As per an announcement from ICANN CEO Fadi Chehade, Kurt Pritz, former Chief Strategy Officer at ICANN and gTLD specialist has resigned from ICANN. Until Pritz became Chief Strategy officer in October he was Vice President for Stakeholder Relations. During the new gTLD program he was the key person presenting many of the facts of the program to various stakeholders.

To the ICANN Community,

Regretfully, I have accepted the resignation of Kurt Pritz, who has served most recently as ICANN’s Chief Strategy Officer.

Kurt has submitted his resignation because of a recently identified conflict of interest, which he immediately communicated to ICANN. After analyzing this conflict of interest, we decided that a change in Kurt’s role within ICANN would be appropriate. Kurt decided to resign his position and role as an officer of ICANN, to best serve the interests of the organization. Kurt will be engaged as a subject matter expert where needed, but will have no access to new gTLD applicant information nor will he play a role in the new gTLD program.

I have already put in place a plan for the reassignment of all of Kurt’s management responsibilities.

I would like to thank Kurt for his many years of service and commitment to ICANN and our community.

Respectfully,
Fadi

Further details about the nature of the conflict of interest have not been released.

[via DomainIncite]

A Christmas gift from ICANN to new gTLD applicants? Information from today’s ICANN teleconference for new gTLD applicants.

• The new gTLD draw will take place on December 17th, 2012 (afternoon)
• Tickets for the draw have to be purchased before that date. Tickets will be for sale from December 12th to the morning of December 17th at the Hilton LAX in Los Angeles.
• The draw will take place at the Hilton LAX in Los Angeles as well and will be open to the public.
• Draw details to be published on November 16th, 2012.
• ICANN has obtained a license to hold a lottery in California.
• Applicants can purchase the tickets or name a proxy to purchase them for them. Applicants do not have to be present for the draw.
• Evaluation results to be expected in August 2013 (originally June 2013)
• Background screening results will be published at the same time as Initial Evaluation results.
• 6 Application withdrawals (AND, ARE, EST, CHATR, CIALIS, KSB) have been withdrawn, 7 additional withdrawals are in progress
• 0 objections have been files so far
• 169 change requests have been submitted, 29 of them were approved, 130 are in review and 10 require follow-ups
• TLD Application System (TAS) will reopen on November 26th, 2012. Applicants will have to reset their passwords.
• The first Clarifying Questions from the Geo Panel for applicants for Geographic TLDs will be issued on November 26h, 2012 via the CSC portal. Applicants will be able to respond until the end of initial evaluation.
• Other clarifying questions will be issued through TAS in January. Applicants will have four weeks to answer.
• First initial evaluation results will be released in priority order starting March 23, 2013
• Apparently it has not yet been decided that IDNs will go first.

The presentation slides have been published on the ICANN site.

As just announced by ICANN CEO Fadi Chehadé at the ICANN 45 in Toronto today, ICANN launched a first version of MyICANN.org created to aggregate, organize and personalize all of the available information from ICANN.

Explore the latest news from across the ICANN community.
Pick out what’s important to you and have it delivered directly to your Inbox.
Browse the portal to see upcoming events and subscribe to get updates on your calendar.

The organization did not set up my.icann.org (which is what I first tried when I heard about the site.

As announced by ICANN today, the new gTLD Program Director Michael Salazar has resigned. Kurt Pritz has been appointed to take on direct oversight of the entire New Generic Top-level Domain Program in an interim capacity. He will assume the responsibilities of New gTLD Program Director in addition to his responsibilities as Senior Vice President for Stakeholder Relations. Pritz will remain in the interim role until a new Program Director is appointed.

The announcement goes on to say that “He is authorized to bring the full resources available to ICANN to bear on the application evaluation process to improve customer support, applicant communications, security and reporting.” Some applicants had pointed out that it takes ICANN more than five working days to respond to questions in the new gTLD program.

Kurt Pritz will be reporting to COO, Akram Attalah, in his new role in addition to his current responsibilities for which he reports to the CEO. In the announcement, ICANN also promises the introduction of “several new tools” that will “help applicants with any issues or questions about the evaluation process“.

As per an update sent out by ICANN earlier today the California not-for-profit is now offering applicants refunds of all paid fees (about $350M USD in total) if they would like to withdraw their application prior to the publication of the list of all new TLDs that received applications. The TLD Application System (TAS) exposed some of the filenames of applications to other applicants. The board authorized refunds with a resolution during their workshop in Amsterdam on May  6th.

See the full email update from ICANN after the jump.

(more…)

While ICANN latest update on the security loophole in the TLD Application System (TAS) doesn’t really hold any new information regarding the actual fixing of the problem and the updated new gTLD timeline, ICANN has decided to release more information from the time the system was taken offline:

• 2,091 applications were either submitted or in progress, which is well beyond the budgeted 500 applications (even though of course there will be several applications for the same strings)
• 214 potential applications were registered prior to the March 29th payment cut-off, but payments have not yet been received
• Approximately USD $350 million in fees for applications for new gTLDs have been received by the not-for-profit organization

ICANN expects to complete the notification process on or before Tuesday, May 8th, 2012.

See the full updated as emailed by ICANN below.

(more…)

The ICANN public comment period for the .com Registry Agreement renewal with VeriSign ends tomorrow on Thursday April 26th at 23:59 UTC.

You can submit comments via to com-renewal@icann.org. In the second “reply” phase replies to the comments can be submitted limited to those who commented in the first phase – this phase will end on May 17th 2012.

The 14 comments submitted to date can be read on the site here.

The proposed agreement suggests to keep the .COM contract with VeriSign without opening it to competitive bidding, a process that when done with the .NET registry in 2005 resulted in lower .NET registry pricing ($5.89 per Domain Name Year). The proposed extension would allow VeriSign to increase registrations fees by 7% in four of the next six years, potentially bringing up the price from the current $7.85 to $10.29 by 2016.

In case some of you feel strongly about the anti-competitive nature of the .com renewal, you may also want to consider a submission to the US Department of Justice.

[Hat tip to George Kirikos]

After the US National Telecommunications and Information Administration (NTIA) had canceled the first RFP for a new IANA contractor because they “received no proposals that met the requirements“, the RFP was opened again for bids two days ago. ICANN had submitted a bid, which was not accepted by  NITA. The deadline for bids to the new RFP, which doesn’t seem to deviate from the previous one by much, is May 31st, 2012.

The current contract was to expire on March 31st of this year, but was extended by six months just before ICANN’s 43rd meeting.

As reported by DomainIncite, ICANN is to report on a debriefing as to why their previous bid was not accepted:

Over a month ago, at an ICANN press conference in Costa Rica, CEO Rod Beckstrom said: “We were invited to have a debriefing with [the NTIA] to learn more about this. Following that discussion we will share any information we are allowed to share.”

Verisign just released an overview of their proposed “Anti-Abuse Domain Use Policy” Under ICANN’s Registry Services Evaluation Process. The program’s chief aim is to provide a takedown mechanism of malicious websites distributing malware. In itself, not a bad thing, considering some registrars are unresponsive toward abuse or network stability issues.

However, lumped in with the conditions under which Verisign can invoke their takedown capabilities are some troubling “add ons”, as quoted below:

“The new anti-abuse policy, would be implemented though a change to the .com. ,net and .name Registry Registrar Agreements and would allow the denial, cancellation or transfer of any registration or transaction or the placement of any domain name on registry lock, hold or similar status as necessary:

(a) to protect the integrity, security and stability of the DNS;

(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental  agency, or any dispute resolution process;

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;

(d) per the terms of the registration agreement,

(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),

(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),

(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or

(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;

The main problem here is Section (b), which let’s Verisign takedown any domain that is inimical toward a government “requirement” or at the “request” of a law enforcement or other governmental or quasi-governmental agency.

What does this mean?

It means domains can be taken down without judicial process and in the absence of any overt network abuse. I refer anybody who thinks the possibility of abuse of this policy is remote to the actions of Senate Committee on Homeland Security and Governmental Affairs Chairman Joe Lieberman,  last December regarding Wikileaks – an entity which has still never been charged with any offence in any jurisdiction and which continues to operate in a perfectly legal manner. (Lieberman called on “any company or organization that is hosting Wikileaks to immediately terminate its relationship with them.” – Which sounds like a “request” to me.)

What Wikileaks did was expose bad actions of the various governments themselves, some of those – illegal. It can be assumed that governments that are acting against the interests of their constituents or committing actual crimes have a “requirement” that everybody shuts up about it. Thus any whistleblower, journalist or egregious truth-teller using a domain under .com or .net to bringing light on issues such as these could find themselves with their domain unplugged under this policy.

In the case of Wikileaks, Lieberman’s staff telephoned various web services providers and demanded that they sever ties and cease providing services.  Next time all they would have to do is call Verisign and tell them that the government “requires” them to takedown their domain. (Of course, Wikileaks is under .org, not .com or .net, but next time it may not be Wikileaks. Maybe it’ll be Zerohedge. Maybe it’ll be easyDNS. Maybe it’ll be you.)

Under the proposed rules, it’s not just the government that could initiate takedowns but even “quasi” governmental agencies. What’s a quasi-governmental agency?  It’s a government created entity that undertakes commercial activities on behalf of the government. That would mean entities like Fannie Mae and Freddie Mac or the Federal Crop Insurance Corporation could takedown any .com or .net domain based on having a “requirement” or making a “request” to do so.

Section (c) is also troublesome: providing that Verisign can takedown any domain to avoid liability to themselves. So if other avenues of removing a troublesome domain fail, you could just simply sue, or threaten to sue Versign and they can unplug the underlying domain.

Last year the US Department of Homeland Security (Immigration and Customs Enforcement) began a series of domain takedowns intended to enforce copyright violations. In one case they seized a third-level domain provider (mooo.com) which resulted in the takedown of over 84,000 unrelated and innocent websites.

Since the ICE takedowns were arbitrary and widening in scope, there became a perceived benefit to using non-US based Registrars for domain registration, as the takedowns were being implemented via court orders to those US-based registrars.

If this policy goes into effect, there are no safer jurisdictions for any .com or .net domain anywhere in the world. They all come under US government, quasi-governmental and law enforcement agency “requirements”.

The Verisign proposal concedes that:

“ Registrants may be concerned about an improper takedown of a legitimate website.  Verisign will be offering a protest procedure to support restoring a domain name to the zone. “

Which is not very comforting. What is the “protest procedure” and how long will it take? Will a contested takedown put the domain in an online or offline state while the procedure is implemented, and how long does that take?

Proposed Modifications

If this is to move forward, our recommendations are as follows:

• Section b should be stricken, and the current model that government inspired domain takedowns be requested via the Registrar of record be retained.
• In cases of court-ordered takedowns, Verisign should only intercede in the case of a non-responsive Registrar and again, under a court order.
• Section c should be stricken. Verisign already insulates itself from liability in its Agreements with Registrars and under the various Registrant Agreements already in place. This should not be a back-door method into taking down a domain.
• If a Registrar feels a false-positive takedown has occurred, there needs to be a mechanism to bring the domain back online immediately pending the outcome of a challenge or disputed takedown.

Editorial Add-on by Frank Michlick

I completely agree with the comments by Mark, but I’d like to one step further and comment on the plan to pro-actively scan the domain registration base for malware sites as highlighted in the Domain Name Wire article on the same topic. While I am not a lawyer, I think it is very dangerous grounds for a registry operator to start actively monitoring registered domain names for their content and its compliance with laws. Once a registry does this as a pro-active service, it could imply that the registry becomes liable for sites that it misses in its scans, since it should be aware of the content of the sites for the domains registered through them. I think that a registry should act as a technology provider and facilitator the registry should not be active in developing the policy that decides what is illegal and what isn’t.

In June ICANN had announced that it was bringing on board Thomas Spiller in their Brussels office as a VP for the European Region. He was supposed to start this week.

Apparently he changed his mind.

So far ICANN has not made an announcement as to who is going to take his place and according to a post on Internetnews.me, apparently the staff in Brussels has not been informed about any changes.

In the original press release, the outgoing ICANN president, Rod Beckstrom, who the had not yet announced his departure was quoted as follows: “This new position is vital for the global expansion and deepening of ICANN,” said Rod Beckstrom, President and Chief Executive Officer. “And we were lucky to find Thomas Spiller, who has a solid track record of performance and a good understanding of the complex issues affecting our community.”

ICANN has since emailed an update that Spiller will not be joining their European office any more.

[Hat tip to Stephane von Gelder, Michele Neylon]