ICANN will hold the group's ICANN70 meeting virtually "due to the continuing impact" of COVID-19, the organization announced. It was to have been in Cancun, Mexico. The dates were changed to March 22-25, the group said Thursday of what will be its fourth such digital-only event during the pandemic. See here for more details. ICANN70 was previously scheduled for March 20-25, a spokesperson said Friday.
ICANN's meeting was in Hamburg; Phase 1 of the expedited Whois policy development process resulted in a new policy for generic top-level domain registration data; and the Governmental Advisory Committee wants ICANN to require registrars and registries make public data of legal persons, which they now could redact (see 2010210001).
ICANN efforts to align domain name registration rules with EU privacy law continue but no board action is expected at the Oct. 19-22 virtual meeting in Hamburg, Germany, said gTLD Process and Integration Manager Steve Chan Thursday. The expedited policy development process team working on a temporary spec for generic top-level domain name registration data compliant with the EU general data protection regulation published its final report Aug. 10. It recommends a standardized system for granting access to and disclosure of nonpublic gTLD registration data. Chan couldn't predict when directors might consider the recommendations, which first need approval by the Generic Names Supporting Organization Council followed by another public consultation. It's unresolved whether the rules should apply to legal and natural persons and questions about data accuracy, he said at a policy update webinar. GDPR compliance remains a high priority for the Governmental Advisory Committee, said ICANN Senior Policy Director Rob Hoggarth. In August, GAC published a minority statement on completion of the second phase of the Whois policy development process. It said the proposed regime for access to nonpublic registration data is fragmented; doesn't include enforceable standards to review disclosure decisions; and doesn't adequately address consumer protection and trust concerns. A minority of the Stability and Security Advisory Committee also opposed (SAC112) the recommendations, saying the process didn't provide results that "are reasonably suitable for security and stability." An Oct. 21 session at the ICANN meeting will address the impact of Whois changes under GDPR on end users and public safety.
ICANN extended virtual meetings until Dec. 31, President Goran Marby said Tuesday evening. Business travel will remain suspended and staff will continue to work from home. ICANN will reassess the situation regularly and advise if there are changes to the guidance. ICANN also posted the Oct. 5-8 prep week schedule for its Oct. 19-22 annual general meeting.
Africa needs a unified policy approach to its domain name market, speakers said Monday at an ICANN virtual forum on the African domain name system. Among other problems are widely divergent charges for domain names, ranging $3-$500 across the continent, said Moctar Yedaly, African Union Commission information society division head. The COVID-19 pandemic offers lessons for the African continent, said South Africa Central Registry CEO Lucky Masilela. In addition to harmonizing domain prices, the sector must address issues of trust and security, he said. Africa is a youthful continent, and younger people must be empowered to have their own internet identities, he said. Business barrier issues are hampering DNS markets, said Ghana Dot Com Chairman and former ICANN board member Nii Quaynor. The DNS is a public good that exists only because people are willing to use its identifiers, he said: The DNS community must manage it responsibly to ensure the internet is stable, inclusive and accessible globally. Governments should foster a friendly policy environment to allow trust, and refrain from getting into managing top-level domains, he said. As Africa migrates business to the local internet, governments must address governance through more bottom-up, multistakeholder processes, Quaynor said. They must lower business barriers through such things as a continental free trade area, and should commit to using their own country-code domains, he said. It's in every administration's best interest to safeguard the DNS, said South Africa Domain Name Authority Chairperson Palesa Legoze, whose organization manages the .za ccTLD. Countries' whose country-code top-level domains (ccTLD)s have few registrants should look at the pricing and quality of service offered, she said. Governments can fund ccTLD managers until they're viable and have the volume of domain name registrations needed, she said. Nigeria has over 200 million people and not many domain names, but it's working to correct that through offering flexible policies and pricing, encouraging the hosting of local content and creating good content, said Nigeria Internet Registration Association Executive Secretary Edith Udeagu. Foreign domain names are viewed as better than local, so her organization tries to encourage enterprises to use .ng names and websites rather than just social media platforms, and tries to spur websites that host local content, she said. Quaynor warned against nationalism. A business that serves a particular area will want a domain that shows that, but Africa-wide companies should choose, for example, .africa or .com. Legoze urged Africans to coalesce on DNS policies, to "come together and speak with one voice."
General data protection regulation compliance and domain name system abuse remain top priorities for ICANN's Governmental Advisory Committee, it said after last week's virtual meeting in Kuala Lumpur, Malaysia (see 2006220002). It asked ICANN to prod the Generic Names Supporting Organization about progress on a plan to address unresolved issues in setting up a standardized system for requesting access to nonpublic Whois registration data. Governments want access to Whois data maintained "to the fullest extent possible," which means ICANN should make a clear distinction between legal and natural persons, and allow public access to registration data of the former, which isn't subject to the GDPR, they said. GAC backs ensuring data accuracy, another requirement under the ICANN temporary specification for complying with the GDPR. On DNS abuse, GAC members urged ICANN to prioritize capacity-building and training but said new efforts to tackle the problem "should not replace, but rather complement, existing initiatives" to boost accuracy of registration data and to adopt policies on privacy and proxy services. Governments are focused on policy relating to the next round of new generic top-level domain names, the statement said.
The ICANN69 annual general meeting, scheduled for Oct. 17-22, will be held virtually instead of in person in Hamburg, Germany, ICANN announced Thursday. ICANN67 and ICANN68 were also held virtually because of COVID-19.
Facebook filed a lawsuit in Virginia against 12 fraudulent domain names registered by India-based proxy service Compsys Domain Solutions, it said Monday. The domains, such as facebook-verify-inc.com and videocall-whatsapp.com, were allegedly used to deceive people by impersonating Facebook apps. Facebook said that to protect users from phishing, credential theft and other methods of online fraud, it regularly scans the internet for domain names and apps that infringe its trademarks. Compsys doesn't appear to have a website and couldn't be reached.
DOD must improve its IPv6 transition plans, the GAO said Monday. The Pentagon began the planning process in 2017 but "has yet to clearly define the magnitude of work involved, the level of resources required, and the extent or nature of cybersecurity risks if vulnerabilities aren’t proactively managed," GAO said. Defense Secretary Mark Esper should direct the DOD chief information officer "to complete a department-wide inventory of existing IP-compliant devices and technologies to help with planning efforts and requirements development for the transition to IPv6," the report said. The auditor recommended the CIO "develop a cost estimate" for the transition and "develop a risk analysis" for it. DOD "agreed with our recommendations to develop a cost estimate and risk analysis" but "did not agree with our recommendation to complete a department-wide inventory of existing IP-compliant devices and technologies," GAO said. The department "referred to the draft IPv6 guidance that OMB developed in March 2020, stating that the draft guidance will rescind OMB’s fiscal year 2005 IPv6 guidance, which includes the inventory requirement. DOD also said that creating such an inventory would be impractical given the department’s size. It added that it has been mitigating the risk of not having an inventory by only acquiring IPv6-capable devices since December 2009."
ICANN's rejection of the Public Internet Registry deal won't affect the .org community, a PIR spokesperson emailed us. "PIR will continue to be an exemplary registry" that supports the work of the mission-driven .org community, he said. Internet Society President Andrew Sullivan said he expects PIR to continue running its registries "in an exemplary fashion and in strict conformance" with its agreements with ICANN. The domain name industry has changed in recent years, so registries need to adapt, Sullivan emailed us. ISOC, which had hoped to sell PIR to private equity firm Ethos Capital, "believed that a specialist investor would be in a better position to support" PIR's stability, but since ICANN "has refused its consent (see 2005010003) that avenue is not open to PIR." Ethos Capital didn't comment Wednesday. The registry "did not ask to be sold and it was far from fun to be constantly attacked for it, but the work we did supporting the .ORG Community in spite of it was phenomenal," blogged CEO Jon Nevett. PIR plans to expand the .org community to underserved regions in Africa, Latin and Central America and Southeast Asia, he said. Regardless of what ISOC and ICANN do, the matter highlighted the extent to which the current domain name ecosystem "depends on informal understandings of what the various actors are going to do," rather than formal commitments, said Firefox Chief Technology Officer Eric Rescorla. Many who opposed the sale expected ISOC would continue to manage .org in the public interest even though PIR's registry agreement doesn't include such an obligation. The deal's opponents and supporters seemed to have "radically different expectations" about ICANN's role, said Rescorla: "It remains to be seen whether this is an isolated incident or whether this is a sign of a deeper disconnect that will cause increasing friction."