ICA Reports on the February 6th ICANN Policy Forum Held in Washington, D.C.

Philip CorwinBlog

On Friday, February 6, 2009 an all-day ICANN Policy Forum was held at the headquarters of the U.S. Chamber of Commerce, an imposing 1920s Indiana limestone structure located directly across Lafayette Park from the White House. The event reflects the growing Washington interest in the workings of ICANN as the September 2009 termination date of the current JPA approaches, as well as the substantial concern of the U.S. and international business communities regarding the potential risks and costs of  a rapid expansion of the gTLD space. Approximately 75 individuals, including ICANN staff, were in attendance.

The ICA was invited to participate in the event and is pleased to provide this report to its members and other interested parties.

The main takeaways from the day were:
•    The rollout of the initial application period for new gTLDs will be delayed until at least the last quarter of 2009.
•    Brand owners and other industry participants have significant concerns that new gTLDs will result in increased IP infringement and security problems, but also see some benefits from the ability to own and operate new gTLDs.
•    Some brand owners want to use the new gTLD process to establish a global brand registry that has the potential to expand trademark rights beyond the bounds of current law, and to replace the UDRP to a significant extent with a new notice and takedown procedure for allegedly abusive domains while imposing a “loser pays” rule on those disputes still subject to the UDRP. Any steps taken for new gTLDs could well be imposed retroactively on incumbent gTLDs including .com. While the ICA opposes cybersquatting and trademark infringement it believes that ICANN-provided brand protections should be of existing legal rights and not expand beyond them; and it is concerned that a notice and takedown regime, while possibly appropriate for websites engaged in criminal activity, could well deprive domainers of due process rights in other instances.

The morning session (see full event schedule at the end of this report) was essentially “ICANN 101”, providing attendees who do not accompany ICANN on its annual world tours with the basics of the organization’s structure, its current top issues, the approaching reorganization of its GNSO policymaking body, its contractual relationships with registries and registrars, and its upcoming meeting in Mexico City. The ICA will be attending that meeting, as we monitor and participate in all ICANN meetings on behalf of our members in our official capacity as an International Member of its Business Constituency.

Of particular interest during the morning session was the contractual compliance session led by ICANN’s new Senior Director of Compliance, David Giza. He stressed that ICANN’s new risk-based approach, incorporated in the proposed gTLD Compliance Action Plan, was “the future of ICANN” and would include background checks on applicants for new gTLDs, as well as an assessment of whether the applicant possessed the core competencies required to operate a secure and stable registry. Following him, Director Stacy Burnette revealed that ICANN staff had recently met with some of  its dispute resolution providers, and would be doing so with the remainder in early 2009, to discuss “UDRP compliance enhancements”, with a special focus on better conveyance to non-English language registrars of their compliance obligations. In addition, she said that the staff would be acting on IP interest complaints of lack of effective follow-up by some registrars in response to WHOIS requests. It was also revealed that ICANN had considerably toughened registrar enforcement during 2008, terminating 10 accreditations during the year – nearly half of the 21 total registrar terminations since ICANN’s inception a decade ago. And, of great interest to domainers, it was revealed that ICANN had undertaken a registrar deletion and auto-renewal policy audit to assess whether they were in compliance with ICANN’s Expired Domain Deletion Policy, and would be announcing its results later in February. ICANN has also undertaken a Privacy/Proxy Services Study with the aim of making it available prior to the mid-year meeting in Sydney.

In response to a question about IP interest unhappiness with the need to file multiple UDRP complaints against serial cybersquatters, Burnette noted that there is no provision in the Registrar Accreditation Agreement (RAA) requiring compliance action beyond adhering to UDRP decisions – but that staff was working with the IP Constituency to develop provisions relating to compliance with local laws. David Giza concluded the morning session with a plea that attendees “Join us on this compliance journey!”, particularly as it applied to new gTLDs.

Following lunch the main event kicked off, a three-hour discussion of the new gTLD proposal. Paul Levins, now heading up ICANN’s recently established office in Washington, explained that this outpost was established to enhance dialogue with the U.S. government and the full range of businesses and other governments located in or visiting the capital. Kurt Pritz, who heads up the gTLD project, explained that ICANN intends to summarize and analyze all comments received to date and to publish that document in February  in advance of the Mexico City meeting. He said that comments generally fell into three categories:
1.    Concerns about implementation and requests for change.
2.    Requests for explanation
3.    Overarching questions about the program – these included brand owners’ concerns about the need for defensive registrations, the possibility that new gTLDs would amplify malicious behavior such as malware and phishing, whether there was a demonstrated economic demand for new gTLDs, and the technical impact on security and stability.

He also said that ICANN would respond to these comments with a redlined version of the initial draft Guidebook as well as a series of enhanced background papers. A second draft of the Guidebook should be published in February prior to Mexico City, and a third version will be synchronized with the Sydney gathering. The overall impact of this revised schedule will be to push off the opening of the application period from this summer to the last quarter of 2009, when it is anticipated that a fourth and final version of the Guidebook will be issued.

ICANN Board Chairman Peter Dengate Thrush then introduced a panel of industry commentators after thanking the event’s organizers and ICANN staff, commenting that there will be “no rush to judgment on any of this” and that ICANN wants to ascertain the desires of “the community”.

Industry panelists then made the following observations:
•    Lynn Goodenhoff, International Hotels – The event had allayed some of their concerns, based in their seven brands operating in multiple nations. They remained concerned about the rapid timing of the gTLD rollout as well as a belief that WHOIS abuses are linked to e-crimes and abusive registrations. She recounted one fraud scheme they pursued via a UDRP complaint, targeting a ring that defrauded  Indian nationals of funds allegedly collected for visas, work papers, and processing in regard to false promises of potential employment in the UK; the fraudulent site’s WHOIS data was incomplete, hindering law enforcement efforts. They wish to see new gTLDs implemented correctly.
•    Sandra Alstars, Time Warner – Their AOL division is an accredited registrar, TW owns more than 50,000 domains, and they are active in several ICANN constituencies. While new gTLDs should be beneficial to the public interest, the current proposal is not practicable. Trademark infringement is a major concern, as is public safety, malware distribution, and Internet security – for example, CNN is often cybersquatted in order to spread false information from fake news sites.  UDRP filings cost $thousands each and result in the acquisition of a domain that TW never wanted and must maintain in perpetuity to prevent further abuse.
•    John Carlson, BITS – BITS is a technology consortium of the top 100 financial services providers. The industry is of two minds about the proposal, but has such a large stake in the outcome that it must only be done if done right. While a .bank gTLD could improve security, amplifying good behavior and improving customer confidence, it also raises major concerns of cost and risk. Right now, concerns about potential amplification of bad behavior predominate, although a minority in the industry believes that the potential benefits of .bank outweigh these risks. The single greatest concern is that new gTLDs, especially any related to financial services, be given to the right people – with bad actors carved out. A .bank gTLD would require a very high level of security, and there is no industry consensus on who could operate it in a properly security-enhancing manner. The industry’s top three priorities for a .bank gTLD are security, customer confidence, and taking the right path, and it will better engage in the ICANN  process toward these ends.
•    Steve DelBianco, NetChoice – At present new gTLDs and ccTLD IDNs are on parallel tracks. The business community is committed to the IDN rollout to enhance global e-commerce. But the ccTLD path poses problems – Google, for example, does not want to have to register at multiple Arabic ccTLDs. Meanwhile, VeriSign is working on a robust rights protection methodology to integrate existing .com websites into IDNs as they become available.  In addition, NetChoice advocates the creation of a global brand registry to accompany the opening of new gTLDs, along with limitations on domain registration fees, enhanced RAA and WHOIS enforcement, a strong requirement that proxy services reveal registrant contact data upon a showing of harm, and a “loser pays” regime for the UDRP.
•    Vicky Sheckler, RIAA – The music industry has already seen 40 billion unauthorized downloads under the present Internet regime and is fearful that new gTLDs will further enhance the opportunities for copyright piracy.
•    Mark Signorino, NAM – NAM members already spend large sums to protect their brands, while cybersquatting imposes costs exceeding $1 billion annually and phishing another $3 billion. They are concerned that new gTLDs will lead to an increase in e-crime and IP theft, and believe that the rollout should be delayed until past 2010.
•    Fred Felman, Mark Monitor – He presented a PowerPoint  and noted that their customers perceive both risks and opportunities, with some real demand for new gTLDs. The ongoing protection costs for brand owners are already immense – with the top 30 brands spending $23 million annually on enforcement, while a full program as recommended by MM would cost nearly $400 million – and new gTLDs will add to the proliferation of IP infringement as well as ID theft, pornography, malware distribution, and the sale of counterfeit hard goods. He noted that online pharmacies presented a particularly acute problem – of 3,000-plus now operating, only 2 are registered in the U.S., many send no drugs or dangerous counterfeits, and few employ any protections for customer data. He decried “brand jacking” and defined it as including parked websites monetized with PPC ads. He maintained that ninety percent of the domains registered by MM clients are defensive, and stated that the UDRP is simply too expensive to use on a large scale.

Following this, ICANN CEO Paul Twomey thanked the panelists for a “great presentation” but noted that many phishing and pharming attacks bear no relationship to the DNS. He also noted that incumbent gTLD contractual provisions, including that for .com, do not permit easy takedown of domains, “so a major challenge is to rethink that contractual framework”. In this regard, he urged brand owners to consider the damage they would incur if their domains were taken down by accident, and noted that this risk shows the need for adequate checks and balances. But he did note that new approaches developed for new gTLDs could be imposed back on incumbent gTLDs, including .com. He concluded by stating that ICANN will consider what it can do within the DNS and its contractual relationships, but that there must be a recognition that many Internet attacks do not exploit the DNS, and that going too far will inhibit innovation.  

ICANN COO Doug Brent wrapped up by emphasizing that multiple protections and safeguards must be satisfied before a new gTLD can go into the Internet’s root, and that these first level protections are far more robust than those available to prevent bad acts at the second, domain name level.

The event concluded with an opportunity for audience comments–

•    Fred Felman of Mark Monitor again argued that a notice and takedown approach for allegedly infringing or abused domains would be the best approach.
•    Jeff Newman of Neustar countered that the notice and takedown provision of the Digital Millennium Copyright Act (DMCA) work because ISPs are granted legal immunity for complying with them. Since ICANN has no authority to grant such immunity, registries and registrars would be at considerable risk of being sued for any harm resulting from an improper or unjustified takedown of a  domain.
•    I observed that the ICA has its own concerns about aspects of the new GTLD proposal detailed in an extensive comment letter filed with ICANN, focusing on the threat of differential pricing and the inordinate power given to national governments over geo-related names at the first and second level of new gTLDs. While we adamantly oppose cybersquatting and other infringement of brand owners’ legal rights, we are equally concerned that some of the proposals being advocated by brand owners would expand their “rights” beyond the bounds of the law while depriving domainers of due process. For example, a global brand registry would appear to ignore the geographic and relevant marketplace bounds of trademark law. And a notice and takedown procedure, while perhaps appropriate for websites documented to be hosting phishing scams or illegal content such as child porn, should not be a substituted for the UDRP as regards allegations of trademark infringement. The UDRP is flawed in many respects from domainers’ perspective, including a growing lack of enforcement uniformity that encourages dispute provider forum shopping, a trend toward reversing its presumptions in favor of complainants, a lack of binding precedent that results in every issue being considered de novo, and significant costs that sometimes results in the surrender of a domain subject to a weak complaint filed by a major corporate interest with deep pockets.   While the UDRP may need reform it does at least provide some reasonable due process.     

Given the fact that some domains sell in the secondary market for significant sums and that domainers therefore have a very substantial economic stake in this debate, the matter of UDRP reform  should be considered on its own merits and should not be shoehorned into the rapidly moving new gTLD process — especially since it is clear that policies adopted for new gTLDs may well be imposed back on incumbent gTLDs. In sum, the new gTLD process should focus on resolving issues at the first level of the DNS, while procedures for dealing with allegations of bad behavior at the second level should be dealt with separately and carefully.

ICANN POLICY FORUM & DIALOUE ON INTRODUCTION OF NEW GTLDS
8:30 am – 4:30 pm,
Friday, 6 February 2009
U.S. Chamber of Commerce,
1615 H Street, N.W.,Washington, D.C.


Agenda
8:30 – 9:00 a.m.   Registration and Continental Breakfast

Welcome and Meeting Kick Off
9:00 – 9:15  a.m. Welcome:

-Chris Merida, U.S. Chamber on behalf of Organizing Group
-Self introduction of Participants
-Introduction of Denise Michel, ICANN VP, Policy and Senior Staff

Morning Session:  Policy Forum
9:15 – 12:30 p.m.  Denise Michel, ICANN VP Policy and Senior Staff

Policy Overview (ICANN Staff)
A brief description of ICANN’s policy-making structure and objectives, and an introduction of Policy Staff

Review and Discussion of Selected Policy Issues (Staff; All)
•    WHOIS / WHOIS & Internationalized Domain Names (IDNs)
•    IDN ccTLDs, Fast Track
•    Transferring Domain Names Between Registrars
•    E-Crimes (upcoming workshop; issues of interest)
•    Registration Abuse Policies
•    Domain Name Tasting

Improving and Restructuring ICANN’s gTLD Policy Making Body (GNSO) – Update and Discussion
•    Overview of GNSO Council Reorganization, Improvements Initiatives (Staff)
•    Why/How to be Engaged; Discussion of Next Steps (All)

ICANN Contractual Compliance Program
•    Compliance “Business” Strategy/Objectives (Staff)
•    Recent Developments & Audit/Enforcement Efforts (including efforts related to WHOIS, WDPRS, Transfer Policy Audit) (Staff)
•    Feedback and Discussion (All)

Other Topics, as identified by Participants, to include
•    Updates on Mexico City Program
•    Importance of maintaining public forum with Board and Senior Staff as key part of program

Lunch Break  12:30 – 1:30

Afternoon Session: New gTLD Discussion
1:30 – 2:15 p.m.  Comments from Industry/Community Participants:

Moderator: Marilyn Cade
o    Lynn Goodendorf, International Hotels Chain
o    Sandra Alstars, Time Warner
o    John Carlson, BITS
o    Steve DelBianco, NetChoice
o    Vicky Sheckler, RIAA
o    Marc Anthony Signorino, NAM
o    Industry – TBD
o    Fred Felman, Mark Monitor Brands Protection

2:15-4:15 p.m. Kurt Pritz, ICANN Senior VP, Services
•    Overview of New gTLD Policy Development / Implementation Process (ICANN Staff)
•    Overview of Issues Raised in Comment to Applicant Guidebook and the Process for Responding (with a focus on business-related issues) (ICANN Staff)
•    Possible Solutions and Changes

-Process for Developing Possible Solutions and Changes
-Discussion of Time Lines


4:15 – 4:30  p.m. Wrap up comments and closing
ICANN Speaker
Host Committee Speaker

4:30 p.m. Reminder of Reception. at 1133 21st Street, NW to begin at 5 p.m.

Background Information:
•    Policy Issues – http://www.icann.org/en/topics/policy/update-jan09-en.htm
•    GNSO Improvements – http://gnso.icann.org/en/improvements/
•    Compliance – http://www.icann.org/en/compliance/newsletter/
•    New gTLDs – http://www.icann.org/en/topics/new-gtld-program.htm 

ICANN Staff:
•    Doug Brent, COO
•    Kurt Pritz, Senior VP, Services
•    Denise Michel, VP, Policy
•    Liz Gasster, Senior Policy Counselor
•    David Giza, Senior Director, Contractual Compliance
•    Rob Hoggarth, Senior Policy Director
•    Margie Milam, Senior Policy Counselor
•    Marika Konings, Policy Director