2018-05-20

News Review | ICANN's GDPR Train Wreck 25 May 2018 & Beyond

graphic "News Review" ©2016 DomainMondo.com
Domain Mondo's weekly internet domain news review (NR 2018-05-20) with analysis and opinion: Features • 1) ICANN's GDPR Train Wreck 25 May 2018 & Beyond, 2)Other ICANN news: ICANN IRS Form 990 for FYE June 30, 2017, 3) Names, Domains & Trademarks, 4) ICYMI, 5) Most Read.

UPDATE: ICANN Webinar on Final Proposed FY19 Operating Plan and Budget | ICANN.org: webinar on 24 May at 14:00 UTC (10:00 am EDT in US)--learn more about the proposed ICANN budget changes and ask questions. Webinar link: https://participate.icann.org/finance/.  Budget Executive Summary in Document 1 [PDF, 305 KB]. A recording of the webinar will be posted at the community wiki.

Original Post:
1) ICANN's GDPR Train Wreck 25 May 2018 & Beyond
ICANN's GDPR Train Wreck  ©2018 DomainMondo.com (graphic)
a. Apparently, it finally dawned on the ICANN Board of Directorslast weekend, how incompetent the ICANN management team has been for the last two years in preparing for the EU's GDPR which becomes enforceable May 25, 2018. In a flurry of activity beginning with the Board's workshop May 11-13, in Vancouver, Canada, through Thursday's (May 17, 2018) Special Board Meeting, the Board managed to adopt and publish (see embedded pdf here) a "Temporary Specification for gTLD Registration Data" good for 90 days, beginning May 25, 2018 (renewable by the Board every 90 days thereafter, for not more than a year).
https://www.icann.org/resources/board-material/resolutions-2018-05-17-en
In a self-congratulatory blog post, the ICANN Board Chairman Cherine Chalaby tried  to put the best "spin" possible on the situation, while somewhat acknowledging how incomplete and deficient the Temporary Specification really is, "there are important elements remaining to be finalized." That may be the understatement of the year.

But even on the surface all may not be well at ICANN re: GDPR, no word yet on what the following Special Board Meeting 21 May 2018 agenda notice published Friday by ICANN.org pertains to:
What litigation? ICANN is not saying, at least not yet.

Who's definitely not happy? The U.S. government (Trump administration), trademark lawyers, corporate lobbyists, and a slew of others, including internet security professionals, as well as most domain name registrars and registry operators who will have to carefully implement new GDPR data requirements by May 25th in regard to domain name WHOIS data (see letters below) or face stiff penalties from the European Union's GDPR DPAs (data protection authorities).

Editor's note: I would be remiss if I did not note that one irony of this whole situation is that all of this could have been avoided had ICANN and the Obama administration (US gov) not been in such a hurry to finish the IANA transition by October 1, 2016 (implementing a US gov decision made in 2014 in response to the global reaction to the "Snowden revelations") or had allowed an intergovernmental successor to the U.S. government's stewardship of the internet and oversight of ICANN and the "IANA functions" via the IANA functions contract. The EU's GDPR was already known and published in May, 2016, and ICANN CEO Goran Marby said (in answer to my question at a Quarterly stakeholder call) that he became aware of the "ramifications of the GDPR for ICANN" shortly after he came aboard as ICANN President and CEO (in May 2016). But neither Larry Strickling, then NTIA administrator, nor ICANN, nor any of the "experts" retained then by the U.S. government or ICANN, raised the GDPR as a concern before the IANA transition was completed  October 1, 2016.  But for the IANA transition, the U.S. government could simply assert its sovereign authority, and immunity, to collect, process, and publish all of the gTLD domain names WHOIS data it wished, to whomever it thought was an appropriate recipient, at internic.net or elsewhere. Now we, the global internet community, are left watching a dysfunctional "ICANN community," dominated by special interests (it costs about $20,000-30,000 a year, per person, just in travel costs and related expenses, to fully participate in ICANN meetings), trying to hammer out a complete GDPR-compliant WHOIS policy over the next twelve months.

b. Redline of Changes - Temporary Specification for gTLD Registration Data | ICANN.org: 17 May 2018 redline-changes-gtld-registration-data-17may18-en.pdf [356 KB] embed below, differences between the published May 14 and finally adopted May 17 versions:

c. What Goes Around Comes Around--Domain Name Registrars Want Six-Month Moratorium (minimum) from ICANN's Temporary WHOIS-GDPR Specification: Letter 16 May 2018 (pdf), to Göran Marby, Chief Executive Officer, Internet Corporation for Assigned Names and Numbers (ICANN):
Dear Göran:
This letter follows ICANN’s intention to create a “Temporary Specification” for registry and registrar compliance with the European Union's General Data Protection Regulation (“GDPR”). Contracted party registrars have been working on our own technical implementations for many months, as there was no guidance from ICANN regarding proposed or actual new policies. Any temporary specification adopted now that significantly deviates from previously held expectations and models will be far too late for us to accommodate for a May 25, 2018 implementation date.
For this reason, we ask that any temporary specification include a formal ICANN compliance moratorium, not shorter than six (6) months, providing us an opportunity to conform, to the extent possible, our GDPR implementation with the GDPR-compliant aspects of any ICANN temporary specification. We note that the six month timeline for implementation is a minimum and an estimate. Depending upon the scope and scale of changes, many registrars will need a longer period to implement any temporary specification imposed by the Board upon the community, and there should be an option for registrars to apply for an extension.
Very truly yours,
Graeme Bunton, on behalf of the following Registrars: Endurance, GoDaddy, Tucows, Blacknight, 1&1, United Domains, NetEarth One, Cloudflare
Cc: Cherine Chalaby, Chair, ICANN Board of Directors, and Jamie Hedlund, SVP, Contractual Compliance & Consumer Safeguard
d. Christian Dawson, i2Coalition & Thomas Rickert, eco - Association of the Internet Industry to ICANN Board of Directors, 17 May 2018--ICANN.orggdpr-comments-i2coalition-eco-icann-proposed-temporary-specification-gtld-registration-data-17may18-en.pdf [87.5 KB] (reformatted and highlighting added):

e. Other Related:
• Deferral of transition to Thick WHOIS Policy Implementation for .COM and .NET--Approved Board Resolutions | Special Meeting of the ICANN Board 13 May 2018 | ICANN.org: "... Whereas, the deferred enforcement period will allow the ICANN organization to continue to engage with the relevant European authorities including the European Union Article 29 Working Party, data protection agencies, contracted parties, and other pertinent stakeholders to gain a better understanding of the relevant aspects of GDPR and how it relates to ICANN's work and the organization's policies and contracts with registries and registrars, including the Thick WHOIS Consensus Policy.  Resolved (2018.05.13.06), the President and CEO, or his designee(s), is authorized to defer compliance enforcement of the Thick WHOIS Consensus Policy for six months to 30 November 2018, 30 April 2019 and 31 January 2020, respectively, to allow additional time for the registrars and Verisign to reach agreement on amendments needed to applicable registry-registrar agreements to implement the Policy."

• URS & UDRP Provisions relating to WHOIS/Personal Data (pdf)

• GDPR Models/Analyses | Comments | RiskIQ | ICANN-Proposed Temporary Specification for gTLD Registration Data | ICANN.org: 17 May 2018 gdpr-comments-riskiq-icann-proposed-temporary-specification-gtld-registration-data-17may18-en.pdf [121 KB]

• Letter from Manal Ismail to Cherine Chalaby | ICANN.org: GAC response letter to the ICANN Board regarding the revised scorecard on the ICANN61 GAC GDPR Advice ismail-to-chalaby-17may18-en.pdf  [525 KB]

• Letter from Constantinos Georgiades to Göran Marby | ICANN.org
Issue: Request for Guidance: GDPR Impact on the Domain Name System and WHOIS
georgiades-to-marby-16may18-en.pdf [220 KB]

2) Other ICANN news
graphic "ICANN | Internet Corporation for Assigned Names and Numbers"
24 May 2018 UPDATE re ICANN IRS Form 990: Reporting Violations to IRS
IRS Complaint Process Tax Exempt Organizations | Internal Revenue Service | irs.gov: Members of the public may send information that raises questions about an exempt organization's compliance with the Internal Revenue Code to IRS - EO Referrals, 1100 Commerce Street, MC 4910 DAL, Dallas, TX 75242. They may use Form 13909 (excerpt shown above), Tax-Exempt Organization Complaint (Referral) Form, for this purpose. In addition to oversight by the IRS, tax-exempt organizations are subject to oversight by State charity regulators and State tax agencies. You may also want to send a copy of the referral you send to us to your state charity regulator and/or state tax agency [for ICANN that is the State of California]. Other Links:
Original section:
ICANN IRS Form 990 for FYE June 30, 2017 (period July 1, 2016-June 30, 2017) excerpt: 
[*Correction 23 May 2018] ICANN Gravy Train: Ex-CEO Fadi Chehade paid more than $500,000 in the Calendar Year 2016 in which he left ICANN  in March. (Chehade resigned effective March 12, 2016). *Xavier Calvez, ICANN CFO, provided the clarification in a response to the below email, stating: 1. all compensation information in the ICANN Form 990 is only for Calendar Year 2016 not FY17; 2. that ICANN Sr. VP Sally Costerton, is not an ICANN officer; and 3. that to his knowledge, none of ICANN's Forms 990 have ever been audited by the IRS or any governmental authority.

3) Names, Domains & Trademarks
graphic "Names, Domains & Trademarks" ©2017 DomainMondo.com
a. ICYMI CENTRstats Global TLD Report end of Q1 2018 | centr.org excerpt:
 CENTRstats Q1 2018

b. Sales Pitch Press Release .SUCKS Launches http://www.trademarkinfringement.sucks With Intent of Providing Intellectual Property Protection Online: "not claiming [registering] a .SUCKS domain can negatively impact a brand or trademark." Editor's note: I am sure Vox Populi's (.SUCKS registry operator) intentions are as pure as the "driven snow."

c. UDRP complainants beware: careless attitude doesn't pay off  | WorldTrademarkReview.com

4) ICYMI Internet Domain News 
graphic "ICYMI Internet Domain News" ©2017 DomainMondo.com
a.  GDPR & Google Nightmare: Google’s Selfish Ledger is an unsettling vision of Silicon Valley social engineering | TheVerge.com"... The video, shared internally within Google, imagines a future of total data collection, where Google helps nudge users into alignment with their goals, custom-prints personalized devices to collect more data, and even guides the behavior of entire populations ..."

b. Gambling operators scoff as Norway approves DNS-blocking | CalvinAyre.com: "blocking the domains of internationally licensed online gambling sites."

c. How reasonable are the EU’s digital taxation plans? | aei.org

d. Oracle to Launch Internet ‘Weather Map’ - CIO Journal. | WSJ.com: "Service combines data points on paths and routing with AI to gauge internet performance worldwide."

e. The Senate Voted to Stand Up for Net Neutrality, Now Tell the House to Do the Same | Electronic Frontier Foundation | eff.org

5) Most read posts this past week on DomainMondo.com: 
graphic "Domain Mondo" ©2017 DomainMondo.com
-- John Poole, Editor, Domain Mondo 

feedback & comments via twitter @DomainMondo


DISCLAIMER

Domain Mondo archive