com domain with no hyphen, e.g., tmobile.com redirects to T-Mobile.com.

b. Tucows $TCX  Q3 2018 Question and Answer Transcript (pdf)

c. GoDaddy $GDDY Vice President of Investor Relations & Strategy, Sam Kemp, will host meetings at the Barclays Global TMT Conference in San Francisco on Wednesday, December 5, 2018. GoDaddy's most recent investor presentation will be available on its investor relations website at https://investors.godaddy.net.

d. ICYMI re: .COM, NTIA, Verisign, & ICANN: Verisign's Attempt to Increase its Fees Still Unjustified Despite Diversionary Tactic | circleid.com including the comment, and including mine:

"Good article Zak, until you got to "the [ICANN] Board can fulfill its responsibilities as the owner of the [.COM] registry"--WRONG! Notwithstanding ICANN's corrupt and misguided efforts to turn all gTLDs (new and legacy) into privately owned "assets"--no one "owns" the top-level domain .COM, it is still a global public resource as originally promulgated, and delineated in RFC 1591:

"These designated authorities [e.g., Verisign] are trustees for the delegated domain [.COM], and have a duty to serve the community. The designated manager [e.g., Verisign] is the trustee of the top-level domain for ... the global Internet community. Concerns about "rights" and "ownership" of domains are inappropriate. It is appropriate to be concerned about "responsibilities" and "service" to the community."

"Anyone could justifiably argue that ICANN "trashed" the concept of "gTLD trusteeship" for all of those gTLDs ICANN created after 1998, and obviously neither the ICANN Board, ICANN org, nor its so-called "ICANN community" have ever acted like a responsible "owner" or "steward" or even "trustee" of ANY gTLD, with the possible exception of the legacy gTLD .INT, which is why your argument is naive that the ICANN Board would now reform itself and recognize the "global public interest" in not only selecting a "trustee" for .COM, but also limiting that trustee's fees. ICANN is incompetent, corrupt, unfit (pdf) see p.12 and exhibits. Thankfully, the U.S. government is still exercising its historic "stewardship" role over .COM via the Cooperative Agreement notwithstanding our disappointment with the pricing "giveaway." If the U.S. government ever steps away from its historic stewardship role re: .COM, .COM and its registrants will be exploited for their "maximum profit potential" by ICANN and Verisign and .COM will be ruined just like ICANN and Verisign are now doing with .NET."

4) ICYMI Internet Domain News 

Internet Duopoly: "If I may be politically incorrect, there are two kinds of internet emerging: Californian cyberspace and Chinese cyberspace"--French president Macron at IGF2018--see also  Chair's Summary (draft) (pdf).

Internet Freedom: "Moroccan Internet Users Are ‘Partially’ Free"--moroccoworldnews.com.

ITU Plenipot ended Nov 16, 2018, in Dubai, more here.

5) Most Read this past week on DomainMondo.com: 

#1 News Review | GDPR & ICANN EPDP Draft Initial Report Dysfunction

-- John Poole, Editor • Domain Mondo 

feedback & comments via twitter @DomainMondo
Follow @DomainMondo

DISCLAIMER

News Review: GDPR, ICANN & WHOIS Data, EPDP Dysfunction

Domain Mondo's weekly internet domain news review (NR 2018-08-11) with analysis and opinion: Features •  1) GDPR, ICANN & WHOIS Data, EPDP Dysfunction,  2) Other ICANN news: a. Odd Correspondence, b. .ISLAM, .HALAL, c. Contract Compliance, and more, 3) Names, Domains & TMs: a. Another ICANN new gTLD .BRAND #FAIL, and more, 4) ICYMI, 5) Most Read.

1) GDPR, ICANN & WHOIS Data, EPDP Dysfunction

UPDATE: EPDP Team Meeting #5 Thursday, 16 Aug 2018 at 13:00 UTC 9am EDT. Meeting agenda:
1. Roll Call & SOI Updates
2. Welcome and Updates from EPDP Team Chair
3. Summary of responses to EPDP Input Survey Part 3 - Results for Appendix D: Uniform Rapid Suspension, Appendix E: Uniform Domain Name Dispute Resolution Policy, Appendix G: Supplemental Procedures to the Transfer Policy

4. Substantive Discussion of Temporary Specification:

• Part 3 of the Survey can be found at https://www.surveymonkey.com/r/7PWQPP7
• Appendix D: Uniform Rapid Suspension
• Appendix E: Uniform Domain Name Dispute Resolution Policy
• Appendix G: Supplemental Procedures to the Transfer Policy

5. Confirmation of action items and questions for ICANN Org, if any
6. Wrap and confirm next meeting to be scheduled for Tuesday 21 August at 13.00 UTC.

UPDATE 15 Aug 2018: Non-members of the EPDP Team can now follow the EPDP meetings taking place on Tuesdays and Thursdays at 13:00 UTC via Adobe Connect (view only for alternates and observers): https://participate.icann.org/gnso-epdp-observers, or audio cast via browser or application (e.g., iTunes).

August 16 meeting spreadsheet, and slides (pdf) embed below. Chat transcript (pdf), replay of mp3 audio and Adobe Connect recording (allow several seconds for recording to open). High level notes and action items here. 16 August 2018 Meeting transcript (pdf). Other links: EPDP Team wiki,  mail list, and Temporary Specification.

EPDP Team Meeting #4 Tuesday, August 14 at 13:00 UTC 9am EDT. Meeting agenda, background document, slides (embed below), chat (pdf), Mp3 recording, Adobe Connect Recording.

• High Level notes and action items from EPDP Team Meeting Aug 14, 2018.

• Meeting transcript (pdf).

Meetings August 7 and August 9, 2018, notes:

"Triage" summary above--"Initial indications are that the level of consensus is low."--Kurt Pritz, EPDP Chair

EPDP Team meeting August 7, 2018, excerpts (emphasis added):

“… the third takeaway was given the lack of consensus I think we should get over this triage section right away. I think I had a fond dream that there would be some minor differences on some points and we’d, you know, we’d discuss them, find a resolution so we tick another box where there’s consensus but given - I don't think that’s possible so I think it’s important for us to make a triage report to the GNSO and then get into the heavy lifting work right away.”—EPDP Chair Kurt Pritz, 7 Aug 2018 transcript, pp. 5-6 of 46.

"... the clause that says, you know, if there’s a conflict between the temporary spec and other portions of the agreement, the temporary spec will prevail and then it goes onto say, “Unless ICANN determines in its reasonable discretion that this temporary specification shall not control,” is problematic. So many found that clause to be problematic ..." --EPDP Chair Kurt Pritz, 7 Aug 2018 transcript, supra, p. 10.

Milton Mueller (NCSG): "... What matters here is the actual purpose of ICANN, not us specifying other uses of third parties. That we have to get the rationale first ... our purpose is a limited one consistent with ICANN's mission." 7 Aug 2018 transcript, supra, p. 19. 

Milton Mueller (NCSG): "... that question reveals the misunderstanding that is causing about - I’d say about 50% of the disagreement here. First of all you’re always - to have a domain name registration, you're always going to be collecting a significant amount of personal information, you need to know who’s registered the name, who owns it ... how they [can] be contacted ... law enforcement will always be able to request that data under their law for legitimate purposes ... I assume none of us want ICANN to be collecting our social security numbers as Americans or our national identity cards in a number - or (ADHAR) number, if you're an Indian citizen. I think we’d all view that as kind of creepy, wouldn’t we? I hope. But that in fact would greatly facilitate law enforcement, if they did that, right? So it’s a very simple line ... ICANN will collect ... data for its own purposes. Law enforcement will issue subpoenas or have some kind of access mechanism that when they have a legitimate purpose gives them access to it. But ICANN’s purpose is not to be law enforcement on the internet; that’s not the reason it collects the data it collects. To me this is very obvious and simple and I don't think it should be construed as me or anyone saying that law enforcement will never have access to data that they need to solve crimes." 7 Aug 2018 transcript, supra, pp.24-25.

Milton Mueller (NCSG): "... the reason we greatly dislike [Temporary Specification] 4.4.2 and anything like it is it seems to say that we’re just opening the door to anybody who wants the data to get it as long as it’s some kind of a legitimate interest not outweighed by the fundamental rights of relevant data subjects. So essentially you're begging the entire question here. You're saying we’ll provide access to anything and everything as long as it’s legal but again, ICANN is in no position to determine what is legal; it’s the GDPR and other privacy laws that determine what’s legal. So why is this [4.4.2 of the Temporary Spec] even in here?" 7 Aug 2018 transcript, supra, p. 33.

Milton Mueller (NCSG): "... there is no public interest definition in ICANN's maintenance of the directory service in its core mission and - as somebody who has 30 years of experience in telecommunications regulation under a public interest standard, I think you really got to move away from that claim as fast as you can." 7 Aug 2018 transcript, supra, p. 36.

Chat transcript Aug 7, 2018 excerpts:

• Stephanie Perrin (NCSG): "The entire temp spec starts with the assumption that WHOIS should be maintained to the maximum extent possible. This is not necessary, today, given the possibilities RDAP brings. A de novo approach is required."
• Milton Mueller (NCSG): "The only collection issue that has been contested under GDPR is Admin and Tech contact."
• Milton Mueller (NCSG): "so really, is that all we are debating here - whether Admin and Tech contact should be collected?"
• Benedict Addis (SSAC): "... I've never seen a case where LE [Law Enforcement] needed Admin or Tech contacts." [Addis is a former Law Enforcement Officer]
• Milton Mueller (NCSG): "right, Benedict, so there's not much of a collection issue here is there?"
• Benedict Addis (SSAC): "Yep, I agree - as long as there’s no mission creep!"
• Benedict Addis (SSAC): "And can we get rid of fax numbers whilst we’re at it ..."

Editor's note: since ICANN's incompetent management team, which wrote the Temporary Specification, obviously neither understands the domain name industry nor ICANN's own mission and purpose, a little historical review may be helpful. Where does this Admin and Tech contacts requirement originally come from? RFC1591 (1994) which deals with top-level domains (e.g., .COM, .NET, .ORG, and ccTLDs): 

"1) The key requirement is that for each [top-level] domain there be a designated manager [registry operator] for supervising that domain's name space. In the case of top-level domains that are country codes [ccTLDs] this means that there is a manager that supervises the domain names and operates the domain name system in that country. The manager must, of course, be on the Internet. There must be Internet Protocol (IP) connectivity to the nameservers and email connectivity to the management and staff of the manager. There must be an administrative contact and a technical contact ... the administrative contact must reside in the country involved."

It's way past time for ICANN to stop being "stuck on stupid." As I have noted before, the only registration data (re: the "registrant") necessary for the ICANN RDS and/or WHOIS is the name, address, phone number, and email address, of the legal entity or person registering (i.e., the "registrant") the domain name, also referred to as the legal and lawful "domain name holder" a/k/a the "responsible entity or person" for the police to contact about a domain name. A registrar may have much more information about one of its registrants (billing, credit cards, other contact info, etc.) but NONE of that additional information about a registrant, or the registrant's organization, is necessary for ICANN's purposes and mission. My registrars may have all kinds of information about me and my companies, none of which is ICANN's business beyond the name, address, phone number, and email address of the registrant of each gTLD domain name. Requirements for an "admin contact" and "tech contact" for each domain name, in addition to the domain name registrant's contact information, are unnecessary, and in most cases redundant and duplicative, as Tucows CEO Elliot Noss talked about at ICANN62, as well as problematic in view of GDPR requirements.  

Frankly, ICANN (and much of the "ICANN community") is clueless because ICANN excludes most Registrants from participating in the "ICANN community"--there is no Registrants Stakeholder Group nor any other group within ICANN that primarily represents the millions of entrepreneurs that comprise the vast majority of domain name registrants globally (the ICANN Business Constituency is essentially just another branch of the IP Constituency--big corporations and their lawyers and lobbyists interested in enforcing "Intellectual Property Rights"). That is a major reason why ICANN is failing the global internet community generally, and the needs of millions of domain name registrants worldwide.

See also: ICANN Chairman's letter re: EPDP costs (pdf), and Answers to the questions posed to ICANN Org from the Tuesday, 7 August 2018 EPDP Team meeting. More info in last week's News Review. 

Also ICYMI:

• ICANN loses injunction bid in dispute over WHOIS data in Germany | out-law.com (Legal news and guidance from Pinsent Masons law firm): The EDPB [European Data Protection Board] guidance effectively requires ICANN to "go back to the drawing board to make its rules around the collection and use of WHOIS data compliant with the General Data Protection Regulation (GDPR)"--Karen Gallagher of Pinsent Masons, an expert in data protection and IP law.

• "Internet overseer ICANN loses a THIRD time in Whois GDPR legal war - US org told by German court its delusional claims in privacy rules battle are not credible"--Kieren McCarthy, theregister.co.uk.

2) Other ICANN News

a.  Odd Correspondence published by ICANN 10 August 2018:

9 Aug 2018 Letter from ICANN CEO Göran Marby to Willem Debeuckelaere (pdf), re: "activities of the Brussels Branch Office" in reply to 16 July 2018 Letter from Willem Debeuckelaere to Jean-Jacques Sahel (pdf). Editor's note: see Brussels Branch Manager and Legal Representative ICANN Resolutions 2017.06.24.12 – 2017.06.24.15.

b. New gTLDs .ISLAM and .HALAL: 1 Aug 2018 Letter from Attorney Mike Rodenbaugh to ICANN Outside Legal Counsel Eric P. Enson (pdf), embed below:

See also:

• Letter from Eric P. Enson to Mike Rodenbaugh[Published 20 July 2018]

• Letter from Mike Rodenbaugh to Cherine Chalaby[Published 6 March 2018]

• Agenda | Board Accountability Mechanisms Committee (BAMC) 02 Aug 2018 (and minutes when available)

c. WHOIS & GDPR--ICANN Contract Compliance--3 August 2018 Letter from ICANN (Maguy Serad) to Ben Milam re ICANN WHOIS Enforcement Process. See also 13 July 2018 Letter from Ben Milam to Maguy Serad.

d. Overtasked: GNSO Project List (pdf)

e. ICANN Board Committees Reports (Jan-Jun 2018)

f. 9 Aug 2018 Letter from GAC (pdf) to GNSO re IGO Curative PDP Final Report.

g. New gTLDs .INC, .LLC, .LLP: Correspondence and Resolution (pdf) to ICANN from the National Association of Secretaries of State (NASS).

h. 8 Aug 2018 Letter from ICANN to NTIA (pdf) re: NTIA's letter of 16 April 2018 regarding Port 43 access and modifications to DNS Resource Records.

i. ICANN Global Domains Division (GDD) General Operations Handbook for Registrars (pdf).

Names, Domains & Trademarks

a. Another ICANN new gTLD .BRAND Extortion Racket #FAIL: 

Editor's Note: The Friday, July 13, 2018 Letter at the end reads like a termination notice to ICANN CEO Goran Marby

b. Yes, ICANN is a Public Menace--IDN or Internationalized Domain Name homograph attack, also known by the names “homoglyph” and “script spoofing,” attackers are able to register lookalike domain names by exploiting the similar appearance of certain characters in English, Chinese, Latin and Greek or other scripts--securityboulevard.com.

c. Famous Four Media, GRS Domains, Domain Venture Partners et al--insider battles, changes in ownership and/or control and/or management, of 16 high-volume new gTLDS--a total of 5,370,991  (as of Aug 10, 2018) domain names, being 21.67% of all new gTLD domain names registered, of which many, if not most, may drop over the next 12-24 months under the new pricing policy--read more at domainincite.com. Editor's note: Add another chapter to the continuing saga of incompetent ICANN and its new gTLD registry operator "partners." 

d.  Cryptocurrency Handshake (handshake.org) is aiming to be a "wholly democratic and decentralized certificate authority and naming system," and has raised $10.2 million to replace the current digital entities maintaining internet infrastructure.--linuxjournal.com. See also the project's GitHub page: https://github.com/handshake-org. Editor's note: Replace ICANN? Sounds too good to be true!

4) ICYMI Internet Domain News 

• China is "now exporting its model of a censored internet to other countries, including Vietnam, Tanzania and Ethiopia"--NYTimes.com.

• US: Senate Democrats Are Circulating Plans For Government Takeover Of The Internet--reason.com.

• Uganda: A social media tax, freedom of speech and Uganda--ft.com

• US: Survey: Net Neutrality Could Be Midterm Issue--broadcastingcable.com

• China: "Click this link and you can get The Register banned in China ... thanks to that subversive dissident Winnie the Pooh"--theregister.co.uk

• US: "Facebook, Twitter, Google are killing free speech--lifesitenews.com. Krieger: "Stop Complaining And Just Delete Facebook"--zerohedge.com.

5) Most Read this past week on DomainMondo.com:

1. News Review | ICANN Loses Appeal in Germany vs EPAG (Tucows)

2. Tech Review: Is Google $GOOGL Courting Trouble In China? (video)

3. Tech Review: 1) Tencent & WeChat's Pony Ma, 2) Browser Market Share

-- John Poole, Editor, Domain Mondo 

Editor's note: this edition of News Review was published early this weekend to accommodate summer vacation schedules.

feedback & comments via twitter @DomainMondo
Follow @DomainMondo

DISCLAIMER