From data challenges to rights protection reviews: inside ICANN’s Montreal meeting
- At ICANN meeting, efforts to address issues around RPMs and data access continued
- IP community urged ICANN to take more responsibility for tackling content abuses
- Trademark community urged to keep pressure on over anti-abuse efforts
Earlier this month over 2,500 members of the ICANN community gathered in Montreal to advance policy work related to the online world. Brian J Winterfeldt (principal of the Winterfeldt IP Group and president of ICANN’s Intellectual Property Constituency), Griffin Barnett (associate at the Winterfeldt IP Group) and Jennifer Gore (internet policy specialist at the Winterfeldt IP Group) were on the ground in Canada and, in this guest post, present an update on the aspects that brand owners need to know about – from efforts to access to non-public registrant information to the rights protection mechanisms review. Crucially, the authors note that there will be issues that the trademark community should maintain pressure on.
ICANN 66 was attended by was over 2,500 participants from 130 countries. During the discussion, key focuses included community-wide efforts to improve anti-abuse efforts within the Domain Name System (DNS), implement changes to domain name registration data policy and develop a unified access system for non-public registration data, complete the evaluation of new gTLD program rights protection mechanisms, and finalize policy and implementation recommendations for future rounds of new gTLDs.
Domain Name Abuse
Registries and registrars are contractually required to address and mitigate various forms of DNS abuse. Prior to ICANN 66, a group of registries and registrars published a Framework to Address Domain Name System Abuse focusing on five key areas of abuse, namely: malware, botnets, pharming, phishing, and spam. The framework also identifies several forms of website content abuse that the signatories to the framework would find actionable, namely child sexual abuse materials (CSAM), illegal distribution of opioids, human trafficking, and credible incitements of violence.
An ongoing debate continued throughout ICANN 66 over the precise definition of ‘DNS abuse’ and what forms of abuse fall within the scope of ICANN’s mission and registry and registrar contractual obligations. Many stakeholders continue to argue that ICANN and contracted parties should only be responsible for addressing technical forms of abuse, but should not address any content-related abuse. On the other hand, the intellectual property and business communities continue to argue that ICANN and contracted parties should take greater responsibility for addressing content related abuses, given that most forms of domain name abuse ultimately rely on either websites or email services to effectuate the harm (eg, counterfeiting or phishing).
The community also highlighted the numerous definitions for abuse that have been developed by various ICANN groups over the years, and agreed on the need to formulate a single consolidated ICANN-wide definition. Another area of common agreement was the need for the ICANN contractual compliance department to significantly enhance its efforts to ensure compliance by recalcitrant registries and registrars who fail to meet even the most basic anti-abuse requirements under existing ICANN contracts.
Finally, discussions continued regarding the need to develop additional contractual requirements to enhance anti-abuse efforts by registries and registrars, for instance as part of the development of an updated base new gTLD registry agreement for future new gTLD rounds. While brand owners generally favor such additional measures, there is, unsurprisingly, strong resistance from contracted parties.
Domain Name Registration Data Access
Phase 2 of the Expedited Policy Development Process (EPDP) is focused on the creation of a policy for a system of standardised access/disclosure (SSAD) of non-public registration data by third parties with a legitimate interest in obtaining such data.
The Phase 2 Working Group initially focused on the creation of ‘use cases’ for third party access, including for intellectual property enforcement and related legal claims, cybersecurity, and law enforcement. The EPDP has reviewed these scenarios to identify universal ‘building blocks’ for the SSAD policy. These building blocks include elements like accreditation for legitimate users and certain safeguards for all SSAD users to ensure that disclosed non-public data is protected from further inappropriate dissemination or use beyond the stated legitimate purpose associated with a disclosure request. During ICANN 66, the Phase 2 Working Group also made some additional progress in reaching a conclusion on whether to draw a distinction between data of legal versus natural persons and the redaction of the registrant city field from public registration data, as well as refining SSAD building blocks concerning accreditation of requestors, content of requests, response requirements, query policy, acceptable use policy, automation, logging, and financial considerations (ie, a possible cost recovery model for operating the SSAD).
The Phase 2 initial report was originally expected to be published by mid December 2019, although the timeline may be delayed in light of a recent communication by the ICANN Org ‘Strawberry Team’ which is working in parallel to EPDP Phase 2 to resolve some outstanding questions concerning development of RDS policy and the access model. Some key items that have yet to be addressed, where the EPDP Working Group and the ICANN Org are seeking further guidance from the European Data Protection Board, include:
- What entity(s) is considered the data controller (eg, ICANN, registries, registrars or all)?
- Can access to non-public data be automated for accredited requestors, or is only a manual disclosure process permissible?
- Which of the third-party purposes for access to non-public data must be specifically enumerated, and can the disclosure system accommodate any unenumerated but potentially legitimate purposes?
Rights Protection Mechanism (RPM) Review
During ICANN 66, the Rights Protection Mechanism (RPM) Working Group focused primarily on finalising recommendations and conclusions from the three URS sub teams that completed their work in September 2018. Many of these recommendations related to ensuring appropriate operations by URS providers to comply with updated domain name registration data policy that, in certain cases, conflicts with existing URS requirements. For instance, the URS formally requires that all URS complaints identify the registrant name and physical address – information that is no longer generally published in public WHOIS records. URS providers have already adapted to this change by accepting ‘doe complaints’ using whatever WHOIS data remains publicly available in connection with the subject domain name(s).
The Working Group also confirmed its agreement to recommend that the RPM Review Implementation Review Team develop a uniform set of guidance for all URS providers to promulgate to their examiners defining an appropriate level of rationale to be included in all URS decisions (without delving into the substance of the rationale, which would be left to the examiner on a case by case basis). This will ensure that all URS decisions include sufficient support for any suspension order or any decision not to suspend a domain name, which could then be challenged on appeal for any potential flaw in examiner rationale.
In addition to these discussions to finalise URS sub team recommendations, the Working Group also spent a considerable portion of its meetings at ICANN 66 debating whether and how to evaluate all the individual proposals received for revisions to the URS for possible inclusion in the Working Group’s initial report. Some Working Group members favored simply publishing all 31 individual proposals in the initial report, without further assessing the overall level of support for the proposal within the group. Others, however, favored performing some level of further review to try and eliminate certain proposals from publication based on a lack of adequate support within the Working Group.
Ultimately, it was agreed to perform some further evaluation, in the hopes of quickly identifying proposals with almost no support beyond the individual proponent and excluding those from publication, while confirming publication of any individual proposals with some low threshold of further support. This process should hopefully weed out certain extreme proposals, such as eliminating the URS altogether, which would be highly unlikely to garner any kind of Working Group consensus to proceed as a final recommendation.
New gTLD Subsequent Procedures
Leading up to and during ICANN 66, the New gTLD Subsequent Procedures (sub pro) Working Group identified the following issues for possible further public comment before the group can finish its final report:
- Predictability: fine-tune the framework of the Standing Predictability Implementation Review Team (SPIRT)
- Future TLD Offerings: additional work is needed to identify the threshold requirements for the commencement of the next and future rounds of additional new gTLDs
- Accreditation: Registry Service Providers (RSPs) need to address and eliminate ambiguity regarding pre-approval versus testing requirements
- Closed Generics: consensus remains unclear regarding whether the working group will recommend permanently prohibiting closed generic gTLDs, or to allow closed generic gTLDs in certain circumstances
- String Contention Auctions of Last Resort: further refinements are needed to finalize proposed auctions of last resort to resolve string contention sets
The GAC also issued advice that no additional new gTLD rounds should begin until ICANN implements certain prerequisite recommendations made by the Competition, Consumer Choice, and Consumer Trust (CCT) Review Team aimed at ensuring more effective anti-abuse measures in the gTLD ecosystem.
Following ICANN 66, the Sub Pro Working Group believes it remains on track to publish a pre-final report for public comment on these outstanding issues by the end of Q1 2020, with an eye toward completing its final report by the end of Q2.
Although policy making at ICANN continues to maintain a deliberate pace, several key efforts appear to poised for important milestones in the months ahead. Prior to the next ICANN 67 meeting to be held in Cancun, Mexico in March 2020, we anticipate the publication of the RPM review phase 1 initial report for public comment, as well as a further public comment period for certain issues needed to complete the Sub Pro final report. We also anticipate additional progress in the development of a standardized system for disclosure of non-public domain name registration data, which is critical for brand owners.
It will also be important to maintain pressure on ICANN and the community to improve anti-abuse efforts through enhanced contractual compliance scrutiny and cross-stakeholder level-setting regarding anti-abuse requirements for registries and registrars.