Not all are concerned by the sale said to be worth $1 billion of the .org registry. Google Chief Internet Evangelist Vint Cerf backed the transaction Tuesday. Members of Congress and many domain name interests and nonprofits have concerns about the Internet Society selling the Public Interest Registry to Ethos Capital (see 2001070053), and the private equity buyer made some commitments (see 1912230002). Cerf noted .org previously was managed by other companies. He noted they are Network Solutions, SAIC and VeriSign: Transferring that operation to ISOC to create PIR gave the society about $50 million yearly "to fund the Internet Society’s work in promoting a more accessible and secure Internet." It "limited PIR’s ability to invest in improvements to the operation of .org or even the creation of new products and services for the non-profit community," wrote Cerf, ISOC president 1992-95. Google didn't say Wednesday if it backs Cerf. Last week, Georgia Institute of Technology School of Public Policy's Milton Mueller blogged that the sale shows the registry's worth. "Rather than recoiling in horror at the number, we need to accept its value as a fact and derive policies," the professor said. "Any new owner is going to be in exactly the same position as ISOC or Ethos unless there are protections in the Registry Agreement of the sort we have asked for."
Not much about Public Interest Registry will change after its sale to Ethos Capital, the registry told ICANN in a response published Saturday. In December, ICANN queried PIR, its owner the Internet Society and buyer Ethos about the continuity of registry operations, nature of the proposed transaction, how the proposed new ownership structure would comply with the current registry agreement, and how the parties intend to keep their promises to serve the .org community (see 1912090002). PIR said its proposed change from the nonprofit "Public Interest Registry, a Pennsylvania corporation" to the for-profit "Public Interest Registry, LLC" won't amount to the creation of a new entity under law and that all of PIR's current debt, obligations and other liabilities will continue. If anything, PIR said, the transaction wouldn't jeopardize security of registry operations and "the infusion of outside resources only acts to strengthen PIR's position in the competitive marketplace." Management will remain and "continue to operate the business of PIR in a manner consistent with past practices in furtherance of the .ORG community," and back-end operations will still be served by Afilias. PIR noted many ICANN questions came from the new generic top-level domain applicants' guidebook and "do not apply to a fully functioning, legacy gTLD registry operator." PIR denied it knew ISOC was looking to sell the registry at the time the .org registry agreement was being renegotiated. The final version was posted in March, and PIR didn't know the registry was potentially for sale until July, it said. It wasn't aware until September that ISOC was considering an offer, and "was not involved in any process ISOC may have run with regards to the potential sale of the .ORG registry prior to" that time. ICANN doesn't have a timeline for making a decision about the deal, a spokesperson emailed Monday.
Interests of .org registrants, users and the public will be kept "first and foremost" in operation of the Public Interest Registry, legislators were told Tuesday. The Internet Society (ISOC), PIR and Ethos Capital, which is acquiring the registry from ISOC, responded to questions from Democratic Sens. Ron Wyden, Oregon; Richard Blumenthal, Connecticut; and Elizabeth Warren, Massachusetts; and Rep. Anna Eshoo, D-Calif., who last month sought assurances about the sale (see 1912230002). The parties have committed to anchoring PIR in a public benefit limited liability company structure before finalizing the transaction that will "enshrine the mission of PIR in the governing documents," they wrote. The certificate of formation will state PIR's commitments to devoting resources to serve a public benefit, including maintaining the registry's historical pricing practices by limiting any .org domain name increases to no more than 10 percent yearly on average. A stewardship council will have authority to "ratify strong rules protecting freedom of expression and safeguarding against censorship," concerns raised by nongovernmental organizations and others. PIR and Ethos are working with Article 19, a group that seeks to further the free speech and anti-discrimination provisions of the Universal Declaration of Human Rights. The parties also promised to take the safety of internet users seriously and to continue existing anti-abuse and takedown procedures. "PIR's operation of .ORG will continue as usual," they said. An Ethos spokesperson emailed Tuesday that the "reply also helps reassure any .ORG users who may have had similar questions" about prices and free speech.
ICANN and VeriSign agreed on a proposed amendment to the .com registry agreement, with comments due Feb. 14. Verisign is the registry operator of the .com top-level domain. Because of a growing domain name market, the Commerce Department concluded in an amended cooperative agreement that ICANN and Verisign would serve the public by allowing “an increase to the price for .COM registry services, up to a maximum of 7 percent in each of the final four years of each six-year period,” ICANN wrote Friday. The first six-year period began in October 2018. ICANN and Verisign also announced a proposed framework for collaborating on domain name system security, stability and resiliency, signing a binding letter of intent. These agreements fulfill 2016 commitments when the two sides previously amended the .com pact.
ICANN's withholding consent to the sale of Public Interest Registry would likely be "reasonable" absent concessions from the buyer, Ethos Capital, said Wayne State University law professor Jonathan Weinberg (see 1912230002).
Walmart warned fraud’s “especially prevalent during the holidays.” Consumers lose more than $1 billion yearly, blogged Chris Burgess, senior director-financial services, Thursday. His consumer advice: don’t trust caller ID or email names; don’t provide personal information; be suspicious of schemes such as requests for payment via money transfers or gift cards; protect digital information; look for the “https” on an e-commerce site and verify the URL is spelled correctly; change passwords; and use a secured wireless connection.
The Internet Society sold the Public Interest Registry to investment firm Ethos Capital, the organizations said Wednesday. ISOC set up PIR to run the .org top-level domain, and the transaction will benefit them both by ensuring PIR's long-term financial security and providing more diversified funding "to support the Internet Society's vision that the Internet is for everyone." Several initiatives will promote the .org community, including a stewardship council to uphold PIR's core values and expansion of a program that awards .org prizes for touting the success and positive impact of nonprofit organizations, they said.
ICANN must ensure that its temporary Whois rules effectively allow reasonable access to nonpublic personal registration data while it tries to comply with the EU general data protection regulation (GDPR), speakers said Tuesday at ICANN's Saturday-Thursday meeting in Montreal. The problem is that, while the first phase of the expedited policy development process (EPDP) developed the temporary specification under which ICANN now operates, there's still no conclusion to the phase 2 work, which involves creating a new model to allow legitimate parties to access nonpublic registrants' data, said Laureen Kapin, FTC counsel-international consumer protection, at a Governmental Advisory Committee meeting. On Monday, EPDP group chair Janis Karklins said his top priority is to find a standardized system of access and disclosure (SSAD) for such data. A draft paper on a hypothetical SSAD model was sent to the European Data Protection Board Oct. 25, said ICANN Government and International Governmental Organizations Engagement Senior Director Elena Plexida. The model proposes a centralized access system to decide whether personal data should be disclosed, but it's not clear whether this idea will fly under the GDPR. The EPDP group is moving toward drafting an initial report that, in the "optimistic scenario," could be published in early December and finalized in May, Karklins said. If that timeline is delayed, the final report might not emerge until June, he said. The question is how to make the policy reality, Kapin said: There's "real concern" among governments that despite the existence of the temporary policy, law enforcement agencies, intellectual property owners, cybersecurity researchers and other stakeholders are having trouble accessing Whois data. Many who no longer see the data in Whois either don't know they can ask for it or are unsure how to do so, she said. Governments should recommend that ICANN do a better job of ensuring that its existing policy is working properly, she said. Another policy in the works is new procedures for subsequent new generic top-level domains. ICANN is reviewing the 2012 round of gTLDs to determine if changes to the procedures are needed, said Jeff Neuman, co-chair of the Generic Names Supporting Organization policy development working group. The panel is preparing draft recommendations for a final report expected to go to the GNSO Council by the end of Q1 2020 and to the board by late Q2, he said. Directors are likely to commission another applicants' guidebook for the next round, with new gTLDs possible by late 2021 or early 2022.
The National Institute of Standards and Technology sought comment by Nov. 15 on a revised draft of Federal Information Security Modernization Act-mandated guidance for technologies that improve security and robustness of interdomain traffic exchange. NIST recommends resource public key infrastructure, border gateway protocol origin validation, and prefix filtering. The agency recommends preventing IP address spoofing using source address validation with access control lists, and unicast reverse path forwarding to prevent and mitigate distributed denial-of-service attacks. NIST recommends remotely triggered black hole filtering, flow specification, and response rate limiting.
ICANN has generally adopted earlier recommended changes to its Whois system, but more are needed, said its registration directory service-Whois2 (RDS-Whois2) review team Tuesday in a final report. Assessment of the system for collecting data on domain name registrants is required by ICANN's contract with the U.S. Department of Commerce and under its bylaws. A second review examined whether recommendations in the 2010-12 assessment were met. It found eight of the 16 were fully implemented, seven partly implemented and one not put in place. The report made 22 new recommendations on which ICANN is seeking input. The review team "specifically did not focus on ICANN's actions" in response to the EU general data protection regulation (GDPR) because the actions are ongoing, it said. The panel "recognized the issue is of significant importance and that it would probably impact several policies related to registrant data." Recommendations included: (1) Ensuring that RDS/Whois is given strategic priority by creating a mechanism to monitor possible impacts on it from legislative and policy developments worldwide. (2) Updating all information on RDS and any other information about registration of second-level generic top-level domains, and making the content readily accessible and understandable. (3) Ensuring ICANN's contractual compliance department is adequately resourced to deal with increased workload and any additional responsibilities due to compliance with the GDPR or other rules. The board must act on the final recommendations by March 3. Comments are due Nov. 25.