This past meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), ICANN 67, was intended to be held in person in Cancun, Mexico, but was actually the first meeting to be held entirely online and virtually. It was a well-managed affair with fewer sessions than the in-person meetings and less opportunity for the community to convene and meet as individuals.
The last-minute change from an in-person to a virtual meeting impacted ICANN’s ability to provide translation services for the full set of UN-supported languages, Arabic, Chinese, English, French, Russian, and Spanish. ICANN 67 supported only English, French, and Spanish. Nevertheless, kudos should be given to ICANN staff and technical teams for managing a productive meeting on short notice.
Despite the quick turnaround, international time-zone, and other technical challenges, the ICANN meeting sessions were well-attended, afforded opportunities for the community to interact and presented few if any harmful glitches. Most impacted by the change was likely the Government Advisory Committee (GAC). Their geographical, language and time-zone diversity made it difficult for them to meet under the circumstances, and as a result, their advice and communique was limited.
There were a few topics and issues that were especially well represented including access to GDPR redacted registrant contact data and the Expedited Policy Development Process (EPDP), Malicious abuse of the domain naming system, the role of ICANN compliance, and the redelegation of .org in the ICANN public forum and other sessions. Despite coverage of these important topics, there were few developments or changes that will immediately affect our customers who are seeking to protect their brands online.
Access to GDPR-redacted registrant contact data and the Expedited Policy Development Process (EPDP)
- Though the projected timetable for completion is approaching quickly, and the EPDP chair, Janis Karlins, is slated to roll off of this project, there are many topics that are still being debated, leaving some to believe that many items in the scope of the EPDP may be unresolved in Phase 2. There is extensive debate in the community about whether the EPDP should continue or if other policy development should continue outside of this “expedited” process.
- In a surprise move, the Generic Name Supporting Organization (GNSO) Council weighed-in on whether registration data accuracy should be considered by the EPDP. They voted to exclude this from scope leaving many to question whether a reveal process is even necessary with no mechanism to ensure underlying data accuracy.
- The Privacy and Proxy Services Accreditation Implementation (PPSAI) has been on hold due to perceived dependencies on the work of the EPDP. And, though the EPDP team discussed and eliminated the dependency on their work, the PPSAI appears to remain on hold. With the accelerated adoption of privacy and proxy protected registration data, in the face of wholesale redaction of data, malicious actors are relying more heavily on both levels of obfuscation of their identity to secure their activity. Some say that well over one-third of infringing and malicious domains have privacy and proxy protected registration data, which is bad news for brand protection- and security-minded community participants.
- Debate over the scope of the System for Standardized Access/Disclosure (SSAD) continues. Fervent discussions over what elements will be automated, for which types of requests, by what parties, and which purposes continue with little agreement between contracted parties and those seeking to protect users from abuse of the domain naming system.
Malicious Abuse of the Domain Naming System
- DNS Abuse was one of the most discussed and debated topics of ICANN 67 including a session led by the At-Large Advisory Committee (ALAC)
- The ALAC created a video for the community and led a session that sought to define abuse and rally the community behind modes to combat it. Additionally, ALAC has defined combatting abuse as one of its current objectives, and they have created a resource microsite to support that effort.
- Since the previous ICANN meeting in Montreal, contracted parties (registries and registrars, otherwise known as the CPH, contracted parties house) have gained further support for their abuse mitigation framework.
ICANN Compliance Enforcement
- Also discussed at several sessions was ICANN’s compliance function.
- Much debated was whether contracts provide sufficient language to support taking action against all malicious registrars.
- The debate and discussion was civil, cooperative, and maintained the tone and spirit of the community wanting to make sure that bad actors have no place in the DNS while recognizing the challenges facing ICANN Compliance.
The Purchase PIR/.ORG by Ethos Capital
- Last year’s announcement of the acquisition of .org by Ethos Capital was a dominant topic in the Public Forum sessions of this ICANN meeting.
- Criticism of the deal has been wide-ranging, from worries that this is an “insider deal” to more substantive claims about the legitimacy of the deal, along with Ethos Capital’s defense of the transaction.
