1 January, 2022

Happy New Year! To start off 2022 we look back – and forward – at the granddaddy of Internet governance issues, domain names.

TLDs go Hippety Hop

ICANN is embroiled in a controversy about approving the transfer of a TLD (.HIPHOP) from its original owner (Uni Registry and Names) to its buyer (a company called Dot Hip Hop). ICANN has withheld approval of the transfer for a long time, which is harming the business plans of the applicant. Why? A letter from Russ Weinstein of ICANN’s Global Domains Division (GDD) sets forth ICANN’s reasons. They are…interesting.

The source of the problem is that along with the sale of the right to operate the TLD came an NFT documenting the buyer’s ownership of the same string in the Ethereum Name Service (ENS). This causes ICANN “concern” for two reasons. First, GDD’s Weinstein says “the potential operation of a suffix identical to DNS top level domains in an alternate name space may create risks to the security and stability of the TLDs in the DNS.” How, exactly? There is no interaction at the protocol level between ENS and DNS. This unsubstantiated claim raises serious issues of monopoly and exclusion, which we discuss below. The other reason cited is that ICANN registry operators are not supposed to have any intellectual property rights in a TLD string (or to put it more accurately, a registry must bow to ICANN’s property right over the string and accept its status of a licensee of ICANN).

The second concern about “ownership” of a TLD string seems to be based on ignorance. It is difficult to understand how an NFT memorializing one’s title to an ENS name creates a property right over an ICANN-administered top level domain in the DNS. On Domain Incite, Dot Hip Hop’s lawyer says the NFT is just a token symbolizing its purchase of the domain. He compared it to an oversized check handed to the winner of a contest:

“The gigantic paper check (like the NFT) is nothing more than a symbol. The winning funds are actually wired to the winner. The check is a useless piece of paper that symbolizes the fact that the person won the contest. .. That is this awful NFT. It does not give anyone access to the ENS. If the NFT is destroyed, it doesn’t matter. Any individual can put its domain name on the ENS with or without a useless NFT. Any registry can collaborate with ENS (like .xyz has been doing) with or without an NFT. So, because ICANN has no understanding about NFTs, blockchain, or ENS, its objection is to a functionless big-ass paper check.”

To make his point, Neumann went ahead and destroyed the NFT. We will see whether ICANN staff’s objection to the NFT as a property right disappears with the NFT.

More disturbing, however, is ICANN’s claim that a TLD cannot be approved because the ICANN-approved TLD is linked to ownership of a string in another name space, one that ICANN has no authority over. This seems to be massive overreach, way outside ICANN’s policy scope.

Obviously, the bigger, longer term issue here is how ICANN adjusts to the intersection of blockchains and DNS, if such an intersection ever happens. Blockchains can also be a system of unique identifiers, and issues related to interaction of the globally compatible domain naming system, for which ICANN maintains the central root, with other naming systems, such as Ethernet’s Ethernet Naming Service (ENS), will arise inevitably.

ICANN’s concern with global compatibility is important and legitimate. But it gives it inherently mixed motives. The centrality and exclusivity of the DNS root, which supports global compatibility, also makes ICANN Org the gatekeeper into the multi-billion dollar DNS market.  This gives it the power to extract fees from market entrants, and also provides it with the leverage to impose regulatory policies on the industry. If its regulations impose too many burdens on market participants (suppliers, users or both) it may motivate bypassing the system. This is a socially desirable accountability mechanism, and ICANN should not try to pre-empt it. ICANN and its community must be able to differentiate between real threats to DNS global compatibility, and threats to ICANN’s power and wealth that do not affect the public interest in DNS compatibility.

A number of blockchain firms are positioning themselves as alternate roots, replaying an old controversy over technical fragmentation of Internet naming. These efforts are likely to founder on their own inability to deliver global compatibility, as all other alternate roots have. Others, such as Ethernet Naming Service (ENS) are not trying to create an alternate root, but instead links some ENS names to DNS names, which seems to promote, not undermine, compatibility.

New policy needed

What’s being lost in the .HIPHOP acrimony is that an improved policy regarding ownership changes in TLD registries is badly needed. The current registry agreement requires ICANN’s approval for changes in ownership and only says that approval “will not be unreasonably withheld.” This provides no criteria or standards for approving or withholding approval. Ownership transfers are likely to become more common. A number of issues, such as name space evolution, competition and concentration, technical stability and the character of the owner are raised by ownership transfers. ICANN needs a better, more developed set of policies and procedures regarding ownership transfers as the DNS industry evolves. It should not be able to withhold ownership changes in order to maintain its monopoly over internet naming. And no, ICANN Org’s claim to be able to magically divine “the global public interest” is not a real  solution to this problem, it is a way of avoiding it.

The need for a better policy first became evident during the attempt to transfer ownership of the .ORG domain. Beset by political controversy, ICANN delayed and waffled and hemmed and hawed and then got politically bullied into a decision desired by the California Attorney General. While there were unique aspects about the ORG transfer (namely the change in PIR’s status as a nonprofit when its nonprofit status motivated the original delegation), ICANN was operating in a policy vacuum and allowed itself to make a decision based on its own organizational self-interest (avoiding trouble with the California AG) rather than good policy. While ICANN and the community does need to have some rules and guidance regarding the transfer of TLD registries, the whole idea that ICANN has some kind of entirely arbitrary approval authority is wrong and should be fixed.

Whois/Privacy: Will SSAD get a haircut?

Since 2018 the ICANN regime has reformed the DNS Whois service to bring it into alignment with GDPR and privacy norms. It has already redacted the publication of sensitive personal data associated with domain name registrations, such as email and home addresses. The redaction, however, naturally brought with it demands for a service to disclose the redacted data to requestors with a legal, legitimate reason to see it. This led to a huge and protracted policy development process, which eventually came up with a proposal for a Standardized System for Access and Disclosure (SSAD).

The SSAD was supposed to provide a centralized mechanism for accrediting users of the system, collecting their requests and distributing them to the domain name registrars, who would then make the disclosure decision. A few weeks ago, ICANN Org completed its “Operational Design Assessment” (ODA) of the SSAD proposal. This is where they try to figure out the feasibility and cost of implementing the working group’s policy recommendations. On December 20 the staff who did the ODA held meetings with the GNSO Council and members of the special working group that came up with the policy to release its findings.

The results of the Assessment were bad…or were they a blessing in disguise? According to ICANN, the SSAD proposal would take three to four years and US$ 20-27 million to develop. Ouch. Its ongoing costs, depending on usage levels, would be somewhere between US$ 14 million to a staggering US$ 107 million per year. The cost of accrediting and verifying users was estimated to cost between US$ 180 – $300 per user. And the cost of handling a single disclosure request is anywhere from $40 to $0.45.

It was pretty clear from the meeting that ICANN Org does not want to build the SSAD. Many people in the community think its estimates are absurdly inflated in order to justify that conclusion. They may be right, or they may not be – the more important point raised is whether the proposed system is worth the trouble and expense. There are strong reasons to believe that it is overkill.

The team that developed the proposal was operating in a state of uncertainty and contention about what the SSAD would ultimately do. Many stakeholders in the policy development group wanted the SSAD to turn into the old, open Whois, providing automatic and instant disclosure of private data on request. (We wrote about this in February 2020) The only difference would be some form of accreditation. In order to minimize the risks of a revival of the old Whois, the privacy advocates on the team pushed for careful and restrictive forms of accrediting and verifying users, and logging their requests to prevent abuse. This preemptive positioning, based on worst-case projections of how the SSAD might be abused, is largely responsible for the cost and complexity of the proposal.

However – mirabile dictu – ICANN Org seems to have finally seen the light about the relationship between personal domain name registration data and privacy law. CEO Marby repeatedly asserted that the presence or absence of an SSAD does not in any way alter the legal constraints on disclosure of private data. The ODA states, “the SSAD is expected to have little-to-no impact on the contracted parties’ ultimate disclosure (or non-disclosure) in response to a request.” These explicit acknowledgments may mark the official end of ICANN’s two decades of denial about the privacy implications of publishing Whois data.