1 ICANN Update by Mike Rodenbaugh Councilor, Generic Names S.O. Officer, Business Constituency 29 October 2007

What is ICANN? Internet Corporation for Assigned Names & Numbers

3 ICANN mission statement To coordinate, overall, the global Internet's system of unique identifiers, and to ensure stable and secure operation of the Internet's unique identifier systems. In particular, ICANN coordinates: 1.Allocation and assignment of the three sets of unique identifiers for the Internet: Domain names (forming a system called the DNS) Internet protocol (IP) addresses and autonomous system (AS) numbers Protocol port and parameter numbers 2.Operation and evolution of the DNS root name server system 3.Policy development reasonably and appropriately related to these technical functions

ICANN Org Chart

Issues Important to Businesses New Top-Level Domains (TLDs), including Internationalized Domain Names (IDNs) WHOIS information IP Rights Protection Mechanisms Domain Tasting Registrar Accreditation Agreement IPv4 … IPv6 “GNSO Reform”

6 New Top Level Domains: Projected Implementation Timeline gTLD Consensus Policy Approved – est. Q Draft RFP Posted – est. Q Final RFP Approved – est. early Q First Round Implementation: Communications & RFP launch Applications Accepted – est. early Q Successful TLD Applications Approved – est. Q1 2009

Session 27 Recommendation 2 Strings must not be confusingly similar to an existing top-level domain or a Reserved Name. Rationale: A confusingly similar string could cause technical or consumer confusion. Implementation Considerations: – A string that resembles another string is not necessarily confusingly similar. – Staff is exploring various options for implementation of this recommendation, including: The application of an algorithm that provides guidance on which TLD strings are considered to be confusingly similar Providing a capability for formal objection to be filed to an application by a third party on the grounds that the proposed gTLD is confusingly similar to an existing TLD.

Session 38 Recommendation 3 Strings must not infringe the existing legal rights of others that are recognized or enforceable under generally accepted and internationally recognized principles of law. Examples of sources of legal rights include: – The Paris Convention for the Protection of Industrial Property (in particular trademark rights) – The Universal Declaration of Human Rights (UDHR) – The International Covenant on Civil and Political Rights (ICCPR) (in particular freedom of expression rights)

Session 39 Recommendation 3 (Cont’d) Procedure: A party holding rights that it believes would be harmed may file an objection to a proposed gTLD. Key criterion: Legal rights must be recognized or enforceable under generally accepted and internationally recognized principles of law.

Session 310 Recommendation 12 Dispute resolution and challenge processes must be established prior to the start of the process. It is important that all aspects of the application process be known before applications for new gTLDs are prepared and submitted. Dispute resolution and challenge are intended to address two types of situations: 1.The filing of an objection against an application on certain specific grounds developed from the GNSO’s recommendations 2.When two or more applicants are vying for the same or confusingly similar new gTLD (“contention resolution”).

Session 311 Recommendation 12 (Cont’d) Specific grounds from the GNSO recommendations: Confusingly similar strings (Recommendation 2) Legal rights of others (Recommendation 3) Morality & public order (Recommendation 6) Community opposition (Recommendation 20) The procedures, standing and criteria for assessment need to be developed, and ICANN Staff has begun this process in consultation with outside counsel and other experts.

My Name, My Language, My Internet: IDN Test Goes Live October 15: ICANN launches global test of Internationalized Domain Names – “.test” in 11 languages… العربية 简体中文 繁體中文 Ελληνικά हिन्दी 日本語العربية 简体中文 繁體中文Ελληνικά हिन्दी 日本語 한국어 فارسی Русский ייִדיש தமிழ் 한국어 فارسیРусский ייִדיש தமிழ் Internet users around the globe can now access wiki pages with the domain name example.test in the 11 test languages -- Arabic, Persian, Chinese (simplified and traditional), Russian, Hindi, Greek, Korean, Yiddish, Japanese and Tamil. The wikis will allow Internet users to establish their own subpages with their own names in their own language -- one suggestion is: example.test/yourname.

What is WHOIS? Whois is a publicly- accessible database containing contact information of website owners. Registrant for JOE6PK.COM Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado United States Administrative Contact: Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado Technical Contact: Domains R Us 123 Main St Los Angeles, CA United States ICANN contracts require collection and public access to Whois data.

WHOIS info is vital Shows ownership information for domains Includes complete contact information Available to any Internet user Used by businesses to verify customers Used by IP and law enforcement to protect brands and prevent consumer fraud Provides accountability

Registrant for JOE6PK.COM Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado United States Administrative Contact: Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado Technical Contact: Domains R Us 123 Main St Los Angeles, CA United States What happens to Whois under the Operational Point of Contact (OPoC) Proposal? Operational Point of Contact OPoC could be anyone: Corporate IT department Domain portfolio manager Registrant Registrar Third parties and proxy services 5

WHOIS and Spam16 Can registries and registrars help mitigate automated address collection? Registries and registrars offer services to protect registrant addresses from automated collection via query-based WHOIS services – CAPTCHA – Rate limiting – Anti-scripting techniques – Other measures SSAC calls these measures Protected-WHOIS

WHOIS and Spam17 Can registries and registrars help mitigate abuses of addresses? Registries and registrars offer services to protect available addresses from display and abuses – address substitution – Spam and antivirus filtering Customer chooses to have a 3rd party listed as the registrant, other customers obtain a forwarding address SSAC calls such measures Delegated-WHOIS

WHOIS and Spam18 Comparison of Results For an address that is not published anywhere other than the WHOIS 1.Unprotected registrant addresses received significant amounts of spam. 2.Registrant addresses protected by protected-WHOIS may achieve two orders of magnitude better defense against spam. 3.Registrant addresses protected by achieve three orders of magnitude better defense against spam. 4.Registrant addresses protected by Protected-WHOIS and Delegated-WHOIS may achieve close to four orders of magnitude better defense against spam.

Next Steps: Studies GAC and BC have each requested studies of WHOIS data to determine if there is a problem, and whether ongoing market remedies are solving the problem SSAC has concluded that registrar/registry solutions can almost eliminate spam caused by WHOIS harvesting, so what is the problem with WHOIS?

IP Rights Protection Mechanisms Cybersquatting and Phishing is too quick and easy, and remedies are too expensive and slow Policy Development is needed to fix this Potential options: – Standardized Sunrise Registration Process – Faster and cheaper UDRP, with rapid DNS suspension upon default – Rapid DNS suspension upon evidence of phishing or malware (to be tested in dotAsia?) – Provisional registrations to mitigate costs of domain inventory

Domain Tasting Abuse of 5-day Add-Grace Period (AGP) to test traffic and revenue Many domains are infringing, and kept past the 5-day period Tens of millions of.com domains tasted every day = less inventory for more legitimate uses Only a few registrars engaged in massive tasting

Source: ICANN preso to APEC/OECD Workshop Competition in the Domain Name Space ICANN introduced competition to the domain name space Registrars now have a market and a business Consumers have greater choice in price and services Domain name marketplace is even driving how we search – contextually as well as topically – and the scale of sites that can be searched Total registrars = 888 and counting

Source: Verisign’s.com registry report, Apr. 2007

Next Steps: Policy Development Process – Potential Options Eliminate Add-Grace Period – require full payment before activation of a domain name Eliminate AGP, with exceptions for ‘legitimate uses’ No refund for ICANN (and/or some larger) portion of registration fee “Excess Delete Fee” – no refund if deletes in any given month exceed 10% (??) of registrations

Registrar Accreditation Agreement (RAA) Review of RAA which has been in force since May 2001, as a result of RegisterFly fiasco in early 2007 Six specific amendments are proposed, as a result of consultations between ICANN Staff and the Registrars’ Constituency – include terms under which a registrar can be sold and continue to retain its ICANN accreditation – address the responsibilities of a parent owner/manager when one or more of a "family" of registrars fails to comply with ICANN requirements – require registrars to escrow contact information for customers who register domain names using Whois privacy and Whois proxy services – augment the responsibilities placed on registrars with regard to their relationships with resellers – require operator skills training and testing for all ICANN-accredited Registrars – include additional, graduated contract enforcement tools

Inter-registrar Transfer Policy Policy Development Process to clarify four points of the RAA re denial of transfer request – Denial for non-payment – Denial for lock status – Denial for 60 days of initial registration period – Denial for 60 days after previous transfer Why a PDP for this, and not for broader RAA revisions??

GNSO “Reform” All of ICANN’s SO’s must undergo a review every three years, per bylaws There is sentiment that GNSO does not work as effectively as it should Subcommittee of ICANN Board Governance Committee has made a proposal, subsequent and different than two other expert reviews Proposal would cut Business interests (BC, IPC and ISCPC) from 1/3 voting power, to 1/5

Help!! Please join the Business Constituency! – 1500 euro/year for large enterprises – 500 euro/year for small enterprises – Active mailing list & regular teleconferences – Influencing ICANN policy development on behalf of all businesses – Particularly need Financial Institutions