Join our upcoming webinar recapping the recent ICANN 79 meeting. This session will share highlights of important industry policy developments that will affect your online domain name, brand protection, and cybersecurity strategies. This will cover:

  • New gTLD program (round 2) updates

  • Recently published Registration Data Policy that will dramatically change the data in gTLD WHOIS records

  • Transfer Policy Development Process update

  • DNS abuse


Receive a free consultation or learn more about our services.

Contact us 


Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo. To set up a live demo or to request more information, please complete the form to the right. Or if you are currently not on CSC Global, there is a link to the website in the description of this video. Thank you.

Christy: Hello, everyone, and welcome to today's webinar, "ICANN 79 Insights from the meeting in San Juan Puerto Rico." My name is Christy DeMaio Ziegler, and I will be your moderator.

Joining us today is Gretchen Olive. Gretchen is the Vice President of Policy and Strategic Account Management. For CSC for over two decades, Gretchen has helped Global 2000 companies devise global domain name, trademark, and online brand protection strategies and is a leading authority on ICANN. And with that, let's welcome Gretchen.

Gretchen: Thank you, Christy, and thank you, everybody, for joining us here today. I know days are busy, never enough time to do it all. So really appreciate you spending a little bit of your day with us today.

We have a full agenda like is always the case for these ICANN meetings. It never seems to disappoint in terms of what we have to talk about. So we're going to move on to it very quickly here today. So let's first start with, as I always do, I like to kind of just make sure we all start off on a level playing field, kind of understand a little bit about the ICANN meeting structure and sort of ICANN structure overall.

So ICANN has three public meetings a year. This was the first meeting of the year here in March. It typically happens in the March time frame. This is kind of dubbed the Community Forum. It's a six to seven-day meeting, lots and lots going on, work group meetings, high-interest topic meetings, a lot of ability to network with the different stakeholder groups within the meeting itself. So always a busy meeting full of information and to-dos.

In terms of ICANN itself, you'll see at the very bottom, in the middle there's a box for the President and CEO of ICANN, which there's still an executive search going on for. There's an interim. Sally Costerton is the Interim President and CEO right now. But president and staff, and then we have the Board of Directors. And then everybody in the middle there is volunteers. They're part of different stakeholder organizations or advisory committees that advise the ICANN Board.

In this webinar series, we really focus on that big blue box in the middle there, the GNSO, the Generic Name Supporting Organization. That's made up of multiple different constituencies, everyone from registries to registrars to IP interests and business interests, etc. So this is the group that we really focus most of our attention on in this webinar series.

And then, you see to the right a bunch of gray boxes, with the darkest gray box being on the bottom. This is the different advisory committees that advise the Board, and they kind of chime in at different points in the policymaking process.

Just as a reminder, ICANN is a bottom-up, multi-stakeholder, consensus policy-driven organization. Multi-stakeholder and consensus, you can you can probably tell that's a hard environment. Getting everybody on the same page across the globe with very different perspectives, very different interests is something that takes quite a bit of time. But the policy work is done sort of in that supporting organization structure, and then it bubbles up to the Board of Directors for eventual review and adoption of the recommendations.

And those advisory committees provide ICANN with some insights, whether it be technical insights or public policy insights that typically come from the Governmental Advisory Committee or the GAC. They get advice along the way, and the word "advice" in the ICANN context is a very kind of technical term. It's an official, defined term that's used in the ICANN bylaws. So advice can't be ignored. So it's something that they either have to accept, reject, ask for clarification. But it's really important that that doesn't kind of fall by the wayside. It's something that's tracked, and ICANN needs to respond to.

So with all that being said, let's jump right into it. Certainly the dominant topic for this meeting, and it's been the last few meetings, is what's the path to the second round of the new gTLD program. So for those of you who are maybe just getting involved in this, in the domain space, ICANN in 2012 had their first round in new gTLDs. And it was a process whereby there was a defined period of time for which an application could be put forth by an entity. ICANN was quite surprised by the number of applications they got. They got over 1,900, so 1,930 applications for 1,409 unique strings. Thirty-three percent of those applications were for what's called DotBrands, where companies applied to own their own top level domain or TLD on the internet and be able to operate that in a closed fashion.

So you can see a little chart there where we kind of break out how those DotBrand applications kind of broke out by industry. But there are still some straggling TLDs that have not yet been launched from that first round. There's been a ton over the last believe it or not 12 years now, studies, assessments, policy development work that's been going on for the last 12 years.

It's kind of a little bit humorous in that kind of the guide book that was sort of call it the Bible of the new gTLD program, where it really set out like who qualified to apply, what were the qualifications needed by applicants, how would the application be processed, what would be the delegation process, what were the agreements that parties would need to sign, and kind of commitments they would need to make, that book was called the Applicant Guide Book or often referred to as the AGB. And in that first AGB, there was, in the early days, a statement that said ICANN intended to open the second round within one year of the closing of the first round. We're a little bit off from that certainly, but there is a lot of pressure right now to move to the second round.

So it's interesting. There are some parts of the community, when I say the "community," so I showed you that ICANN org chart, that whole group of people and anybody who kind of follows ICANN is really considered the ICANN community. And so there are different positions throughout the community. Some are very anxious, want to be able to have their own TLD. Others wish that there wasn't a second round that's going to be coming. For a little bit of time, there was a little bit of a question whether or not there would be a second round, but we've certainly gotten past that now.

There will be a second round, and the second round will be for a defined period of time. It's not going to be just like they open the application window, and you can continue to apply infinitum in terms of like the amount of time. There will likely be, just like the first round, a specific set of time, it was about five months for the first round, where you could put forward an application, and there was a very defined process for that. So we're expecting that for the second round.

And it's been a busy, hard to say that, but it's been a busy 12 years working through all that work. ICANN has finally gotten to the point where, at the end of the summer last year, they expected the ICANN staff to develop an implementation plan based on a lot of the policy work and operational design plan and operational design assessments that were done leading up and as part of that policy development work. And they did receive a plan. The ICANN Board did receive a plan by August 1st of last year.

So with that, some people will say, okay, we have all these TLDs. I think it's debatable how successful some of these TLDs have been. Especially the ones that are available to anybody to register, a lot of them don't have even like thousands of registrations. Some of them just have a small number of registrations. Some of them have already failed. Some of them have been bought by other registry operators. So there's been a lot of flux.

So why? What are what are the primary objectives, the key objectives for a second round? And ICANN has identified two key ones. One is the focus on diversity and inclusivity. The first round of TLD was not diverse. Most applications came from North America, followed by EMEA, a handful from APAC, a very, very small handful from Africa and Latin America.

It was not as diverse as they had really hoped. And the feeling that most of the world's population does not speak the English language, and there were not a lot of applicants who applied for what's called IDN strings, internationalized domain name strings. Those strings, they're in different language scripts, so Arabic, Chinese, Japanese. The internet browsers and internet just technology in general, hardware, software, etc. has through the years had some trouble kind of translating those IDNs and making the hardware, software, and internet work as one would intend.

So there's been a lot of work done around universal acceptance and trying to make sure that this round is far more inclusive, far more diverse. There's far fewer barriers for non-English speakers and emerging economies around the world, regions around the world to participate in this round. And that's kind of coupled with the call to ICANN to reduce the number of barriers for potential gTLD applicants.

The first round really was full of applicants who were insiders, if you will, very familiar with ICANN, participate in ICANN meetings in the industry. And the feeling was is that there wasn't enough outreach, there wasn't enough awareness to sort of the globe that there's a reason why Latin America and the African continent and a lot of countries within APAC did not participate. Some of it was financial, and some of it was just lack of knowledge and sort of the professional contacts and resources to be able to put forth an application because it is not sort of like a one-pager. There's a lot to an application, and it's very difficult.

So these are the two reasons why ICANN feels really strongly that there needs to be a second round. Like I said, there's varying opinions across the spectrum of the ICANN community whether or not that's really the case. But it is clear that the second round will be happening.

So the question then becomes, and I get this I get asked this many times a week, so when? And we've had some time we've had some fun in this webinar series kind of speculating as to when that will happen. And for those who attended the last webinar we did of the year on the last ICANN meeting, there's this timeline of they kind of call it the two plus one. What that means is that the work in the kind of the two bracket can be done concurrently with the work in the one-year section. And while it's really three years of work, it can be accomplished in two, and that should get us to April 2026. That's the current projected timeline for application window opening for the second round.

ICANN is not known for hitting deadlines. They haven't been historically. They're working really hard at that. And there's certainly a lot of interests to not only manage but also complexity to doing this. So right now, you'll see in just a second, their current scorecard sort of says things are on track. But here's sort of just like a kind of overview of sort of what this really entails like to get this off the ground.

So the Implementation Review Team or IRT, that's been assigned to kind of like get this going here. They've broken the Implementation Plan that ICANN staff put together into kind of nine subprojects that will all map to the New Applicant Guide Book. So the Applicant Guide Book that existed for Round 1, it needs revisions based on all the policy work and assessments, etc. So the nine projects all map to the Applicant Guide Book to kind of cover these topics. So no surprises here.

But then there's four program elements that kind of go across the entire program. And think of it in your own organization, there's like shared services, things that cut across every department and team in an organization. And things like communications and outreach, engineering and IT systems, finance human resources, there's all those things that have to be kind of baked into not only getting these projects done but sort of the implementation and execution.

Here's the scorecard I kind of alluded to is that right now they feel like everything is green for that April 2026 date. There's a lot of dependencies, and we'll talk about that. But right now they're feeling like they're on track for that.

When we do look at the dependencies, you start to feel like, okay, maybe they've gotten off to a good start, but there're still room for things to go sideways. And I would say that's true. However, I also would say, having been around when the first program launched, they're far more organized this time, and there's a lot more sort of like very detailed project plans, detailed project management, comprehensive sort of reporting again on sort of what's happening, what's not, what's stuck. We're in early days here of the implementation, but so far so good.

But let's just talk about some of the dependencies. So I talked earlier about advice that's given by the different advisory committees. So the GAC has given quite a bit of advice over the life of sort of everything from when the first round launched to the present day. And the ICANN Board even has a scorecard where they keep track of the advice because, as I mentioned earlier, advice is not something they can just ignore. They must formally accept it, formally reject it, or ask for clarification. And when there's a rejection, if the advisory committee disagrees with that rejection, then there's a formal process to kind of go through and have kind of a mediation, if you will, as to the ejection and what the ultimate outcome will be.

The GAC has several issues that they're still kind of looking for some further detail on — auctions, applicant support. We'll talk definitely more about applicant support and auctions. That is starting to really get some clarity around it.

There was also this issue around or this advice around ICANN promising to do an economic study about sort of the benefits, the cost benefit analysis of the new gTLD program, the first round there. The GAC has repeatedly reminded ICANN like, "Where's the economic study? Where's the economic study?" Late last year, they pulled together some of the different assessments and kind of internal ICANN studies that had been done and kind of handed that to the GAC. And they were like, "Hmm, that's not really what we asked for. We asked for like an independent, third-party assessment."

After some back-and-forth though, kind of rolling into this meeting, there was some concern that the GAC might really sort of plant a flag in the sand and say, "Nothing goes further until this economic study is done." But what turned out to be the case during the meeting is the GAC has kind of pulled back and said, "All right, while this was not exactly what we were asking for, we've been involved in this whole move to the path to the second round. It's clear the community and kind of global stakeholders are expecting a second round, so that's going to happen. We just want to remind you, ICANN, you can't just kind of disregard our advice or give us sort of just some documents and think that's going to be okay." They really kind of said, "We'll give you a pass this time, but we're not going to be so nice the next time."

So I think some good news for ICANN there that they don't have to kind of get a third party and gear up this whole third-party survey. But I think it's definitely something that will . . . I think it's the right decision to just move forward because there has been so much policy work and sort of discussion, but I do think that ICANN will need to be careful to make sure they get final resolution on the other advice.

There's also advice from the At-Large Advisory Committee around closed generics. We'll talk a little bit about that in a second. That kind of got resolved here just before the meeting. There's also some Security Advisory Committee recommendations.

So lot to do in sort of the advice column, but also there's just a lot of just like work that needs to get done, and things like completion of the Applicant Guide Book, the actual opening of the round, and a final approval of the Guide Book, and sort of all the program development and publication of results from the Applicant Support and Registry Services Provider Evaluation Programs. We'll talk a little bit more about that. Also communications and awareness campaigns, and the list goes on.

So again, on target currently for April 2026. A lot to get done. Currently at green. We'll continue to watch. There's a chance that things could go later, but I am starting to feel more and more like we're not talking like a delay of a year. I think if we see delays, it'll be months, like, oh, maybe it moves from April to September of 2026 or something like that. But we'll continue to watch that carefully.

Now let's just talk about some of the things that have been kind of tied up. I mentioned that economic study piece. Also what got wrapped up was, just before the ICANN meeting, the ICANN Board sent a letter to both the At-Large Advisory Committee, the ALAC and the GNSO. And there has been years of work and debate between those two groups and the Governmental Advisory Committee or the GAC about this whole closed generic issue.

And what this closed generic issue is, is that in the first round there were some applicants, some corporate applicants who applied for dictionary terms, things like book or car, and wanted to operate it as a closed.brand. So names would only be able to be registered by the applicant itself. And so those were deemed closed generics. They weren't available for general registration. And there just was something that obviously didn't feel right about that.

And the GAC really raised the issue saying, "Wait a minute. We can't give you know companies sort of exclusive use of a dictionary term on the internet." The GNSO kind of came back with their arguments. The ALAC, the At-Large group had their arguments. And this kind of spun round and round. There were teams and small teams and subgroups and lots and lots of discourse and debate on this.

And what the Board has kind of done is like, look, we are still not at an answer despite all this work and all this discussion. So we're just going to take closed generics off the table for Round 2. They're not permitted in Round 2. We're not saying they're not permitted forever. We're just saying in Round 2 not permitted and work can continue on this until there's some consensus on this issue. So they kind of just took the issue off the table and said not going to be available. Closed generics not available this round. So that's certainly something to tick off the list.

There's also been some discussions around draft policy language on the list of topics there. The IRT is sort of actively talking about these things. There's also been community consultation around things called public interest commitments and registry voluntary commitments. These were things that kind of came up as Round 1 was in progress. This sense that some of the strings that were applied for really related to specific like regulated industries or groups of people that need protection of some sort. And then also, with the registries, the registry voluntary commitments were around things that they should just be doing to kind of make sure the space stays clean.

So these were issues that came up in the first round, and there's community consultation going right now on this because the feeling is we don't want to be dealing with these public interest commitments and registry voluntary commitments. We want to make sure that it's very clear what's expected, so that as people put forward their applications, they're including their public interest, as entities put forward their applications, it's clear what public interest commitments they may be signing on for or registry voluntary commitments they may be signing on as part of their application so that that can be part of the review process.

So that started after the last ICANN meeting. There's three sub-tracks of work that's been kicked off — the Applicant Support Program, the Registry Service Provider Evaluation, and then the Registry System Testing. And just to give you a little bit more color around these things, the Applicant Support Program really relates back to those primary or those key objectives we mentioned of Round 2. The GAC has been very strong in saying there needs to be some financial support for applicants who may not be able to bear the full cost of an application or the professional services needed to put forth a winning application, a qualifying application. So wanting ICANN to come up with a program where there is some financial support, also some professional support, a lot of awareness, and sort of competency building. So that's very important to the GAC and something that ICANN has committed to do. They haven't put forth an exact program yet, which is something that the GAC is quite antsy about since we're just about two years from the window opening or the projected opening of the second window. So that work has started in earnest.

Also during the first round, let's say there's about 15 registry service providers who operate the sort of technical backend of a TLD, sort of like all the plumbing and electrical for a TLD to work online. What happened in the first round is that every application, even if there was a hundred applications that used the same technical backend, had the same technical responses, they had to go through a hundred different rounds of evaluation of their qualifications and their capability and testing of their registry system. So they're trying to basically create a more efficient and effective and less resource-intensive process for that, where there can almost be like a pre-validation, if you will. The registry operators will go through sort of an evaluation and testing and kind of be certified as like they meet the new gTLD Round 2 requirements so that it doesn't have to happen on every application. So that work is really underway.

There's also been an initial public comment period that is just closed — it started in the beginning of February, and it just closed a couple of days ago — around some of the more or I should say the less controversial topics in kind of like almost preamble sections of the Applicant Guide Book. So the important thing to understand is ICANN plans kind of three major comment periods where they will kind of dump out the draft language to get comments.

But then, once we kind of get through all the Applicant Guide Book, there will be a final comment period where the entire Applicant Guide Book will be posted for comment. And I think that's where you really see things more clearly because there's so much interconnectivity between some of these things. So yeah, one comment period has just ended. There'll be another couple other tranches of kind of draft language for comment, so another two comment periods this year expected. And then the kind of ETA for the full Guide Book is somewhere around Q1, Q2, probably like end of Q1, beginning of Q2. So that's the current track for the whole draft Guide Book to get out there and get a full public comment. So a lot on the fast track here.

So there are some things that are kind of happening around this sort of path to the new gTLD program from a policy development process standpoint, that are kind of dependencies and need to be completed in order for the Round 2. In addition to all that work we've just gone through and kind of things that are underway, there's some separate policy development that needs to happen to sort of coincide with the launch of the second round.

One of those things is the Internationalized Domain Name EPDP. That's Expedited Policy Development Process. So we've talked already about sort of the importance of diversity, inclusivity, and kind of universal acceptance and all that stuff like that. So this is something that's been worked on since about May of 2021. There was an initial report that was published in April of last year, with public comment period. There's some interconnectivity. This kind of goes back to what I just said.

There's some interconnectivity between the work here for IDNs and this basically subsequent procedures, often called SubPro PDP outputs that are like really driving the modifications to the Applicant Guide Book. And it's really around like gTLD variant labels again, homoglyphs, all this stuff that kind of conflicts between ASCII and internationalized domain names, and kind of causes hardware, software, and the internet do sometimes get confused.

So the GNSO did confirm the project plan, the phased approach during ICANN 78, so a couple of meetings ago, and kind of came up with a timeline of where they thought they would be done. And initially, there was some concern. Their initial timeline had an additional 13 months on it. And after they delivered the Phase 1 Final Report to the GNSO, the Generic Name Supporting Organization, and the GNSO approved all 69 recommendations that they had in that final report, they got going with Phase 2 deliberations. And they're way ahead of schedule by 13 months. So they were able to say that they expect the delivery date of the final Phase 2 report to be in October of this year. So this is, again, like lining up nicely with current projections for launch of Round 2. So this continues to move with pace.

I've mentioned the new gTLD Subsequent Procedures PDP, often referred to as the SubPro PDP. This has been something that's been going on since 2015. We've been talking about this for almost 10 years. It's a little crazy. It kind of boggles the mind when I think about that. But there was a lot there. This was really the meat and potatoes of how the first round of the new gTLD program rolled out. The PDP that they launched they kind of broke it out into different work tracks. The five are listed there. And work has been going on.

You can kind of see some of the more recent developments. A Final Report was published in January of 2021. There was the need to do an operational design plan and an operational design assessment for what was published. And then the ICANN Board contemplated the recommendations, adopted 98 of them. But there were 38 of them that they still felt like there was some more work, they needed some more clarity around before they could commit to those. So that was March of last year, so it was just about a year ago. And by May, ICANN had formed an Implementation Review Team to start work on those 98 that were adopted, and that's again largely what we're talking about here. But they also decided the GNSO, the Generic Name Supporting Organization, when the Board did not adopt all the recommendations and sent those 38 back, they formed what was called a Small Team to review those and work through those underlying concerns.

So where are they right now? The SubPro Implementation Review Team, their work is underway on adopting those 98. And like what does that mean? So when a final report is published, they are really recommendations. It's not policy language. You just can't go, "Okay, we approve, move forward. This is now how this will work." There actually has to be implementation work, like how mechanically will this logistically happen. There's also so policy that needs to be drafted, or maybe policy that exists today that needs to be revised, things like that. So that's what the IRT, the Implementation Review Team is working on.

The Small Team is working on those supplemental recommendations and sort of trying to clarify those ones that were not adopted by ICANN. So they've got to get to kind of final, and then it goes back to the Board. And then that will be sent off to the Implementation Review Team, what gets adopted, to include in their work. So again pretty complex and a lot of a lot of work. There's just no other way of saying that.

The other thing going on around sort of this path to Round 2 has been the Registration Data Policy and Disclosure. So some of you may remember this is sort of like an EPDP that started in 2018. It's basically when the general data protection regulation was enforceable in May of 2018. It was the first time ICANN had to recognize that the different WHOIS policies and contractual language that they had in registry and registrar contracts were not compliant with privacy regulations. They had long known that, quite honestly. I mean, I can remember my first ICANN meeting, somewhere in 2020, hard to believe, and we were talking about WHOIS back then. It's been an issue that has plagued this industry, and never the right solution has kind of arisen.

But in 2018, when GDPR became enforceable, ICANN had no choice. There was some work that was done leading up to that, for like a year and a half leading up to that, but they couldn't resolve the issue that had always kind of plagued them. It was sort of this misalignment with data privacy laws and regulations and practices across the globe. So they had to recognize that they had to kind of put a hold on everything. They implemented what was called the Temporary Specification, and what that Temporary Specification largely did is allowed registries and registrars to redact information that would be personally identifiable out of WHOIS records. So you've lost addresses and names and emails, things like that, and that has really been a big problem for the IP community, for the law enforcement community. And so we've been working through this process since really mid-2018 to try to finally get to a new and improved Registration Data Policy and then also a process by which disclosure could be provided in limited circumstances, where there's a real, legitimate purpose to disclose further than what's publicly published from the record of the domain name.

So it's been a long road, but I have some good news to say. ICANN, they did finally publish the Registration Data Policy. That happened in February, and so just prior to this meeting, on February 21st in fact. And I give you a link there where you can see the policy. This has been a long time coming. It was hoped that it would be published in December. It didn't. There's some reason for that around urgent requests, and we'll talk about that in just a second. But I want to just go through this little bit of timeline that's on the bottom of the slide so everybody kind of understands what to expect.

So policy is published, and the registries and registrars have been notified, officially notified. Now this Registration Data Policy is not only going to kind of change how what we all call the WHOIS will look like. It also significantly will require changes by registries and registrars. So there's a lot of technical work, development work that needs to get done by registries and registrars to make this policy happen.

So there's this basically six-month policy publication and implementation preparation period, where registries and registrars have the time to kind of like dig into their processes, their systems and kind of identify basically all the changes that need to be made. And there's going to be a lot of kind of back-and-forth with ICANN to kind of understand, get clarity where there's questions and things like that. So that's really what the next six months is about.

Then they have this 12-month transition period. So a registry or registrar could show up on August 21st, 2024, and say, "We've implemented everything." That's possible. And you will kind of over time, over that course of the year probably see more and more registries and registrars be ready, have their systems and processes and procedures ready to fully transition into the new policy.

The goal is that everyone will be transitioned into the new policy by August 21st of 2025. So again, you can kind of see how this all is aligning. We have the application period for the Round 2 in April of 2026. And here, the year before, you'll have the full transition into the new Registration Data Policy, and that policy will be effective on August 21st, 2025. So that's what's going to happen.

Now let's talk about some of the changes. This is just very really high level. Again I have the link there for you to see the policy, and we'll be talking much more about this as time goes on. But I think one of the biggest things that like almost makes my heart stop is the elimination of the admin contact. And I think a lot of you who are in this space and have been around the space for a long time realize like the admin contact has been the sun and moon of everything. So that's going to require some big changes. There's also some changes around the tech contact. The data there will be reduced. There's also some changes around the transfer of registration data, so some work that needs to get done there.

There's also some normalization that will happen around the registrant organization. There have been a lot of challenges in sort of how that registrant organization gets treated within a WHOIS is record and what it triggers and doesn't trigger. There's also some registration data retention changes, and then we're going to talk a little bit here about disclosure of information.

One of the things that delayed the publication of the Registration Data Policy is the part of it about urgent requests. So sometimes like law enforcement comes and says like, "There's a potential of imminent harm. We need this information. We have a very urgent request to get that information. It will help us in our investigation." There's still some, I would say, unclear parts of what was drafted, what was kind of put forward for that initially. It had gone through public comment and everything, but still at the end there were still some questions in terms of timing and who's responsible for what and different things.

So they were hoping that they could maybe get those clarifications wrapped up and publish the policy in December or January. But that didn't work. They ultimately held that back. There's a little bit of policy work. We're not talking years. We're talking probably months. And it's not even really policy work. It's more like clarification work. But nonetheless, the policy got published in February, which I think was good.

Along with this, so now we've got a policy, there's also the access part of this, the disclosure basically of information. How can you get that information? How do you get behind what's published publicly? So there's been a whole big process around this. It feels like that's the theme of the day here, like there's been lot done here already. But nonetheless, the initial kind of proposed solution to the data access problem was something called SSAD system. And when that was published, they did the operational design plan and the operational design assessment. And it came out with like this very wide-ranging price tag of like $14 million to $106 million, and years and years of implementation, like 4 to 7 years of implementation.

And it really shocked the system and really made people question like, "Are we really sure we want to commit this amount of time, money energy resource, and are we really sure that this is going to solve the problem?" And I think the general consensus was there's no guarantee, like there's questions. And so, ultimately, what was decided is like maybe we should put together more of a quick and dirty solution to try to use as a proof of concept to see like how often requests would be made and what types of requests and how would registrars handle those requests. Like could we put together something really quick and run it as a proof of concept, low cost, low effort and just sort of try to scope this a little bit?

So what ultimately happened is something called the RDRS, the Registration Disclosure Request Service was created. ICANN created it. They kind of used some existing systems that they have, and they modified it to be able to kind of take in these requests. And the ICANN Board, in February of last year, kind of green-lighted the development and launch of that. And it ultimately did get launched in November of 2023, so late last year. And it's now running as a proof of concept there's been an agreement for at least two years.

So what does that look like? So there's no cost to make a request to the Registration Data Request Service. But what it is, is it's really more a tracking of your request system. And let me let me explain that.

So you log in to the system. You kind of create an account or a profile for yourself. You log in to the system, and you put forward a request. And there's basically fields you need to complete. So it structures the request better than like just getting random emails. So that's a good thing.

The request then goes to the registrar. Now first, the registrar needs to be participating. It is not mandatory for registrars to participate. CSC is participating, but it's not mandatory for registrars to participate. On the next slide, I'll share some statistics around this. But nonetheless, it's voluntary. So if the registrar is participating, then the request will be pushed to the registrar.

And then the registrar, if they need any kind of further information from the requestor, that all happens outside the system. The registrar will email the requestor and get whatever additional information and make a final decision. And then the registrar needs to go back into the system and indicate the final disposition of the request.

So again, it's sort of like a ticket tracking system. It's not really doing anything more than that. But it will give us the opportunity to scope the number of requests, the types and nature of requests, and what sort of ultimately happens with these requests. So that's a good thing.

There are certain members of the community, some sections of the community that were very disappointed that ICANN went this route, that it wasn't enough. There are other parts of the community that feel like this whole thing is ridiculous. I think it depends on which camp you sit in. I know that as a brand holder and an IP holder, you really want this problem solved, where you can get information to enforce IP rights. And law enforcement certainly feels the same way. And so I feel like any step in this direction of being able to quantify what's going on and capture these requests and track these requests and make sure they get answered is good.

There's a lot of work that still needs to be done, and that really came through in the ICANN meeting and from the GAC, of like let's continue to evolve this as this is running. We're not going to just like put this out there, keep it in its current form for two years, and then make a decision. We've got to kind of actively work to improve and evolve this to get to something that will give us the right information and potentially be the right foundation for the next kind of phase of this.

So the other thing to understand is just because you put in an RDRS request does not guarantee access to the registration data. So sometimes there's privacy laws. Sometimes there's contractual situations that don't allow the disclosure of that information. So there's no guarantee that, if you make a request, you will get the information. So that's also what's seen as another flaw of the system. Again, it's really a ticket tracking system.

So ICANN has been trying to put out monthly reports around this. And like I said, it was launched in pretty much late November. So we've really only had a few months here. These are statistics based on November through the end of January. So there are 75 registrars participating. There have been 851 requestors signed up in January, for a total of about 2,332 total requestors. Been 510 total requests so far. More than half of them were submitted in January. And then approval time generally is averaging about four days. Denials are usually received within typically it seems like three days, and partial approvals average about eight days. So those are the early stats, if you will, on this.

We're going to be following this closely and obviously following how this evolves and sharing input. We are using the RDRS as part of one of the enforcement tools that we use to help our customers enforce their rights. So it's an experiment right now, but at least it's a step forward. We're not just spinning in the same spaces we've been for really the last 10 years.

All right. One other thing here to just mention, from a policy development standpoint, is the transfer policy development process or PDP. This has been an interesting one because it kind of got underway in February of 2021. There was some work done. An initial report was published. It was starting to gain some steam. But really, now with the new Registration Data Policy, and obviously some changes are going to need to be made to the transfer policy given the changes to the WHOIS record, there's kind of like multiple work streams coming together here.

So the work group is now expecting to deliver kind of a second initial report covering what they've come up with as a list of charter topics and basically include all that in an initial report in August of this year. So again, all trying to coalesce to get things done before that April 2026 date.

DNS abuse has been a topic over the last two years, certainly a pretty chunky topic at ICANN over the last two years, justifiably so. The problem is not getting better. There continues to be widespread abuse that happens around DNS abuse. Different parts to the ICANN community are kind of focusing on different things. The GAC has really been emphasizing the importance of quality abuse reports and good reporting. And they want this all before again Round 2 starts.

You have the Contracted Party House. That's like registries and registrars of the Generic Name Supporting Organization, the GNSO. They've been very much focused with ICANN on DNS abuse amendments. Those amendments we've talked about them, leading up to this webinar, over the last several webinars. They got approved, and they are set to go into effect in registrar and registry contracts April 5th. Includes a new DNS abuse definition, so that's really important. That's been missing for a really long time. As well as there are some terms used in that those amendments, things like "actionable evidence," "prompt action," and a requirement to "stop and/or otherwise disrupt." Still more work needed there. They're not fully flushed out.

The GAC raised as well it's going to be hard to enforce and to report without some like more evidentiary standards and some more meat on what exactly those words mean and what the impact are and the best practices are and what the expectations are. So I expect that work we'll be seeing that over the next year.

ICANN Compliance was very clear that they're already building plans for auditing and enforcing those amendments in registry and registrar contracts. So again, kind of this all coalescing to try to do what can be done to mitigate DNS abuse.

At the end of the day, this is happening. There's many other forums where DNS abuse is being talked about outside of ICANN, as it should be. But we all have a part to play in mitigating DNS abuse. There's some work that can be done by governments and regulators and policymakers and like different trade groups and organizations. But also there's some common sense things we can be doing that really don't cost anything or cost minimal to make your organization more safe.

So one of the reasons we include, in kind of documents that you can download, the CSC "Domain Security Report: is it's a great document. I really welcome you to share it with your colleagues, particularly your colleagues in security departments because we've done extensive research across the domain ecosystem and have really highlighted some key gaps or areas of improvement that can be made. We researched the Global 2000 and kind of came out with these findings. And then not only is this research in the "Domain Security Report," but recommendations on how your organization can mitigate DNS abuse and have your domains be more secure. So I highly recommend that you check that out. And again, it's downloadable from this webinar.

All right. So we're coming in into the home stretch here. But I always end every ICANN webinar talking about the GAC. And I continue to say if you really want to know where things are going in the ICANN world, all you need to do is look at the GAC and what they're thinking about, what they're talking about, who they're meeting with. It will tell you where things are, where they're going, and where they're not going.

So just to update you, the GAC is made up of 182 country and territory members. These are typically like ministers, assistant ministers, like telecom, information security, that type of section of the government. There's 39 observer organizations. And at the end of the day, there's about 500 delegates that show up to ICANN meetings, that kind of coalesce around the GAC to provide those insights from a public policy standpoint, that advice to the ICANN Board.

So what are they worried about? Every ICANN meeting, they issue what's called the GAC Communiqué. It happens at the end of the meeting. And part of that Communiqué are two sections I always look at. One is the Issues of Importance, and the section is what is the new advice that the GAC, that very formal advice that the GAC is sending to ICANN.

So in terms of issues of importance, we've talked a lot about most of them already here. But just to kind of highlight a few that we haven't, the privacy and proxy accreditation implementation, that was work that was done pre-COVID and was ready to be implemented and then got halted because of all this other stuff that the registration data work that was being done. They felt like that whole Registration Data Policy and the disclosure and everything else like that had to get done before they could implement this. And there has been lots of clamoring to basically get this unstuck and moving. So the GAC really kind of, again, reminds ICANN these are very important things to get done, let's get to it. As well as WHOIS is accuracy.

Transparency and GNSO statements, again, we've talked about this before some. But there's a lot of attorneys and lobbyists that kind will attend an ICANN meeting, and sometimes it's not always clear whose interests they're representing. And so this has become a bit of an issue and has caused quite a bit of tension in the ICANN community because when you're working through policy, when you're having these debates, the feeling is you should know who you're debating with and what they are representing. So there's some work there to get those statements of interest kind of a little tighter.

And then around like regional internet registries, making sure they're properly supported, as well as trying to accelerate IPv6 implementation because it will benefit the internet community.

So those are issues of importance to the GAC. Two issues where they gave basically what they call consensus advice. One is the Applicant Support Program. We talked about that during the session. But really what the GAC is saying is we want to see a formal plan. We want it on paper, and we want it now. And then also the urgent requests for disclosure of registration data, they want ICANN to wrap that up. Like that's the one piece that's missing from the Registration Data Policy right now, and they want them to get that done quickly. So that was the advice that the GAC gave.

And we have made it through our whirlwind tour of ICANN 79.

We're ready to talk.


Our specialists are ready to answer your questions.

Maximum characters: 250

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Learn how to unsubscribe from emails.