No Such Weblog

Seems like the actual next ICANN meeting isn't Carthage, but Marina del Rey -- with just registrars and registries... More from the registrars list.

Here are the notes I sent to ALAC from last week's GNSO Council conference call.

This is a much-belated report from the WHOIS Steering Committees telephone conference two weeks ago. For the ALAC, both Wendy Seltzer and I participated.

Bret Fausett has found some interesting news in SEC filings by register.com.

SchwimmerLegal.com has a nice overview table that links home pages, WHOIS services, and registration and dispute resolution policies for a large number of ccTLDs.

GoDaddy.com offers c-Site as a service that is supposed to make federal copyright registration in the US easier. Bret Fausett calls their marketing overly simplistic, if not outright deceptive. The people behind copyright blog, however, write: How does $9,95 ... sound to give your site protection against theft and unauthorized use? Not bad.

Update: Here's a third lawyer weighing in on the topic.

ICANN's ccNSO Launching Group is now taking membership applications for the Country Code Names Supporting Organization.

Società Internet, the Italian ISOC chapter, has submitted the first at large structure application to ALAC. The committee will now review this application according to the certification process for at-large structures that was adopted in Montreal.

The At-Large Advisory Committee is seeking comments on its draft statement on new gTLDs. The statement argues in favor of a more open sTLD RFP, and lists a number of general principles that any addition of new gTLDs should adhere to. Comments can be submitted to forum@alac.icann.org until September 7. (Of course, you're also free to use this weblog to comment...)

Via Goolgenews: According to Koera IT News, governments and businesses in Asia are in the process of defecting from the current Internet address (domain) structure which is unilaterally administered by the US-led ICANN, and begin to unveil independent alternative services.

The article goes on to talk about some new service offers which appear to aim at providing complete URLs in non-latin scripts, from the protocol identifier to the top level domain. (As much of the referenced information isn't available in any language that I'd understand, I may quite well be misunderstanding this, though.)

Martin Schwimmer has more details on the planned House hearings about the IP lobby's top gripes with ICANN (ICANNwatch broke the story), including a copy of the letter from representatives Lamar Smith and Howard Berman to the Department of Commerce.

Elana Broitman's note to the registrars list reminds me to blog this: ICANN is in the process of implementing its transfers policies, and has convened a Transfers Assistance Group to help with this. Sebastian Ricciardi and myself are representing the ALAC there. The group's first call took place a week ago, and was very constructive. Preliminary results are expected for 9/11, when most of the group will meet in Marina del Rey.

Questions the group has to deal with include what agreements to modify in order to implement the transfers policies, what a standardized form of authorization for a transfer should look like, what to fill in for some of the time lines left open in the policy proper, etc.

Another one from the registrars' list: Representatives from the Intellectual Property Constituency are going to call into the registrars' meeting in Marina del Rey to discuss WHOIS privacy and accuracy.

Also, the IPC's Metalitz will be a witness at the upcoming Congressional hearing on WHOIS on 4 September, with Ted Kassinger (DoC), Ben Edelman, and an unknown FBI representative.

Martin Schwimmer points to a "not flattering" NY Times article on RCOM's latest financial moves: This Company's Shareholders May Regret It if They Don't Sell .

This announcement was just posted: The ALAC has received an infoDev iCSF grant to support travel of qualifying African participants to ICANN's Carthage meetings, and to a workshop held in connection with the meetings.

Over on CircleID, Bruce Young tells a story of an Internet user who gets into trouble because "his" domain name was registered in the name of a webhosting provider that went bankrupt later on.

He demands that ICANN should put in place safeguards which would prevent this from happening. In particular, Young suggests that customers should not just be able to transfer domain names between registrars, but also between "virtual hosts"; that ICANN establish rules to protect customers of such corporations in the event of business failure, up to the content stored there; and that ICANN mandate that when an intermediate company registers a domain on behalf of a customer, the domain record's administrative contact, as a minimum, must reflect the customer, not the company acting on the customer's behalf.

As far as registrars are concerned, ICANN is currently doing its homework on domain name portability.

As far as web hosting companies are concerned, though, these suggestions only look appealing at first sight. Upon closer inspection, they wouldn't be good policy.

Via CircleID comes a pointer to Bob Frankston's essay Implementing .DNS: We're selling numbers. Big numbers and we promise that we'll never sell the same number twice. The benefits: Stable URLs that don't suddenly point to unrelated content, and domain names that come without semantic connotations and all the baggage these bring into the game.

Alexander Svensson notes that .kids.us is going to be launched on Thursday. He takes a critical look (in German) at some of the questions that a kid-safe domain will have to face: Kid-safe content is a relative notion; a movie that's R-rated in the US can be considered harmless here. Also, the policies in place in .kids.us are so restrictive that the only content available is non-interactive, static, and un-linked. "Families would probably be better off with a CD-ROM with kid-safe content", Alexander writes.

While the objections are well-taken, I have a problem with his final conclusion, that not delegating .kids in 2000 may have been the best decision ICANN has ever made. On the merits, he's right. But should ICANN look at these merits? Shouldn't it have permitted a .kids domain, and let it fail?

ALAC proudly presents: alac.info (aka: Blogging At Large), the committee weblog. The hope is that we can turn this into a place where you can regularly find first-hand notes from committee members on current topics.

Of course, alac.info has the blogging software's comment feature enabled, so please feel free to let us know your views.

Vittorio Bertola looks at the possible ways in which the ALAC could focus its work, and implicitly takes up some recent criticism.

Karl Auerbach (who doesn't seem to believe in trackback) responds to yesterday's notes on representativity, and tries to figure out what I meant.

Not ICANN-related, but aggregator-related: Library Stuff reports that My Yahoo now has a really nice RSS aggregator module. Current bugs mostly look like they'll be fixed quickly: Currently, that aggregator can't deal with description-only feeds (like Scripting News or (void *)), and it seems to have problems to properly digest time stamps in "non-funky" Userland or Blogware feeds. "Funky" Movable Type blogs work perfectly, though.

Heise reports (in German) about a preliminary injunction by a court in Hamburgt which found "be-mobile.de" to be confusingly similar to "t-mobile.de", since both domain names sound similar. Previously, a lower court that apparently focused on the written form of the domain names had found no confusing similarity, and had not granted the injunction.

Further discussion (in German).

Florian Hitzelberger has interviewed Sabine Dolderer (.de; Google translation) on a number of topics, including ICANN reform -- There is no new era. ICANN 2.0 is just presenting itself in a more friendly way than ICANN 1.0. --; ccNSO and the question whether .de will join -- We're currently assessing whether the possible benefits of joining the ccNSO would outweigh the problems. The problem is, we don't find such benefits. --; possible government control over .de; whether or not .de will adopt the UDRP -- There's neither a reason, nor demand for doing this. --; international uniform WHOIS policies -- A globally uniform policy would fail due to divergent privacy laws. --; and a host of other topics. Worth reading.

The written testimony for yesterday's WHOIS hearing is now available from the web page of the subcommittee on courts, the Internet, and intellectual property: Metalitz; Edelman; Farnan (FBI); Kassinger (DoC).

From NANOG: During the root zone (.) update later today, specifically with root zone serial number 2003090501, the entries for .org will be modified. Effective with the 2003090501 load, the entry will reflect the removal of the Verisign NSTLD.COM nameservers. The .org zone file will continue to be pushed to the Verisign nameservers for a short period of time.

Heise online reports about a judgment from a Hamburg court that would limit the availability of .ag domain names in Germany to "Aktiengesellschaften" (abbreviated AG), the equivalent of a corporation.

Writes Paul Twomey to Chuck Gomes: We understand that VeriSign has stated it intends to launch offering the WLS to the public in October 2003. We wish to reiterate, and reaffirm our mutual understanding, that the WLS may not be launched until 1) negotiations on conditions for offering the WLS are final and the contractual amendments to the .com and .net agreements effected and 2) in accordance with our Memorandum of Understanding with the United States Department of Commerce, the Department of Commerce has approved the contractual amendments as required by Section 1 of the MoU, as amended.

On the substance of WLS implementation, ICANN accepts Verisign's proposal for implementing registrant notification, and suggests an alternative to condition (c), the registrar "black-out" provision. The alternative proposal is to introduce penalties for registrar abuse of "insider knowledge" into the RRA, review enforcement of that provision in the VeriSign neutrality audit, and to introduce a general blackout period for WLS subscriptions which would start 10 days prior to the scheduled expiration date of a domain name, and would continue through the duration of the auto-renew grace period.

Assuming that GNSO's deletes policy becomes effective, this approach will adress the concern I had raised about this last year.

Bruce Tonkin on US Patent Application 2002/0145992 A1: In my view this is a straight forward application of database technology.

Some reactions to the recent WHOIS hearings from the registrars list: Mike Palage and Rob Hall attended the hearing; Elana Broitman suggested to send a letter to the subcommittee in order to add the registrars' perspective to the congressional record. That letter won't be sent on behalf of the registrars' constituency, though.

From Congressman Lamar Smith's opening statement of last week's WHOIS hearings: Mr. Berman and I wrote Secretary Evans on August 8 requesting that, among other things, any succeeding MOU: (1) be limited to one-year, (2) preserve public access to online systems, like "Whois," and (3) take steps to improve the integrity of registrant contact information. ... In response, we will hear testimony that Commerce: (1) intends to extend the MOU with ICANN for more than one year, (2) "recognize[s]" the value of public access to online systems, like "Whois," and (3) intends to include no affirmative steps in the MOU in an effort to improve ICANN's underwhelming enforcement record. While Commerce intends to add a laundry list of seven "milestones" to assess ICANN's future performance, not one of these deals principally with Whois, contract enforcement, or intellectual property protections. This, too, is inexcusable.

Elana Broitman has posted a presentation on what she calls Interim Whois Solutions. I'd rather talk about dirty hacks; some of the proposed steps -- like returning GIFs over port 43 WHOIS -- simply don't look feasible.

Representatives of the US government are going to have a conference call on WHOIS with members of the registrars' constituency on 17 September. Government-side participants: Lader, Sene, Layton (NTIA); Mithal (FTC); LoGalbo (DOJ); Larsen (IRS); Cotton (USPTO).

... or: When is a hyperlink a hyperlink?

Alexander Svensson continues to cover the development of .kids.us, and has a close look at the first site established there. Particularly fascinating -- with regard to policies in place that forbid hyperlinks that take a user outside of the kids.us domain-- is a links page Alexander has found -- it points to web sites outside .kids.us with content about American presidents. Instead of using actual hyperlinks, the URLs are simply listed there, as part of the page text.

Update: Jeff Neumann responds (thanks) that listing web sites in the way it's done on the Smithsonian's page is perfectly acceptable in .kids.us. Fascinating.

Bruce Tonkin has posted notes from the WHOIS discussion that was held in Marina del Rey a week ago. The registrars' priorities according to these notes seem to be (in this order) restricting data mining, changing the amount of data that must be displayed to the general public, and further addressing accuracy issues raised by the IP and law enforcement communities.

ICANN has just announced that its new MoU with the US Department of Commerce will last until September 30, 2006.

The new .au WHOIS policy (background materials) in a nutshell: The names and e-mail addresses of the registrant and the technical contact are the only personal data disclosed. There are restrictions on the number of queries that a user can send to the WHOIS service. Law enforcement requests are dealt with on a case-by-case basis.

On the Council's agenda for today: Actions from the last meeting, i.e., WIPO2 committee, UDRP issue prioritization, number of representatives per constituency, new gTLDs; TLD wildcard entries; WHOIS steering group update; UDRP issue prioritization.

Alexander Svensson takes a look at the WSIS process, and notes that the ongoing Prepcom-3 is probably a good example of what internet governance in a government-led ICANN replacement could look like: Governments negotiate behind closed doors, large parts of industry and civil society are permitted to wait on the hallway. That perspective doesn't look terribly promising -- unofficial reports coming in from prepcom-3 quite frankly sound a lot more bizarre than any ICANN meeting I've experienced so far.

An interesting comment concerning the Redemption Grace Period was sent to the ALAC's forum list yesterday. The story: A registrant doesn't get renewal notices from his registrar (Network Solutions) -- but, after expiry, there is an offer to use the Redemption Grace Period to get the domain name back, for $ 150 instead of the usual $ 30. Apparently, an attempt to transfer the domain name away from NSI had failed earlier on.

Update: A similar story is told in this message to Dave Farber's IP list. This particular registrant seems to believe that the domain name in question was successfully transferred away from NSI prior to expiry, though.

Ed Foster reports about registrants who transferred their domain names away from Network Solutions, but on October 1 received expiration notices that offered to renew the domain names in question for an extra fee. NetSol later sent a letter apologizing for sending out erroneous notices to former clients.

Sounds like the pattern observed in messages to the ALAC's forum address and to Dave Farber's IP list in early October.

The marketing spin: At exactly this time, hundreds of thousands of extremely attractive names, taken on most other TLDs like .com, .net, .org, .biz and .info, suddenly becomes available, probably for the last time in many years. .NAME is the last TLD to become fully open of the 7 new top-level-domains introduced by ICANN in 2001.

Unsponsred registry operators to ICANN: The unsponsored registry members of gTLD Registries Constituency (.biz, .com, .info, .name, .net, .org and .pro) are concerned that a process for the introduction of Registry Services involving a policy development process within the ICANN community may pose serious competition issues. Referral of new Registry Services through a PDP, or even community consultation, when some members of the community may be viewed as competitors with the gTLD Registries for certain Registry Services could potentially inhibit and interfere with the business of the gTLD Registries.

Paul Twomey had asked the GNSO to develop a process for the approval of new registry services in the context of ICANN's demand that Verisign stop its sitefinder service. A GNSO Council conference call to discuss this is scheduled for Thursday this week.

Press release: VeriSign to Sell Network Solutions Business to Pivotal Private Equity.

VeriSign is selling most of its Netwrok Solutions registrar business. The .com/.net registry is remaining with VeriSign.

The GNSO Council last night voted to ask ICANN for an issues report on creating a process for reviewing new registry services; this was in response to a request from Paul Twomey. At the call, a draft letter from Twomey to the council was read that contains the formal request, and makes the actual scope of the planned policy-development process more clear. That letter is expected to be published today.

I'll be posting extensive notes from the call once that letter is out and I had a chance to make sure that my notes on its content are correct.

Chris Ambler responds to Susan Crawford, and asks what a consensus policy is.

It's not consensus, but this formal thing defined in agreements. In short, you need a thumbs-up from the board, from two-thirds of the relevant supporting organization council, and a written report with a lot of supporting materials that document the community consensus, and the outreach process used.

Oh, and the registries can dispute the existence of such a policy until 15 days after the Independent Review Panel has been established by ICANN.

ICANN has finally posted Paul Twomey's letter to the GNSO regarding new registry services. Key quote: I hereby make a formal request to the GNSO Council that it commence a GNSO Policy Development Process designed to produce recommendations to the Board for a timely, transparent and predictable process for dealing with proposed future new "services" or significant actions by TLD registries that, because of their architecture or operation, could impact the operational stability, reliability, security or global interoperability of the DNS, that registry, or the Internet.

A draft for that letter was read and discussed at the GNSO Council's telephone conference on 16 October, which resulted in the formal initiation of the policy development process requested by Twomey. What follows are the notes I took during that telephone conference.

The GNSO's WHOIS Steering Committee's work product has now been forwarded to the GNSO Council: Terms of Reference for three task forces, on Restricting access to WHOIS data for marketing purposes, Data collection and display, Accuracy. I don't think any of the groups involved with the steering committee is entirely happy with these terms of reference, but that may just be a sign for a good compromise.

What's more worrisome is that the commercial user constituencies have recently started campaigning against the general approach, and for a single task force that would address the top 5 issues that started off the steering committee's work. Such a task force would basically have no chance to make any progress on WHOIS privacy at all.

ICANN 2.0 is also going to come with a shiny new user interface.

Preview here; the new site is being showcased at the Carthage meeting. ICANN's webmistress is seeking comments.

A large group of NGOs, lead by EPIC, has sent a letter to ICANN that emphasizes the need for moving forward on WHOIS privacy.

The letter suggests a number of useful and important principles for dealing with WHOIS. The most critical one: The purposes for which domain name holders' personal data may be collected and published in the WHOIS database have to be specified; they should, as a minimum, be legitimate and compatible to the original purpose for which this database was created; and this original purpose cannot be extended to other purposes simply because they are considered desirable by some users of the WHOIS database.

It's somewhat unfortunate that the authors of this letter have given in to the very temptation they warn about: In the next bullet point, they suggest that combatting spam should be the most relevant purpose for collecting WHOIS data.

Bret Fausett, in his public comment yesterday, politely noted that reasonable people can disagree about the need for new TLDs. That's certainly true.

It's not ICANN's task, though, to answer that question. ICANN's task is to set up a way for market participants to answer that question.

ICANN has now published an Excerpt from Draft Version of Staff Manager’s Issues Report for the Development of a Process for the Introduction of New or Modified Registry Services, consisting of 40 questions regarding the introduction of new registry services. The final issues report is now scheduled for November 7.

Some of the questions in this first draft are questions of fact; I'd hope that the final issues report actually gives the answers to these questions. Among the policy questions, it's particularly interesting that ICANN now starts asking who should provide registry services: The registry, or maybe a different party that has been determined, e.g., by a public bidding process?

Stichting Internet Domeinregistratie Nederland has unexpected and sad news for the ICANN community.

Op 5 november 2003 is volkomen onverwacht overleden

Hans Kraaijenbrink
Voorzitter van het bestuur van SIDN

Wij zijn diep geschokt door zijn plotseling overlijden.
Van 2001 tot zijn overlijden heeft Hans leiding gegeven aan SIDN. Door de inzet van zijn vele talenten heeft hij de vernieuwingen rond SIDN in de afgelopen periode voortdurend in goede banen geleid. Wij verliezen in hem een scherpzinnige en dierbare collega en voorzitter.

Hans Kraaijenbrink had been a member of ICANN's initial board, and served as a board member until this summer. During the reform process, he was one of the members of ICANN's Evolution and Reform Committee. Only three weeks ago, the board appointed Hans Kraaijenbrink as the chair of the 2004 nominating committee.

The GNSO is soliciting public comments on the issue areas that will be covered by the WHOIS Task Forces that were kicked off in Carthage: Data mining prevention (dow1(at)gnso.icann.org; archived comments); Data elements collected and displayed (dow2(at)gnso.icann.org; archived comments); Improving accuracy of collected data (dow3(at)gnso.icann.org; archived comments).

This is the first of several public comment periods that are part of the new policy-development process. Comments are accepted until 28 November 2003.

ICANN, on 31 October: The recent ICANN meeting in Carthage, Tunisia was a rich source of information and discussion of the many issues involved with the development of this Issues Report. In order to fully reflect this information, the posting of the full Issues Report will be postponed until no later than 7 November 2003.

It may be time to revise ICANN's shiny new policy-development process: While that process has a lot of good elements, the deadlines suggested prove to be too tight.

The new registry services PDP is a particularly extreme example: In trying to follow the new PDP as closely as possible, ICANN staff has promised an issues report for October 31, for November 7, and on November 14 for last week-end. The issues report is still not there, despite being on the GNSO Council's agenda for tomorrow.

More realistic deadlines -- that can actually be kept by ICANN staff, and, in later stages of the process, by the parties involved then -- may be a better approach than the current sorry state of affairs. (In particular since this isn't the first time this happens -- in Montreal, the Council planned to discuss the staff manager's report on UDRP review which came out on 1 August, more than four weeks after Montreal.)

Later: The Issues Report Has Finally Arrived.

The ICANN Studienkreis events are changing their name to Domain Pulse, according to a note from Switch. The next conference will take place on 5 and 6 February 2004 in Zurich.

After having read the issues report on new registry services several times and after having slept over it, I'm still trying to parse what ICANN staff is really suggesting here. Your comments would be highly welcome.

The idea to have a shadow board is currently floating through the ICANN blogosphere (icann.Blog; Chris Ambler; ICANNwatch).

Such a shadow board would vote on the same topics as the real board, but would deliberate and discuss entirely in the open. My guess would be that, with many (not all!) of the important topics, this might be a far less interesting exercise than it may seem: Many of the juicy discussions about consensus policies, for instance, happen among the members of the GNSO council, in the GNSO's task forces.

Maybe a shadow council would actually be more interesting than a shadow board.

Yesterday's council call (besides re-electing Bruce Tonkin as GNSO Chair and voting on the number of representatives on the newly-created WHOIS task forces) mostly dealt with the new registry services issues report.

Since the report had been released less than 24 hours before the call began, there was less discussion than I had anticipated, mostly dealing with clarifications and some procedural issues (and with the registries stating a number of concerns). It seems like there is general agreement (including ICANN staff that was present on the call) that the suggested PDP will not be about establishing a new consensus policy (that would then be binding for registries), but that it is about definining a process that is used by ICANN for reviewing proposals by the registries that require ICANN approval under the existing contractual terms.

This understanding is also mirrored in the draft Terms of Reference that Bruce Tonkin has extracted from the issues report.

The Council will vote on commencing the policy-development process on a conference call on 2 December, in order to give constituencies and council members time to review the issues report and refine the terms of reference.

In thinking about the new registry services PDP that is now beginning in the GNSO, I'm trying to find use cases for the planned decision-making process, and to figure out why the process should produce what result -- and how the rationale for the suggested decision can be cast into an objective criterium. I'm less interested, at this point, in arguments about the contractual standing that ICANN might have to deny or acknowledge any particular service.

Two examples tonight: SiteFinder and WLS.

I feel that SiteFinder is relatively easy -- not so much because of stability considerations, but most importantly for two other reasons: (1) It moved decisions from the edge to the center, thereby negatively affecting competition. (2) It caused cost to the public, for the benefit of a single player, much like environmental pollution.

WLS is a more difficult case. It grew out of a "tragedy of the commons" situation, as Rick Wesson observed accurately: Registrars were using up shared resources (transaction bandwidth) that came without a price tag to the point where these resources degraded, and "normal" registration was affected; using overflow pools and other limitations only moved the cattle to a different pastry. The WLS proposal appeared to introduce an approach to the registration of expiring names that would not lead registrars to engage in behavior that is detrimental to the public (although perfectly rational for the individual registrar!). The downside is that WLS gives precedence to a specific business model for registering expiring names. Different business models are essentially pushed out of the market.

Had there been an alternative to WLS in order to stop the detrimental behavior? I believe yes -- namely, changing the price structure for using registry resources in a way which rewards successful registrations, but financially punishes failed transactions and excessive use of bandwidth. In such an environment, publicly detrimental consumption of transaction bandwidth would be irrational (and ruinous); different providers of expired domain name registration could continue to compete on an equal footing, and with the business models they desire; many of the complexities of WLS would simply be unnecessary.

Now, how should ICANN have dealt with the situation in the light of this argument (which, I believe, wasn't made at the time -- but I might be wrong)? My current inclination would be to say that ICANN should have denied WLS, and should have favored the decentral approach. If that's indeed the right approach, then how can the argument be cast into a more generic form that would be useful for an evaluation process?

Comments welcome!

George Kirikos reports that www.name has been the victim of a defacement tonight. Mirror here; comment unnecessary.

All three WHOIS Task Forces have elected their chairmen: Jeff Neuman (registries) will chair TF1 (restricting access for marketing purposes); Jordyn Buchanan (registries) chairs TF2 (data elements displayed and collected), and Brian Darville (IPC) will chair TF3 (accuracy).

An open procedural question on all three task forces is whether task force members who participate as experts or liaisons (or in their capacity as nominating committee appointees on the council) will have voting rights on task forces. An opinion from the General Counsel is being expected on this.

ICANN staff has just sent an FAQ on the new registry services PDP to the GNSO Council. The document will be posted to the ICANN web site later today.

At its conference call tonight, the council is going to discuss what its next steps in this process will be. Draft terms of reference here.

On its telephone conference tonight, the GNSO council has decided to launch the policy-development process on designing the parameters for a process to be used by ICANN when approving certain requests for changes to registries (adopted with two registry representatives voting no and one abstaining; on the council); the council will deal with this issue as a "committee of the whole" (adopted with one registry representative abstaining). The council will use the terms of reference drafted by Bruce Tonkin, as amended on the call. The amendmends made on the call also included a rephrasing of the issue statement itself. The general sense continues to be that the procedure to be designed is to be applied in those situations in which ICANN has to give agreement to some change under the current contracts. This process is not about changing the scope of the obligations that are contained in the current contracts.

A procedural motion by the registries to defer the ultimate vote by two weeks, so the terms of reference could be refined to be acceptable to them, was rejected by the rest of the council.

GNSO chair Bruce Tonkin has posted updated terms of reference for the GNSO's policy-development on a Procedure for use by ICANN in considering requests for consent and related contractual amendments to allow changes in the architecture or operation of a gTLD registry.

Explicitly out of scope: Additional obligations on registry operators or gTLD sponsors beyond what is already specified in their existing agreements.

Later: Susan Crawford is concerned and confused about this process, and asks about the relation between this process and consensus policy. How is "none" as an answer?

Veni Markovski reports that there is now agreement on Internet Governance at WSIS. In short, the Secretary General of the UN is asked to convene a working group that has to report back in 2005.

Bret Fausett quotes David McGuire, and observes that, since the GAC is mostly operating in closed shop mode, it's hard to assess the GAC's effectivity.

I wonder, though, if the criticism out there is really about the GAC's effectivity, or about ICANN's fundamental design; if the criticism is about ICANN's willingness, or if it is about ICANN's abilities and about its usefulness as a tool for governments to regulate on the Internet.

Christopher Wilkinson's recent remarks hint towards the second interpretation, as does the ongoing work of looking at the WIPO2 recommendations (General Counsel's briefing here), and their possible implementation: The GAC had recommended that ICANN implement WIPO's recommendations to extend the UDRP to give special protection to the names and acronyms of intergovernmental organizations, and country names; it was also suggested that review of such UDRP decisions in national courts be replaced by de novo arbitration. Opposition against making these changes is essentially universal throughout the non-GAC part of the ICANN community. What the GAC is asking for, and what ICANN supposedly would have to do in order to be responsive to governments' needs, is to somehow enact a substantial change to an established consensus policy against the community's consensus, and without any review of the question whether the recommendations should be implemented at all.

It's not clear to me how this should be possible; indeed, if ICANN was able to implement this advice in the way the GAC suggests, that would be deeply troubling by itself.

Wireless Internet access comes with a price tag -- if you want to use it at WSIS, where delegates discuss the digital divide. Compare that to ICANN meetings where free Wi-Fi is one of the standard deliverables for local organizers.

From the International Chamber of Commerce web site comes a proposal for internet governance, by Talal Abu-Ghazaleh:

1. Maintain the operational management of the internet under private sector leadership, driven by the dynamics of business. 2. Support ICANN's continued evolution, preserving private sector leadership while bolstering global legitimacy. 3. Set up within the TF a Governance Commission to be chaired by the US permanently, with membership from ITU, WIPO, WEF, ICC, UNCTAD, in addition to one representative from each continent. 4. Encourage the processes of International Domain Names implementation and Intellectual Property Rights protection.

(Thanks!)

Says Milton Mueller: You say, "act now, democratize later" and it sounds bad. But let me respond by asking: if you don't act, how can you ever democratize? And are you saying that no one should act until and unless they are sure that their agenda and their organizations are perfectly representative? Seems like a recipe for paralysis.

Andrew McLaughlin responds to Palfrey et al: In short, concluding that the ICANN experiement in public participation has been a failure because online public forums have been a failure is like saying that television has been a failure because Cop Rock was a failure.

Bret Fausett complains about secret meetings at ICANN, and reads the one-day board retreat planned for Rome as a bad thing. I disagree: When the public board meetings that we are seeing for "transparency purposes" are mostly smoke and mirrors anyway (and the existence of secret board dinners is a widely-held secret by itself), it's good news and a step towards a less-nonsense ICANN to see an early announcement of a board retreat.

The GNSO council just finished one of its most unspectacular calls ever, mostly discussing procedural issues and time lines for the three whois task forces, following up on the discussions the task forces had in separate telephone conferences earlier this week.

The most remarkable observation from this call might be that the task forces seem to converge on what time line may be reasonable to get data gathered and work done -- and that this time line is different from what's in the PDP.

Wendy Seltzer (who is, like me, an ALAC liaison to WHOIS Task Forces 1 and 2) points to one of the many catches with whois policy.

Registrars and registrants face various kinds of problems caused by massive abuse of WHOIS data. An easy answer to this consists in attempting to limit consumers of query-based WHOIS to human beings. The practical implementation is believed to consist in shutting down port 43 whois, and adding a poor imitation of a Turing Test to the web interfaces. Legitimate consumers of massive amounts of WHOIS data are then expected to make use of registrars' dedicated bulk access mechanism.

Wendy raises two issues with this approach: One, common poor imitations of Turing tests are cumbersome to use; "reading ability tests" can be a serious accessibility problem for, e.g., visually impaired data users. They are also not effective, as they essentially lead to an arms race between illegitimate data users and registrars -- and it is not clear at all that registrars will win that race. Two, bulk access is expensive, which means that non-commercial legitimate data users (like researchers) rely on mass queries to port 43. Also, since whois data are a weapon in legal battles, making mass access to whois data expensive shifts the balance in these battles even more towards the wealthier party. Put more aggressively, if WHOIS is used by IP owners as a tool to harass the public, then the public should be entitled to harass back.

These are persuasive arguments for keeping public access to WHOIS data unencumbered -- if it wasn't for the privacy problem: Address data -- and, with thick registries on the rise, even home phone numbers -- of registrants are up for grabs, for arbitrary purposes. Wendy's answer to this is elegant (and I agree with it as a "perfect world" scenario): Give registrants the option not to supply contact data, and keep open access to all the data supplied.

In the imperfect world we live in, though, there are strong incentives for registrars to collect at least some contact data, and to make that easily accessible to IP owners and law enforcement. What could a balanced imperfect world solution look like, then?

• Strike as many data elements as possible from the WHOIS policy. There is, for instance, little non-harassing use for the registrant phone and fax numbers outside existing business relations; at the same time, these are guaranteed to infringe on individual registrants' privacy. Administrative Contact phone and fax numbers are only marginally better. Registrars should not have to collect this information, and if they chose to collect it, they should not publish it online.
• Ask data users to return the favor and (1) prove their identity -- e.g., using a certificate in an appropriate public key infrastructure --, and (2) indicate their purpose. Make that information available to registrants and other data subjects. As a side effect, this makes it easier to prevent mass queries without resorting to bad imitations of Turing tests.

Thoughts and comments welcome.

Interesting blog items occasionally show up on CircleID. That's good, because CircleID is indexed by Google News. There's one bad habit with CID, though: Headlines often get changed there, sometimes changing meaning (even if slightly), and causing confusion.

It would be good if CircleID would ask authors before re-publishing changed versions of opinion pieces.

I had another look at some of the contracts' WHOIS provisions tonight, and stumbled over a point that I had missed earlier. In the Registrar Accreditation Agreement, the billing contact is not part of the published data set, but retained by the registrar; this does not prevent registrars from publishing that record. In most of the thick TLD agreements' appendices O (or, if sponsored, attachments 15; see .info for an unsponsored example), though, the billing contact is included in the published whois information. There is a similar (but better-known) inconsistency with the registrant's telephone and fax numbers and e-mail address which are, again, not part of the data set that must be published by registrars, but included with thick registry WHOIS elements.

For individual registrants, these data elements -- if entered as originally intended -- are among the most privacy-relevant ones in the entire WHOIS data set.

Here's a [PDF] chart of data elements found in registrar and registry WHOIS services.

The chart (prepared for WHOIS Task Force 2's purposes) ignores .name (which is special), and TLD-specific data elements like eligibility related elements in the sponsored/restricted TLDs, and trademark information in .info and .pro. Also ignored: name server names v. name server IP addresses, opaque database keys, contacts' "organization" fields.

I'm unimpressed by the privacy offered by .name WHOIS: The "detailed WHOIS" service which, according to the TLD agreement, is supposed to be password protected is the default service for port 43 queries, and is available from the web form without giving a password.

But then again, these guys might have better things to do.

Updated WHOIS data element chart including .name here.

A reader from PIR writes to note that the whois data element chart is wrong about the thick .org whois service. In August 2003, the .org registry WHOIS appendix was changed to be consistent with the data elements that registrars need to publish: The Registry Operator will not be required to post Whois Output Fields that are not required for posting in the Registrar Accreditation Agreement.

Updated data element chart here.

Writes Esther Dyson in the New York Times (link credit: Bret Fausett): What I'm proposing is not a rule-free society, but one in which rules come from the bottom up: generally enforced by peers, with governments in the background. ... The basic rule is transparency: You need to know whom you are dealing with, or be able to take proper measures to protect yourself.

Unfortunately, the article essentially sets up anonymity and accountability online as contradictions. They need not be: The kind of accountability Esther describes is not so much about knowing who someone is in real life, but rather about recognizing a party you are dealing with (or knowing that you don't recognize a party seeking to communicate with you, and taking appropriate action). It's, often, not so much about linking on-line activity to real lilfe, but more often about linking current on-line activity to past on-line activity -- and, by symmetry, linking future on-line activity to current on-line activity.

This is so because for many activities online, stakes are actually quite low: To decide who's messages to read on mailing lists, or blogs, or slashdot -- or, in the past, Usenet --, for instance, it may quite well be enough to know that source's reputation among peers, or to have read earlier messages from that source. If something goes wrong, only littlel damage is done. All one needs to know to make this kind of choice is a regularly-used online pseudonym (most often, that's the e-mail address these days). If the same person uses a different pseudonym elsewhere, that's their business.

(Where the stakes are higher, reliable links to a person's online existence are, of course, useful.)

Accountability online is not a binary choice between total anonymity on the one hand, and total transparency with links to real life on the other: There is a broad spectrum between these, and often, the level of transparency and accountability that's needed will lie somewhere in between.

As a side note, all the accountability you can get won't fix viruses and similar security intrusions, unlike what Esther suggests: Just like the ordinary flu, successful online viruses often travel along the links in social networks.

ICANN has published proposed corrections to the bylaws, to be considered by the board on 15 January 2004. These corrections change the number of council members per constituency back from two (as suggested by the reformed bylaws, but never implemented) to three (as favored by the majority of the council, and accepted by the board in Carthage) until the 2004 annual meeting.

It's worth noting that the change as drafted seems to need a correction: The terms suggested (2 reps until 2005, 1 rep until 2004, two-year terms from 2005) do not lead to the staggered terms for council members that are mentioned elsewhere in the bylaws -- unless there is another board decision that removes the 2004 sunset date on the three representative scheme.

I've just sent ALAC's preliminary remarks on the new registry services PDP to the GNSO Council. The remarks are "preliminary" because we solicit public comment and further input on these; we will make sure that comments we get are heared by the GNSO.

Heise reports (in German) that a new instance of k.root-servers.net has gone life in Frankfurt.

Looking at Bret's latest insights into the kind of input the IPC (but not just the IPC) is getting from the public, one may be lead to believe that nothing goes on at ICANN. That's not precisely accurate, as far as the GNSO is concerned -- the last couple of weeks have been busy with conference calls.

WHOIS task forces #1 and #2 (access mechanisms, review of data elements collected and displayed; I'm a liaison to both, but currently focusing on #2) have been busy figuring out what kinds of questions need to be asked in order to gather the input people believe they need for an informed discussion; I understand that task force #3 (accuracy) is going through a similar exercise. Fortunately, none of the task forces is going to repeat the large-scale survey exercise of the DNSO's WHOIS Task Force. Instead, the plan is to tap GNSO constituencies and other specific sources of information. ICANN staff is expected to compile the input received before the Rome meetings. In Rome, there will be workshops for all three WHOIS PDPs. Constituency statements are then expected to arrive some time after Rome, with policy recommendations ideally ready by the time of the Kuala Lumpur meetings this summer.

The GNSO council is working on the new registry services PDP. On last Thursday's call, the council first discussed the business constituency's request to remove two "out of scope" items from the Terms of Reference for that PDP. From the discussion, it didn't become clear whether the BC was suggesting that the PDP should actually create a new consensus policy (that would be binding for registries, and would surely be highly contentious), or whether the BC was mis-reading the limits on the scopes of the PDP as limits on the scope of the process that is being designed. The discussion was settled by leaving the terms of reference unchanged, and by noting that the BC may, of course, include "additional remarks" with its constituency statement.

Speaking of constituency statements, these were due on 12 January. Among the statements received so far, the registry constituency is still missing in action, some other constituencies have only posted draft statements. The statements were briefly presented on the council call, and ICANN staff was asked to produce a summary and identify areas of convergence or divergence as far as visible from the current statements. I understand that the new registry services PDP will be the topic of another workshop in Rome.

The work that is going on on the four PDPs means that the GNSO is collecting a lot of experience with the new PDP. If anything is clear by now, then it's that the time lines outlined in the new bylaws were the product of wishful thinking: Task Forces that have to gather input in order to produce results (like all of the whois task forces) have no chance at all to meet the deadlines suggested. And even council-driven policy-development processes that "only" involve deliberation within constituencies, and between constituencies (like the new registry services process), are not able to follow the process: According to the original announcement of the new registry services PDP, results were due on January 15.

From TelecomWeb: The 2nd U.S. Circuit Court of Appeals has upheld an injunction barring a Web hosting company from accessing a registration service [i.e., WHOIS] for Internet domains in order to harvest information for mass-marketing use.

The guys at ICANNfocus.org have published a story today that claims that ICANN is subject to the Data Quality Act. (The story is also at ICANNwatch, CircleID -- and there was a copy in my inbox this morning; I understand that I'm not the only one who got that.)

Two sets of messages here: First, there's this organization named Center for Regulatory Effectiveness which suddenly gets interested in ICANN, sets up icannfocus.org, and puts much focus on the MoU and the Department of Commerce's oversight role. The obvious question is, of course: What's behind that rather specific focus, and the sudden interest?

Second, the news itself. The Data Quality Act (maybe) applies to ICANN. The first question here is: What's this all about? I'm European. I don't have the faintest idea about US administrative law. So, what's the Data Quality Act, and what would it mean for ICANN, in practical terms?

Comments welcome.

Writes Jeff Neuman: It has just come to my attention that there is a scheduled hearing entitled "Internet Domain Name Fraud -- New Criminal and Civil Enforcement Tools" on Wednesday February 4th at 10:00 in 2141 Rayburn House Office Building. It is being sponsored by the Subcommittee on Courts, the Internet and Intellectual Property. It is a Subcommittee of the House Judiciary Committee. The list of witnesses testifying has not been finalized, but I have learned that a member from the IPC as well as a member from the International Anti-Counterfeiting Coalition may be testifying.

ICANN's latest board meeting was on 15 January. There is still no preliminary report available.

Relevant Bylaw language: No later than five (5) business days after each meeting (as calculated by local time at the location of ICANN's principal office), any actions taken by the Board shall be made publicly available in a preliminary report on the Website.

The GNSO Council's call for this week has been cancelled. The call's purpose would have been to discuss a staff-manager-prepared summary of constituency statements for the new registry-services PDP. That summary has not yet been sent to the council, but is expected within the next 24 hours, we're told. The council now plans to discuss this report on February 19.

This is turning into an increasingly absurd pattern of staff promises that are then broken. I'm tempted to talk about a systemic failure that began when the new wishful-thinking PDP was adopted during the reform process.

Susan Crawford has background information on today's congress hearing: At that hearing, the Subcommittee will be considering a new Whois bill creating new penalties for people who provide false data when registering a domain name.

The hearing will be webcast. A witness list is not available.

Later: The committee's schedule page refers to this as an oversight hearing; on the subcommittee's page, it's now a legislative hearing on HR 3754 (text here; thanks to Susan Crawford).

Some preliminary notes from listening to the WHOIS hearing's live webcast: Testimonial was heared from Tim Trainer (IACC), J Scott Evans (INTA; former GNSO Council member and IPC chair), Rick Wesson (registrar constituency CTO), and Mark Bohannon (Copyright Coalition on Domain Names). All witnesses supported the bill.

Besides the usual "whois is important" statements, Rick Wesson testified about his fraudit system, and pointed out that registrars have no business incentives to verify contact data supplied to them as long as they are paid. He seemed to suggest that additional lelgislation was needed in order to create such incentives. (I may have mis-heared him on that point, though.)

J Scott Evans repeatedly said that ICANN efforts on WHOIS accuracy were busy discussing procedure, not substance. I wonder how he came to that conclusion -- Task Force 3 is, after all, chaired by a member of the IPC, and (I'm hearing) currently attempting to reach out and collect input on available accuracy verification mechanisms. Outreach seems stalled, though, because relevant contact information is lacking.

I'm planning to re-listen to the webcast once it's available; I may have more then.

The written testimony from yesterday's WHOIS hearing is now available online: Timothy Trainer, J. Scott Evans, Rick Wesson, Fraudit Info Sheet submitted by Mr. Wesson, Mark Bohannon

Rick Wesson, by the way, indeed testified what I thought I heared yesterday: I do support the proposed legislation as a step forward and hope it will deter those intent on registering domains with fraudulent contact data. While it might indeed have a deterrent effect, we cannot solely rely on industry regulation to prevent false and invalid registrant data from entering the Whois database. ... Please add a requirement that registrars be involved in validating a potentially accurate representation of those they register. Don’t miss this opportunity to evolve the Internet beyond the wild, wild west toward the safety of any civilized community.

Implementation of the transfers consensus policy is getting closer; an update with a proposed implementation has been posted to ICANN's web site. There'll now be a two-week comment period for registrars, registries, and -- through ALAC -- the public at large. For details, see alac.info.

(That said, it was a pleasure to serve on the Transfers Assistance Group that drafted the proposed implementation.)

WHOIS Task Force #2 (review of data elements collected and displayed) is still looking for input. Only few responses have been received so far.

Input will continue to be useful when submitted this week. The plan is to have a report on the input collected ready by Rome.

On its conference call earlier tonight, the GNSO Council re-elected Alejandro Pisanty to the board, with the votes of all council members who attended the call.

Besides that, the council discussed various procedural issues, and approved the proposed time lines for the WHOIS Task Forces. These time lines now need to be approved by the board -- a good example for the unhealthy board-and-bylaws micro-management that the new PDP has brought to the GNSO.

Discussion of substantive issues was essentially deferred to Rome. There, the GNSO will hold workshops on all ongoing policy-development processes.

MP3 recording here.

If you look at the Summary of Constituency Statements on Future new Services or Actions by gTLD Registries on the GNSO web site, you'll notice that the gTLD registry constituency -- presumably the constituency most directly impacted by the ongoing PDP -- is the only GNSO constituency that has not submitted a constituency statement in this process. From a statement on this process submitted to the GNSO by Neulevel, we now learn that the reason for the gTLD registry constituency's silence is lack of consensus.

Neulevel's submission includes a detailed description of a possible review process. Although I haven't digested the details of this proposal, yet, I'd recommend a look -- as far as I know, this is the first time that one of the gTLD registries speaks on the record about detailed ideas for a "registry services process."

So we're back to anonymous rumors at ICANNwatch when it comes to learning about board decisions. That's the kind of scenario that preliminary reports from board meetings are supposed to prevent. According to the bylaws, these reports are due five business days after a board meeting; in the past, they were often available on the day of a board phone conference, or -- when late -- on the next day.

Today, we're still waiting for the preliminary report from January 15 -- for instance, was the bylaw change that was up for comment before that meeting actuallly adopted?

And I don't even dare to hope that we see a preliminary report from Wednesday's telephone conference before Rome.

PS: I'd love to be told that the preliminary reports are hidden in some unknown corner of the ICANN web site and that I'm just too stupid to find them. But I don't believe that's the case.

ICANN has finally -- on 20 February -- posted the preliminary report from its 15 January meeting. On the proposed bylaw change (number of constituency representatives on the GNSO council), the preliminary report notes that ICANN had solicited comments, but that none were received. The bylaw change was then adopted as proposed.

Unfortunately, the assertion that there were no comments is simply not true. I sent e-mail to John Jeffrey on January 12 pointing out that the terms for council members proposed in the bylaw amendment were inconsistent with the concept of having staggered terms on the council; I know that at least one further comment on this was sent to Jeffrey.

I'm currently looking at "proxy registration providers", i.e., at firms that offer domain name registrations where WHOIS records don't identify the actual registrant, but the proxy service. I have, so far, found the following providers (quite a few thanks to hints contained in the ISPCP's submission to Task Force 2):

• Aplus (known in registrar listings as Abacus America) offers "unlisted" domain name registrations through a sister company. I was not able to find any terms and conditions on their web site, but that may have something to do with browser compatibility issues.
• Domains By Proxy is a sister company of accredited registrar Go Daddy. Terms and conditions.
• IDdp appears to be affiliated with accredited registrar Key Systems GmbH. Terms and conditions.
• Katz Global does domain name registration for cash and e-gold, and does not collect any information except for an e-mail address. Terms of Service; Acceptable Use Policy.
• Silent Register appears to be an enom reseller; Terms and Conditions.
• ProxyOne also seems to be an enom reseller; Terms of Service.
• 1001 discrete resources uses contact information in Panama, and gives an Antigua address in its registration agreement. Limitations; registration agreement.
• alpina1.net is, according to WHOIS, owned by Mr. Dagobert Duck from Hanoi. This may be a Tucows reseller. Recommend e-gold as payment method. Terms and Conditions don't give much information about their "unlisted registration service."
• anonix doesn't offer much information; the approach is apparently to collect as little information as possible. Acceptable Usage Policy; Domain Registration service description.

Am I missing any known services of this kind? Are there any "war stories" about the conditions under which information about registrants is actually disclosed by those providers that collect it? Comments welcome.

The ICANN blog aggregator has been rebuilt from scratch. Besides being much simpler and more efficient than the old code, the new code also leads to a shorter delay until updates about which the aggregator is notified by a weblogs.com-style ping are actually incorporated. The most visible changes are probably the re-direct to the script that generates the index page dynamically, and the changed layout. Any comments welcome. Remarks about the layout are only accepted, though, when accompanied by a new style sheet.

In late January, B has changed IP addresses. I don't remember that I've seen anything about that on the ICANN web page. Why?

... that's the ALAC statement that Karl Auerbach suggests we make everywhere until we have all the regional organizations in place. I'm sure that this input would be appreciated. But I'm also sure that it would have precisely zero influence.

The GNSO policy processes are not waiting until we can convince enough at-large structures to join ALAC and to provide some legitimacy. The processes are running. We have some ways to lobby participants and to provide some analysis from an individual user's point of view. In my view, it would be entirely irresponsible not to make use of the -- admittedly limited -- possibilities we have.

(Also, "we are involved there and there and there" is a much sexier -- but maybe not sexy enough -- marketing message than "with a lot of luck, we might have a chance to get involved there, but we haven't tried yet, so we can't tell you.")

On the IP list, Karl Auerbach explains why a TLD for "mobile content" is a bad idea, even though it's backed by major industry players. Karl's arguments are convincing.

But whom could Karl convince? I hope he does not convince ICANN: Because it is not (or, rather, should not be) ICANN's business to decide whether a TLD proposal is a good or a bad idea. ICANN's task should be to enable bad proposals to fail in the marketplace.

Question: What should ICANN do when a seemingly "good" idea and a "bad" idea compete for the same TLD string? Auction?

Via comp.risks: Netcraft: SSL's Credibility as Phishing Defense Is Tested. The unsurprising news: SSL certificates (mostly) deal with domain names. Only that match can be verified by a web browser, and signalled by a closed pad-lock. The security is ultimately based on a match between a domain name and the "site" the user wants to visit -- that is, "Amazon," "Deutsche Bank," "Earthlink," "Microsoft," "IBM", as opposed to, e.g., "ibm.de" or maybe "ibm.com." Linking the "site" (i.e., the user's idea of who the merchant is) to a domain name is, realistically, left to trademark law and the UDRP. This doesn't work for little-known marks. Less realistically, it is left to WHOIS, which, as many proponents of open access tell us ever again, is used by consumers to "verify" online merchants. This doesn't work at all -- most "ordinary" net users I know don't even have an idea what WHOIS is, and then again, we all know the database is inaccurate, can't be made accurate, and doesn't even have the data elements you'd ask for. When consumers are confused about the domain name they are visiting -- be it due to typo-squatting, be it due to cleverly crafted deceptive URLs --, though, SSL, WHOIS, trademarks, and all that stuff don't even have a chance to help them. It's this kind of confusion that the latest phising expeditions exploit.

How do you fix this? Make sure users can't easily ignore information about the merchant that's behind a site. Display it in a state bar that can't be scripted. And don't take it from WHOIS, but take it from the SSL certificate.

Chris Ambler discusses TLD strings and is concerned that ICANN could worry too much about the problems new TLDs have had in the past, with code that would claim that anything with a TLD segment of more than two or three characters was an invalid domain name.

I sincerely hope that Chris is wrong about that -- for two reasons: One, fools are inventive enough to not just assume 2 and 3 letter TLDs (Google hit #1 for address validation javascript), but to also check for the now-existing gTLDs, while essentially sticking to the same broken design -- or, worse, not even being flexible with three-letter TLDs. Two, what I've heared on this topic in Rome sounded extremely reasonable. While John Klensin's RFC 3696 on the topic wasn't mentioned there -- at least in the public forum --, others have recognized that the easiest cure is probably to implement (or just find) free sample code for domain name and e-mail address verification, and to Google-bomb that code.

In other words: Let's help the market take care of that.

Here's a policy proposal that ALAC just injected into WHOIS Task Forces one and two: Collect as little as possible, display even less. What is displayed goes into two tiers: A public one (with just the technical stuff) and an authenticated one (where some personal data may go). Whoever wants to use the authenticated tier needs to identify themselves and their purpose. Purpose and identity of data users are made accessible to registrants.

In response to other proposals that are floating around, we strongly recommend against a "shut down port 43, and do web interfaces with CAPTCHAs" approach," and make some comments on the IP constituency's call for more telephone numbers in WHOIS.

If you're interested in following the advancement of tests intended to tell humans and computers apart, www.captcha.net is a good place to start. You will, for instance, learn that some more or less simple tests that involve reading characters displayed as graphics, and entering these characters into forms, have been broken. Accredited registrars still use this kind of test, though, to protect Web access to their whois databases.

The same people that are behind the CAPTCHA project are also behind the ESP game which is about describing pictures in text. It's no coincidence that the latest captcha that they are beta-testing also involves describing images: Users are shown a collection of images, and they have to pick a word that describes what these images have in common. If that word matches, they pass, if it doesn't match, you have failed the test.

The problem with this test is that it requires an active command of written English, and that it is purely visual.

(More notes on the accessibility problems with CAPTCHAs here.)

The server on which this weblog (and the aggregator) are running will have an outage of several hours later today, due to hardware changes.

The not entirely planned outage is over. If you notice any quirks, please let me know.

ICANN has posted another update on transfers. Part of that update is a letter from NSI's Champion Mitchell (aka Best Actor Rome 2004). In that letter, NSI suggests that a default-ack mechanism (as agreed on in the new policy) will lead to fraud and slamming. NSI essentially suggests adopting a default-nack policy with standardized forms instead. At the very least, it seems, NSI would prefer another delay until all dispute resolution and appeals processes are in place, and until everything is implemented on the registry side.

Of course, this discussion has been going on since at least summer 2001. It's fascinating (I'm avoiding the word "frustrating") that NSI is now attempting to reopen this policy issue, and it is even more fascinating that they have succeeded in causing another delay in the implementation process of a consensus policy adopted by GNSO Council (in February 2003) and Board (in April 2003), and brought into implementation shape by a hard-working assistance group since July 2003.

From Free2Innovate.net (asking to be nominated for Best Supporting Actor?): ICANN has issued an updated Inter-Registrar Transfers Policy "intended to provide a procedure for the smooth transition of a domain name from one registrar to another when such a change is requested by the domain name holder." It only took ICANN one year and four months to launch the new policy after it was endorsed in a "final report" first issued Nov. 30, 2002. That's faster than normal for ICANN.
UPDATE: Thomas Roesler blames NetSol for the delay.

This is doubly wrong: What ICANN posted yesterday could be the final transfers policy -- but isn't because NSI wrote that letter. That's the delay I'm blaming them for.

Concerning all the other delays, it's worth remembering how this mess begun, and what NSI said back then.

The Domain Registry of America regularly reminds me of expiration dates of my domain names -- even if the current registrar will automatically renew the names in question --, and of the kinds of practices that ICANN's current WHOIS policies enable.

Latest letter here.

ICANN has asked the GNSO Council to consider "guidance ... concerning the criteria for designating a successor operator for .net". A subcommittee of the GNSO Council will deal with this; this committee is expected to meet first in the week beginning 12 April.

At its call last night, the GNSO Council has extended the time lines for the WHOIS Task Forces, since only few constituency statements have been received so far. The hard deadline for constituency statements is no 16 April. Preliminary reports are expected by 6 May. The rest of the process is shifted accordingly.

I'm no longer convinced that letting the mobile phone industry loose on the Internet (or the DNS) can be considered harmless: I'm seriously surprised how any industry can come up with Internet user interfaces as crappy as what is let loose on mobile phone users here.

I've been a happy user of Siemens mobile phones for several years now, and I've been using them to go online for quite some time: Connected to a laptop or a PDA through IRDA or a data cable, and connected to the Net through a data call to an analog modem or, more recently, GPRS. All that was configured rather easily, on PDAs and laptops.

Until tonight, I never actually tried to use the built-in Internet stuff, and I guess I won't try it again. To begin with, configuring WAP on a "blank" mobile phone (a C60 without infrared) isn't precisely fun -- too many parameters distributed over too many menus, with too long strings to enter over these keyboards. And the error diagnostics are vague to the extent of being useless.

Once you have configured WAP, the real fun begins: Keying in URLs on a mobile phone's keyboard. The slash was particularly interesting, 12-14 quick presses on the '0' key, with visual feedback lagging considerably behind key presses, with a timeout that interferes as soon as key presses are slow enough for visual feedback to be current, and with a mobile phone that occasionally misses a key press.

Needless to say, the server on which the desired ring tone resides was unreachable for the mobile (with unclear error diagnostics, and a connection through "real" Internet access working fine). Ultimately, a similar ringtone MIDI file was transmitted through infrared to a different mobile phone, and sent to the C60 by short message.

Resolutions Adopted at Special ICANN Board Meeting: ccNSO bylaw changes; Independent Review Panel; .pro's agreement is not terminated; redelegations of .ps and .ng.

From my spam box today: Facts Disc Price Blowout!!

These guys offer (essentially) the zone files of .com/.net/.org/.edu plus alleged 700,000 WHOIS records for $199.95. That's 0.03 cents per record.

From: majordomo@gnso.icann.org
To: roessler@does-not-exist.org
Date: Wed, 28 Apr 2004 05:52:54 -0700
Subject: Majordomo results

--

>>>> unsubscribe ga
Succeeded.

Writes Kurt Pritz: The ICANN Proposed Budget for fiscal year 2004-05 is being posted today at 4 PM Pacific time.

Verisign's case against ICANN basically was thrown out of federal court on Tuesday, with two weeks for Verisign to amend its claims. Part of the suit may end up in California state courts.

Bret Fausett lives in the right time zone, and has all the news on this.

Tim Berners-Lee's New top level domains considered harmful (Karl Auerbach's response here) makes a number of points of varying quality.

Kevin C. Golden to John Jeffrey: Finally, please let this letter serve to advise you both of VeriSign's intention to participate fully in the process for the selection of the operator for the .net registry, and that VeriSign intends to compete for the award of the .net Registry Agreement.

The GNSO Council's .net committee is currently discussing criteria to be used in picking the next registry operator for .net. There's some discussion about the role that registry-level pricing should play as a crtierion in evaluating the bids: Should the lowest bidder be selected, once baseline technical criteria are met? Or should overall "value" of the proposals (whatever this be) be considered, with price only being a minor factor in this consideration?

I'm arguing that either, baseline criteria + price should be used in evaluating bids, or that "value" needs to be defined, quantifiably: If the GNSO decides to say that apples can balance oranges, then it also needs to find a way to compare them.

It seems like too long documents are fashionable these days.

It's not just three days worth of broadcast treaty negotiations that have been minuted by a group of daring bloggers and NGO participants in the recent Geneva negotiations. (Donna Wentworth: required reading.)

For the ICANN addict, there are also three WHOIS Task Force reports totaling 202 pages of text, a Draft Procedure For Designating Subsequent .net Operator, and a modest six-page GNSO draft for criteria to be used in selecting that operator; all these documents are waiting for public comment some time in June.

On its call today, the GNSO Council has extended the public comment periods for the three WHOIS Task Forces until July 5.

The most interesting part of today's GNSO Council call begins 98:30 minutes into the MP3 recording, and takes about 17 minutes. It's on the agenda under "any other business": new gTLDs.

My notes are below the break; if something sounds wrong to you, go listen to the MP3 recording.

WHOIS Task Force 3 (accuracy) had its (first? only?) open conference call. The call was intended to extend the reach of the ongoing public comment process. It wasn't too successful at that.

I believe I hogged the line for the most part of the call, going through the individual "best practices" proposed in TF3's preliminary report. In a nutshell, the proposed recommendations either don't make sense, are harmful, or moot.

The 2003 CDT spam report is often cited as evidence that WHOIS data mining is not really responsible for any significant amount of spam.

In early May, I changed the contact e-mail address displayed in the WHOIS records of most of my domain names to a fresh address that is not being spam-filtered. For six weeks, the address did not receive spam. I almost forgot about it. Now, I'm getting daily spam at that address.

Seems like the CDT report's findings are outdated.

... then make sure that you don't have a confirmation request from ICANN sitting in your spam folder. That's what happened to ALAC's comments to WHOIS Task Force 3 which now have finally made it to the public comment archives.

(To be a little more precise: The confirmation request was caught by a rule intended to catch delivery notifications generated in response to fake e-mails. My main address normally doesn't get e-mail from mailer daemons, so these are discarded automatically.)

This comment at ICANNwatch points out that there are two ccTLD agendas for the ICANN meetings in KL: ccTLD ICANN meetings in Kuala Lumpur (wwtld.org), ccNSO meeting agenda (icann.org).

From ICANN's web page: Motion to dismiss; Renewed Motion to Strike.

Susan Crawford is on the way to KL, and promises to send a report when she's there. I'm looking forward to reading it, and hope for more news and observations from the meetings.

I won't attend the ICANN meetings this time, due to a clash with unrelated travel plans. So, no blogging from KL in this place.

I have registered several does-not-exist.* domain names. The people at nameauditors.com now let me know -- by unsolicited e-mail to my WHOIS contact mail address -- that does-not-exist.com has recently been dropped by its holder. While that's true, I still count this one as another illegitimate use of my personal data as stored in the WHOIS database.

Later: noncore.com is joining the club.

The GNSO Council met in KL today; I've been watching part of the webcast. Vittorio Bertola was sitting on the podium for ALAC. During the part of the discussion I followed, Council agreed to merge WHOIS Task Forces one and two; Task Force three will continue to operate independently.

On the .net redelegation process, Council suprisingly asked for comments from the floor, unfortunately without providing a meaningful opportunity for submitting remote comments. Bruce Tonkin plans to arrange for an opportunity for comment at the public forum, though.

Jeff Neuman (Neulevel) and Chuck Gomes (Verisign) commented today. Among the things that were said, I found Chuck Gomes' statement that retail prices for domain names are not correlated to registry-level pricing particularly fascinating; he sold this as a mathematical truth. I'd just love to see the proof for that.

On the GNSO Council list, Bruce Tonkin gives his summary of the WHOIS-related meetings from KL.

According to Tonkin, there was agreement that priority be given to recommendations that can be implemented on a time scale of months, not years, and that the task forces start designing "reference implementations" for these policies, taking care of concerns about implementability, and enabling a cost assessment.

The merged Task Forces 1 + 2 will have their next conference call Tuesday next week.

The group of people formerly known as WHOIS Task Forces 1 & 2 met today for its first two-hour conference call after Council's decision to formally merge the groups. The group received a briefing on what happened in KL, spent too much time on debating whether the two Task Force chairs should continue as co-chairs (they will do so), and finally addressed "prioritizing."

The GNSO Council today accepted the .net criteria (draft resolution text) designed by its .net criteria subcommittee. Due to conflicts of interest, Alick Wilson carried the proxies of all three registrar representatives on Council, and Amadeu Abril i Abril's proxy. The registry vote was split.

Council also adopted a position submitted by the registry constituency during the conference call. This position calls for all material provisions of the future .net contract, including the proposed fee structure (?), to be published in the draft and final RFPs. It will form part of the cover letter for the report on the .net criteria. There was little discussion on the substance of this; procedurally, there was considerable confusion: Only some council members had received the proposal prior to the call. One joined as late as during the vote, and didn't even know what it was all about. The vote was then cast as instructed by the single representative of the same constituency who had attended the entire call.

MP3 recording here.

There was some fascinating discussion on the registrars list on thick vs. thin WHOIS models for .net.

Particularly amazing: The position of Key Systems' Jens Wagner, who suggested that a thick WHOIS was a good way to cope with privacy problems -- not in the sense of actually increasing registrant privacy and designing systems that enable registrars to comply with applicable law, but rather in the sense of attempting to design systems that make compliance infeasible.

Now, that's a registrar who cares about its customers...

The registrars discussion -- despite the occasional bizarrity -- mostly demonstrates that there is no unanimity among registrars on this issue. So, what arguments can be made in favor of either model, from a registrant's point of view?

The thick registry model -- under the assumption that registries are more diligent with registrant data than some registrars may be -- helps take care of escrow concerns: When a registrar goes out of business or experiences some other kind of desaster that removes its data store, the data kept at the registry can help transfer registrations to a different registrar, and help registrants keep their domain names. Besides that, keeping registrant information at the registry helps registry operators enforce the new transfers policy, and may generally contribute to making the transfers process run more smoothly.

On the other hand, the thick model often involves transfer of registrant data (both the identifying information, and the sensitive information that is constituted by the link between a domain name and the registrant's identifying information) across jurisdictional boundaries that may separate very different privacy regimes. This concern should weigh even heavier when the registry is not just keeping the thick data set, but actually uses these data for making its own WHOIS service available to the public at large. As Jens Wagner's comment shows, thick registries can be used to design systems which make it hard for registrars to comply with applicable privacy legislation.

The thin model, on the other hand, keeps ultimate control over the publication, transfer and use of data with registrars, and with law enforcement authorities and courts that have jurisdiction over them. Registrants in many jurisdictions get the chance to chose a registrar in the same jurisdiction, and have assurance that their data don't leave that jurisdiction as part of the registration process. The thin model also makes it easier to implement alternative WHOIS models like ALAC's proposal, in which registrants are notified when their data are accessed.

Maybe it's best to start thinking about thick registry designs that quack like thin WHOIS systems. Either by keeping the thin WHOIS paradigm despite thick registry design, or by actually giving the registrar fine-grained control over what data elements are actually displayed in thick registries' WHOIS services. EPP certainly looks like it is prepared for this approach.

Tonight, I have sent final messages to the icann-europe and atlarge-discuss mailing lists, both of which were sponsored by FITUG. Both lists were dead for months or even years. Both are gone now.

icann-europe was the first thing ICANN I did: I set it up during the nomination phase of 2000's at-large elections, as a tool to enable informed discussion between potential candidates and the interested part of the community. Many candidates joined, and for some time, this list was one of the better places for talking about ICANN. The list slowly degraded after the elections, until the only remaining traffic was spam, and the occasional lunatic. In a way, this list marks the missed opportunity to turn the traction generated by the elections in 2000 into a viable mechanism for public input into ICANN.

atlarge-discuss was started shortly after the board dismissed the ALSC report in Accra, when some 1,000 people subscribed to the effort at icannatlarge.com. A number of mistakes were made there, and I feel responsible for some of the early ones.

Given that the GNSO's GA list is dysfunctional (or at least it was when I left), this means that, to the best of my knowledge, there are no mailing lists that enable public, cross-constituency debate of ICANN topics. ICANNwatch is the closest thing to this. (I don't know what the BWG is doing these days, since I was never subscribed to its list.)

I find this development worrisome: I continue to believe that ICANN needs public input. I continue to believe that it needs open and, also, online discussion. I continue to believe that it needs accountability and fresh blood. What we see instead is ever-decreasing interest in ICANN (after all, it's not as bad as, say, recent developments in copyright), and a nominating committee that extends the deadline for statements of interest.

What can we do about that?

Some weeks ago, I finally gave up on unmoderated discussion of ICANN-related topics. But then again, I'm still not convinced that blogs and icannwatch should be the only places for public discussion of ICANN topics.

That's why I have set up a new mailing list, called icann-people. The concept is simple: I'll run the list the autocratic way; no message is distributed unless I believe it is reasonable, and reasonably relevant to the ICANN community.

Subscribe here. When enough people have come together, I'll send an initial posting to let you know.

The GNSO Council met today for a one-hour conference call.

ICANN staff plans to prepare a revised report on new registry services by September 23/24.

On new gTLDs, ICANN is expecting further reports from WIPO and SSAC. A public comment period on the reports is expected to begin as early as next week. A "strategy implementation plan" is expected for the end of the month. Council plans to discuss this on its next call on October 21. The ten applications for new sTLDs are not affected by this.

On the recruitment front, ICANN is currently reviewing CVs received.

Under any other business, Marilyn Cade asked about the report prepared by Liz Williams, who had -- as a consultant to the President -- had asked GNSO participants about their experiences with the PDP; this work had come as a surprise for Council members.

I have resigned from my role as ALAC's liaison to the GNSO Council: Other obligations don't leave me the time needed for doing the liaison's job effectively -- I wasn't in KL, and I'm not going to be in Cape Town.

.mobi would at least have been a cool bumper sticker. Now dotMP (think Mobile Phone) comes out with the same ideas -- encoding accessibility from mobile devices into the TLD string --, but without the bumper sticker effect.

See also: Device Independence

ObCorollary: Any possibly lucrative idea that can be implemented in the DNS will, at some point of time, be implemented in some ccTLD, regardless of its actual quality and harmless- or -fulness. Exercise: Apply this corollary to new gTLD criteria.

ICANN has just announced two vacancies on ALAC: Esther Dyson and I are both stepping back from the committee. As far as I'm concerned, the reason for stepping back at this point is that I'm busy enough with other obligations, and that I'm finding it increasingly difficult to spend the necessary amount of time and attention on the committee's work.

I believe that the committee is facing three key challenges at this point.

First, policy work needs even more attention than it has had so far. Yes, we have been able to get involved with just about every GNSO policy process that was initiated over the past two years. But ALAC needs to devote more of its collective attention to these processes. And ALAC must, ultimately, be given more formal influence on policy decisions made.

Second, ALAC needs to get its "at-large structures" and "RALOs" up to speed, so future vacancies of initial members can be filled by elections, as opposed to the present ad-hoc process involving ALAC and the Board. I'm increasingly skeptical about using RALOs as instruments for policy input, though: ICANN issues -- while they can have quite a bit of impact on individual Internet users -- are often rated as low priorities by potential ALSs, when compared to, say, the copyright outrage of the day. At the same time, these issues can be rather complex, and require quite a bit of time and effort to cut through. Ultimately, I believe that the model of having a bunch of dedicated people serve on an advisory committee and do the policy work, with the at-large structures providing accountability, is the way to go.

Third, ALAC needs to become more open. While ALSs may not be able to spend the collective attention needed on ICANN topics, individuals who do follow these issues appear occasionally. ALAC must be able to get these people involved, and ALAC must be able to bring these people together with the "at-large structures."

There is another challenge that ALAC has to deal with: The legacy of the at-large elections in 2000. For many people, ALAC looks like a poor replacement to having prestigious board seats and global elections. In a way, that's true. But look at the policy-making reality: Board members rarely intervene with actual policy issues (new TLDs being the notable exception); when a consensus policy arrives on the board's table, that's usually in the end of a long and complex (and often frustrating) negotiating process. ALAC provides the opportunity to get involved with these negotiations.

If you are interested in serving on ALAC, want to make sure individual Internet users' voice is heared in ICANN's policy decisions, and are from North America or Europe (there are no vacancies for other regions at this point), please let the committee know at <committee(at)alac.icann.org>.

To those colleagues who continue to serve on the committee (and to new volunteers entering it), I wish good luck, and much success. It has been a pleasure and a privilege to work with you guys.

The ICANN Blog Aggregator now supports enclosures: In the end of articles like Bret's Audio Lextext 5 (aggregated version, for the moment), you'll find a bullet point list of enclosures.

Let me know if you observe any problems.

Ross Rader writes on the IP lobby's role in Internet (and ICANN) matters, and vents quite a bit of frustration.

ICANN, meanwhile, has assigned a new role to Intellectual Property Interests in its Strategic Plan: The same people who want to enforce the accuracy of WHOIS data elements which aren't even collected according to the RAA (namely, registrant phone number, facsimile number, and e-mail address) are now, on page 7 of the plan, classified as "technical bodies and organizations."

While I'm on it, another interesting part of the plan is its description of the Policy Development Process on pages 12 and 13, where Advisory Committees now submit policies to the ICANN Board for ratification. (They can't.)

Writes James Seng, on new gTLDs and the innovation argument often made: Innovation ideas are like frogs' egg: a thousand hatched only one or two survive to maturity (quote Peter Drucker). Like many others, I love to have that one or two frogs but we aren't sure how to deal with the 999 other dead tadpoles.

This argument is in line with the stability concerns one often hears at ICANN meetings: In order to keep gTLD registrations stable, just stick to the current gTLD registries, and block these "unstable" new firms from entering the market. After all, it's likely that they might fail. The interesting assumption with this approach is that the current set of gTLD operators will remain stable. We don't care whether frogs are extinct worldwide. Our weather frog is immortal, and that's all we care about. Ooops, what's this thing under my shoe?

I'm worried by this approach -- from a stability point of view: Any given business has a certain chance to fail. So, the question is not so much how can we keep the current registries stable?, but rather, how do we make sure someone else carries on when they fail?

Instead of being scared of possible failure, ICANN should think about how to deal with it. ICANN should be thinking about escrow solutions. ICANN should be thinking about how it can contribute to establishing a healthy and sufficiently large pool of operational registry businesses. And it should be thinking about how to help make sure that the registrations in any given TLD remain an asset in case of bankrupcy of a registry business, and not become a liability: Make sure that, when a registry fails, someone else has a business interest in picking up the remains.

ICANN Staff has sent this message to the combined WHOIS Task Force. Essentially, they disagree with much of the group's recommendations on how to deal with a conflict between the RAA's WHOIS provisions and applicable law.

Timing of this move is poor; procedurally, it amounts to a staff attempt to veto a Task Force's decisions: The criticism comes after almost a year of work; the thrust of the group's recommendations was visible by the time of the ICANN meetings in Kuala Lumpur.

On the substance, though, there's one point where I find myself in agreement with the staff document: Fixing WHOIS, globally, is certainly preferable over tinkering with compliance mechanisms.

The excellent anonymous Still at Large blog points to this proposal currently under discussion with the registrar constituency. Basically, that proposal amounts to rejecting those recommendations from GNSO WHOIS Task Force 1+2 that haven't been torpedoed by ICANN staff. Since the registrar constituency is (besides registrants) one of the parties "most affected" by the proposed policies, that constituency's vote will have to be taken very seriously.

As one of the members of TF1+2, I'm of course unhappy that the group has finally come full circle, and that the work done over the past year (it's not just 175 days -- there were TF1 and TF2 before!) seems mostly moot today: On conflicts between applicable law and the RAA, we're waiting for ICANN staff (still no appointment, sorry); on tiered access, we're apparently back to "fact-finding" (not that we spent spring 04 on that, in two separate groups); and now, on notification and consent, we can look for a new consensus, because the contracted party objects.

Looking for new consensus, though, becomes increasingly difficult: The registrar constituency is now about to reject a consensus that has been negotiated (and, I seem to recall, approved) by that very constituency's representatives. It is doing so at a stage in overall WHOIS policy-development at which the formal PDP is being used as a process for documenting agreement.

The message that the registrar statement is about to send to the overall ICANN community is that its representatives on Task Forces can't be taken seriously. That's far worse news than all the missed deadlines and other systemic flaws in ICANN's policy-making process.

Against my earlier plans, I'll spend next week's Monday and Tuesday at the GNSO's Amsterdam meeting on the ICANN strategic plan. I'll be speaking there on behalf of the ALAC. When I'm done preparing my remarks, the slides will be here.

I spent Monday and Tuesday of this week in the basement of the Schiphol Sheraton, at the GNSO meeting that was renamed to the "Amsterdam Consultation on the ICANN Strategic Plan."

Notes here.

Bret Fausett points out that the registrar accreditation agreement is under review, and that ICANN expects to put out a new one in June. It will be interesting to see how the GNSO Council is going to interact with this process.

This is also a good occasion to recall the relationship between policy and contract in the ICANN environment. For purposes of illustration, let's look at Marilyn Cade's public comment on .net and WHOIS. In this comment, Marilyn skillfully conflates current contractual practice (thick registries regularly have a WHOIS that makes far too much information available, and the important thick registry WHOIS services all look similar), diffuse notions of policy, and the very specific concept of a consensus policy (as defined in the relevant contracts). From this concept stew, she derives that any bidder for .net that promises less than a thick registry with all the WHOIS information you could imagine, on ports 80 and 43, is violating applicable policy, and hence not eligible for the future operation of .net.

Marilyn's conclusion is amazing, for several reasons. On the one hand, there simply is no consensus policy that would demand that a thick registry provide a "full" set of WHOIS information. Close inspection of the existing registry contracts will, indeed, show that there are quite a few variations already.

On the other hand, those bidders that the comment attacks propose different variants of thick (or mostly thick) registries. Each of these models would make more information visible on the registry level than what is available from the current thin registry. And each of these models would leave the registrar-level WHOIS services intact.

Finally, there is certainly no explicit policy at all that would mandate gTLD registries to be thick. There was nothing in the GNSO criteria for .net that would envision a mandatory thick registry, and the .net RFP clearly envisions thin registry proposals. This despite the fact that all newly added gTLD registries have been thick - or have been changed into thick registries during contract negotiations, as has been the case for .name. That TLD was originally proposed to run on a thin registry.

I wonder when we are going to see an ICANN community that stops playing around with smoke and mirrors, and starts engaging in rational discourse. After all, we need an ICANN that works, not one that pretends to work.

One of the GNSO's WHOIS Task Forces is now invoking the ICANN ombudsman, to be able to move on with its work. In December 04, ICANN staff had effectively vetoed one of the policy recommendations the group had made. Since then, the group has not succeeded in even getting an appointment for a conversation with ICANN staff.

People all over the place are trying to decipher the U.S. Statement of Principles 06-30-2005, which seems to assert, according to one reading, that the United States Government intends to keep its control over ICANN.

I see a number of statements in here: The first principle asserts that the USG intends to preserve the security and stability of the Internet's Domain Name and Addressing System. That could be right out of an ICANN statement of priorities, and does not imply any statement of distrust in ICANN. Notably absent from this section (and from others further on) is any mention of how long the USG is going to maintain its role.

The second principle -- Governments have legitimate interest in the management of their country code top level domains (ccTLD) -- is not so much a bold assertion of governmental influence on Internet governance, but much more an assertion of that influence's limits: On the one hand, the government role is confined to the ccTLD space, on the other hand, it's confined by the DNS's stability and security (which is, in turn, ICANN's job).

The third statement is a statement of support to ICANN, with the usual description of ICANN's role as "technical management."

The fourth and final statement -- Dialogue related to Internet governance should continue in relevant multiple fora -- is notable for its emphasis on multiple fora, and private sector leadership, as opposed to a single, multi-stakeholder thing that could be installed as the new oversight body.

What the statement is lacking is any indication of how long the USG will maintain its historical role and exercise continued oversight.

I'm sure that this statement is a direct response to the -- so far unpublished -- WGIG report. Much of the context we're missing now will fall in place when that report becomes available.

ICANN comes to Luxembourg next week, and I'll, of course, attend the conference.

Not paying as much attention to ICANN matters as I used to, I looked at the published agenda page for that meeting today, to figure out what sessions will be interesting, what are the topics I should read more about, and generally, what the agenda will be.

The experience was both frustrating and enlightening: Actually relying on the public meeting agenda, I don't find out what the agenda is for the GNSO public forum, for the GNSO Council session, for the Public Forum, or for the Board session. I'm also not informed about the details of ALAC's open meetings -- apparently, there are some, but there's, once again, no agenda published. (Or, at least, it's not linked from the meeting page.)

As far as the "At-Large European Meeting" on Sunday is concerned, I got an invitation, but no follow-up: I have no idea which organizations are going to be represented. There was no preparatory telephone conference. There were no preparatory discussions of the agenda.

One of the very fundamental aspects of holding meaninful open meetings is that those who are going to participate have an idea of the agenda.

With this ICANN meeting, they don't get that idea.

(I think I'll make this comment at the Open Mike part of the Public Forum.)

The IRC back channel for the ICANN meeting is #icann, on irc.freenode.net.

Writes Kieran McCarthy: To make myself feel better, I sat in on a bit of a closed session of ICANN’s government advisory committee (GAC) - something they hate and which a German reporter had told me earlier they are very strict about. She was forcibly ejected last time. But with goodwill flowing like sweet honey, even this small pleasure was ruined by everyone being nice to one another. What’s the point in having a closed session is you don’t start dishing the dirt?

The GNSO Council is holding its version of the public forum, which partially takes the role that the DNSO GA should have had back then. So far, the public forum has been rather uneventful, with (remarkably) not a single person stepping up to the opefn microphone to comment on WHOIS.

We are now in the middle of reports from the constituency chairs, and Bhavin Turakhia read a statement from the registrar constituency regarding the .net redelegation. They essentially consider the board's agreement to that contract a breach of trust, and have a list of fundamental aspects that they would like to see revised. There was applause in the room after that statement was read.

It will be interesting to see how the interaction between the registrar community and the board plays out in the public forum later this week, as there is little doubt that the .net contract will be the dominating topic there.

The GNSO Council is now discussing the strategic plan. People are unhappy with the way in which the current state of the strategic plan was developed, and don't believe it's backed by consensus. The following resolution is accepted with a few abstentions:

The GNSO Council does not currently believe that there is a consensus of the ICANN community in the support of the strategic plan. The Council encourages the development of a consensus-based strategic plan.

Under "any other business", but not unexpected:

The GNSO Council expresses its concern to the Board that the final .net agreement was not posted for public comment prior to approval, given the significant changes made to the agreement from the previously posted draft.

The motion is phrased by Marilyn Cade, after a statement, and after Bruce Tonkin wondered if a one-sentence resolution was the right thing, "for clarity."

Cary Karp objects, based on lack of consultation. Tonkin calls the vote. gTLD registries, IPC abstain; NCUC, registrars, BC, and ISPCP vote in favor. Tonkin notes that he will note the concerns raised in reporting the resolution. Lucy Nichols (IPC) seconds the concerns. Tonkin suggests that the resolution attempts to summarize the community consensus he hears from the constituencies. Discussion on what the abstentions mean -- not sharing the opinion, or simply not having a clear position that would support this particular resolution. Discussion on how this be presented to the board.

Writes Kieren McCarthy, about the site of the Luxembourg ICANN meeting: That combined with the fact that the conference centre is little more than a giant truck stuck in a massive car park in the full sun, except with carpets, doors and partition walls. Asylum seekers have died in such circumstances.

An EU presidency mostly failed in these rooms, quite recently.

Tat said, the meeting organization does, indeed, leave some desirables open. For instance, it seems unthinkable here that breaks happen when they fit the work, and that this is maybe not precisely when they are on the schedule. "You have to respect the schedule," told me one waiter, and hence refused to give me any coffee before the scheduled minute.

The GNSO Council taking a little longer than scheduled was apparently another unthinkable surprise: As one participant put it, security personnel was kicking people out of the building once Council was done. Once people had left the building, it required extensive arguing to get back in.

I'd wish conference organizers would realize that the main purpose of such a meeting is -- surprise! -- meeting, and that side discussions and hallway talks are key to a successful conference. Conference organizers shouldn't put obstacles into the way of these conversations, but should rather think about what they can do to enable them.

I spent the last two weeks in Wellington and Auckland, New Zealand -- and, for a significant amount of time, on board various aircraft. The occasion was attending the ICANN meetings in Wellington; I'm currently involved with ICANN as a member of its Nominating Committee. Unfortunately, much of what goes on on the NomComm is unbloggable. Much of the rest of the meeting didn't strike me as particularly note- or blog-worthy.

One important part of these meetings is the social event (or, rather, are the social events). ICANN is, fortunately, joining the club of those who hold these in nearby major museums: We were served canapees at the Te Papa Tongarewa, the Musem of New Zealand, and had access to (most of) the exhibits there. After the IETF's visit to the antisocially good Musée d'Orsay last summer, this is one of the better social events I've experienced, and I very much hope that other groups will start to join this trend.

Another tradition that is evolving in ICANN Social Events is the sports evening; this time, bowling. Besides being a clever marketing event for Auda (they were clever enough to give out free baseball caps for the first strike -- people were actually wearing these, despite the incredibly ugly and Cheney-safe color combination), these ones help to bring the rather diverse and fractioned ICANN community together.

Kudos for both of these choices to the local organizers.

(And yes, it is a bit sad that the social events were the most bloggable thing that happened all week. Besides Mike Palage leaving the board, maybe.)

Susan Crawford has a laundry list of things that ICANN needs to do. One of her items has been a theme in the ICANN community for a while, and it came up in Wellington as well: 1.5 We need to make better tools available for policy development purposes.

As I told some senior ICANN staffers in a hallway down there, ICANN isn't really lacking the tools. ICANN has archived mailing lists. It has a web server. People do use instant messaging. It is possible to build a decent collaborative environment based on these tools.

What ICANN lacks is a culture of collaboration: Appoint an editor for documents. Publish things quickly, and at a stable location -- right now, everything that goes on the ICANN web site needs five days for conversion to HTML (why not use HTML for authoring?) and review by General Counsel; drafts are generally word documents that are exchanged by e-mail. Make minutes available, quickly, and link them from a web page. Link, whenever you refer to something. Have Instant Messaging back-channels during conference calls.

Bad enough, a large part of the ICANN community seems to believe that tool support can solve problems that are actually caused by the overall work style in the ICANN community.

Unfortunately, it doesn't really look like the work style of ICANN's current leadership mixes too well with online collaboration. So we'll probably hear more about how ICANN suffers from inadequate tools, how a new position has been staffed to achieve Excellence in Collaboration and is now reviewing a lot of expensive toys -- and in the end, everybody will continue to work the same way they do now.

As someone said in Wellington: "E-Mail doesn't really fit my work style." I think I was speechlessly puzzled in that moment. And then, I started to wonder how on earth that person got the job they hold now.

This is a comment that I've sent to ICANN about the planned new .org, .biz, .info registry agreements.

I am writing this note in my personl capacity, as a long time observer of and some time participant in ICANN. It applies equally to the .biz, .info, and .org agreements.

The apparent ability for registries to arbitrarily increase prices for domain names at the time of renewal puts one of the most fundamental factors in the DNS's success to date at risk (one might say, its very purpose): The easy availability of persistent globally unique identifiers.

ICANN's At Large Advisory Committee (I was on that committee in a prior life; it's supposed to advocate users' interests in ICANN) seems to have opened up the mailing list that it's suggested to use for the bulk of its work. There's, of course, also an internal list that the public doesn't get to see. It was probably time for this move.

List Info Page.

In a prior life, I've been a member of ICANN's At-Large Advisory Committee from 2003 through 2004. I was one of the folks who, back then, were seeing ALAC as an advocacy platform, and focused on the policy side of its work, pushing for what, in our judgment, were Individual Internet Users' best interests. Honestly, I can't claim a whole lot of tangible success for that, despite hard work by a number of people.

To this day, I still occasionally dangle my feet into these waters, though I've again and again promised myself not to do it again.

To say I'm disappointed by what I've seen recently would be an understatement: While I'm happy there is a number of people who, presumably, really want to move things, I'm appalled to see how discussions among both European and North American participants take on an increasingly divisive tone. There isn't much to be seen of a common goal to advocate users' interest in ICANN -- rather, a lot of fighting for table scraps (when there's more than enough work for anybody who wants to gamble some of their time on ICANN and its at-large activities!). ALAC's ICANN staff support seems most interested in staging pretty signing ceremonies and press events, one per ICANN General Meeting.

The result? Artificial and rushed time lines, premature consensus calls, and a lot of bad blood and mistrust among participants who really ought to be working together (and have been able to talk reasonably to each other before they got into fights around ICANN). Also, the ability for ICANN to pretend that there's real end user participation and representation, when there are really very few ways (if any) for ALAC to make a real difference in policy decisions -- even though the committee has some limited power to help shape ICANN's policy agenda.

Here's a Gedankenexperiment for you: Imagine ALAC was simply shut down. Would things change for the better? Or for the worse? Would we maybe see more thinking about what accountability in ICANN's processes might really mean? (And no, the sometimes surreal ombudsman doesn't provide that.) Would we see the organization really be any less sensitive to users' needs?

2007-05-21 edited to add: Relevant comment threads are in Wendy's and Patrick's blogs.

I was checking out the ICANN Meetings page and noticed that they've recently added a "ICANN meetings update" mailing list, with a pretty prominent form for subscription.

Of course, just an e-mail address isn't enough for ICANN: Mandatory information for subscribing to the list includes name and company; they also ask for the country. The subscription form claims that "ICANN will not sell or make available any of your information to a third-party without your consent" -- however, the list is actually hosted at Constant Contact, an e-mail marketing company. Of course, no indication is given for what purpose the name, company, and country information will be processed, and what Constant Contact (not ICANN!) will do with the information.

Somehow, it's fitting that the organization that's been dragging along WHOIS policy making for ages behaves that cluelessly when it comes to dealing with community members' data protection.

ICANN's GNSO council had WHOIS on its agenda for today. The options on the table: (1) Accepting the outcome of years of policy development processes; (2) rejecting that outcome (again?), but calling for some kind of fact-gathering to feed into future policy work, in order to keep the space occupied; (3) acknowledging that there is broad dissent in the Internet community, and calling for a sunset on the WHOIS clauses in current agreements, as these clauses are not backed by community consensus any more.

Not very surprisingly, motions (1) and (3) failed; (2) was accepted; all that after lengthy discussion, with lots of procedural bells and whistles.

In practical terms, this means that the ICANN community's attempt to come to consensus about WHOIS is over for now. It is pretty clear that there is indeed no WHOIS policy that that community can agree on without a change to the political environment that it is operating in; it is also clear that this is not due to a lack of factual knowledge or background research, but because of deeply divergent views on the issues. Maybe taking time out would help. Nevertheless, the GNSO (and ICANN as a whole) also suffers horror vacui: ICANN is, after all, the organization tasked with coming to consensus about these kinds of issues, and ICANN giving up means a big opening for others to step in.

Therefore, ICANN is now trying the "fact finding" excuse: We'll hear that ICANN recognizes the importance of WHOIS policy making and the challenges ahead in this area, and hopes that new models in policy making (which look a bit like a return to very old models for policy making) and more gathering of factual information will help future policy development to yield results where none could be found before.

ICANN staff will be charged with the unenviable task of engaging on this fact-finding mission, again; similar missions happened ca 2001/2002 (anybody remember the WHOIS study?) and 2003/2004 (fond memories of using the ombudsman to get a meeting with staff). Staff will produce a report (I'd guess with some delay), which will then lead to terms of reference which will look a bit like the ones we wrote in summer 2003. The process will then restart. I don't envy those who will be part of this particular round. I'm glad I'm out of this particular rathole.

For some more commentary and links, see Wendy Seltzer's take in Deja Vu Day.

Earlier this week, I submitted personal comments on ICANN's Nominating Committee Review process (report here). My main points: The confidentiality of the Nominating Committee's proceedings is actually a good thing, and should be preserved, even though we know it comes at a cost. Likewise, the unaccountability of individual members of the nominating committee is important. The chair is critical for the committee's success or failure. While the review report's recommendation to have the chair-elect serve on every given committee is a good one, its recommendations on the Associate Chair and Administrative Director would be positively damaging.

Besides this, there are a number of places where the report seems to recommend fixing issues where none exist; I recommend not doing that.

As far as the Nominating Committee's overall credibility in the community is concerned, I can only hope that, as more people experience its processes first-hand, understanding and acceptance will grow.

It seems like ICANN doesn't have RSS feeds for its correspondence and minutes pages.

Well, two quick screen-scrapers later:

• Correspondence RSS feed
• Minutes RSS feed

(These are updated hourly. If anybody on the ICANN webmaster staff reads this, I'm happy to send you the XSLT sheets that generate these feeds.)

ICANN has just published an exchange of letters with the US Department of Commerce, around a proposal to deploy DNSSEC in the DNS's root.

• Letter from Paul Twomey to Meredith Baker, 2 September
• Letter from MEredith Baker to Paul Twomey, 9 September