Moderator: Gisella Gruber-White
September 18, 2012
8:00 am CT
Man: Folks on the phone, can you hear us all right?
Man: Testing, one, two, three.
John Berard: Yes, this is John Berard here. I can hear you.
Benedetta Rossi: Hi, this is (Benny). Yes, I - we can hear very well, thank you.
Marilyn Cade: My name is Marilyn Cade. I’m going to make one announcement and then turn it over to Chris to offer welcoming comments. After Chris is - has offered welcoming comments we’ll turn it over to Benedetta Rossi, our secretary, to do a role call.
Chris Wilson: Great, thank you, Marilyn. My name is Chris Wilson. I’m with Tech America . I’m the Vice President and Counsel for Communications, Privacy, and Internet Policy here at the association. Very happy to host the meeting here this morning. Many of you know I know worked with my predecessor if you will on this issue, (Lisle Franz). He left us in June, is off to bigger and better things.
But I’m filling very large shoes when it comes to Internet governance issues. So I am learning rapidly. I’ve done many of these things. I have a background in telecom policy so some of this is somewhat familiar, other things - other issues are not.
But I certainly am looking forward to learning from this group and other groups that are involved in the multistakeholder- in the governance process.
As many of you know, Tech America and sort of its predecessor association, (ITAA) has been very much engaged in Internet governance issues and ICANN specifically for years. It’s a tradition of ours. We’ve worked closely with groups to develop sort of a coherent if you will - or at least as clear as possible tech voice in these discussions.
And certainly the goal and the hope is to keep those dialogs going now that issues are even more hot than they were before. So very glad to be apart of this and - again, very much looking forward to learning from you. Please feel free to reach out to me if you ever need any help or assistance from Tech America ’s point of view on these issues going forward.
So very brief but thank you very much for being here.
Marilyn Cade: Thank you, Chris. My name is Marilyn Cade. I’m going to ask Benedetta to - Rossi, our secretary, to do a role call for us. And (Benny) will kick off with the focus that you have on the conference bridge since you probably know who they are. Then we will do the room, is that okay?
Benedetta Rossi: Yes, that’s perfect. So dialing in remotely today on the conference bridge we have (Brian Huseman), Katrin Ohlmer, (Dan Bart), Lynn Goodendorf, Celia Lerman, (Rebecca Hoffman), John Berard, Gabriella Schittek, and Philip Corwin.
Marilyn Cade: Thank you.
Benedetta Rossi: You’re welcome.
Marilyn Cade: Let me start in the room and I’ll start with just who’s in the room. So let me start with David Olive.
David Olive: David Olive from ICANN (unintelligible). Welcome and glad to be here.
Marilyn Cade: Thank you David. And thank you so much for coming.
Patrick Jones: Patrick Jones from the ICANN Security Team.
Margie Milam: Margie Milam from the Policy Team at ICANN.
Frederick Feldman: Frederick Feldman, (unintelligible) monitor part of (unintelligible).
(Steve Zimmer): (Steve Zimmer) with (Reed Elsevier).
(Dan Jaffey): (Dan Jaffey), Association of National Advertisers.
Bill Smith: Bill Smith, PayPal (unintelligible).
Man: (Unintelligible), the Association for Competitive Technologies.
Rob Hoggarth: Rob Hoggarth, ICANN Policy staff.
Steve DelBianco: Steve DelBianco with Net Choice and the Vice Chair for Policy Coordination and the Business Constituents.
Elisa Cooper: I’m Elisa Cooper with (Mark Monitor), now part of (unintelligible) and I’m also the CSG Liaison for the BC.
Chris Chaplow: Chris Chaplow, Vice Chair of Finance Operations for the BC.
Marilyn Cade: And John Berard mentioned his name on the phone, he is one of our two business constituency elected councilor to the GNSO Council. Our other councilor, Zahid Jamil, is not able to join us - may be joining us a bit later. We are expecting a couple of our members to arrive, they’re on the train from New York . So they’ll join us in transit.
I want to just move us very, very quickly but I’d do an overview of this morning and then turn it over to Elisa for our first presentation.
So let me explain for those of you who’ve come as guests what this meeting is for the business constituency, and thank you for coming and for participating, either remotely or in person.
We’re looking at this as an outreach and participation discussion and opportunity for us to examine some key issues that are important to business users and to also take further some decisions that the BC has already taken about some priority areas related to the new gTLD program and related to a discussion that has been coming up at ICANN that some refer to as what is the impact of the new gTLD program on the general - the generic name supporting organization.
I call it the march of the brand in terms of speaking from a business user perspective, how many companies that may not have even been aware of ICANN are coming to ICANN or are becoming aware of ICANN not because they are becoming a gTLD registry.
But because they are all of a sudden awakened to implication of what this massive change in the face of the Internet is going to mean to them and how they serve customers, that’s putting a number of new stresses on ICANN’s systems and surfaces, both in terms of new people but higher expectations.
So we’re talking about that as well in one of our segments today, it’s a point that the BC has already been making. So it’s pretty much a working session. And we do hope that you - whether you’re a member or you’re a guest will be fully interactive.
I want to introduce Elias Cooper. I asked Elisa to - try to get us all on the same page in terms of understanding what is going on in the new gTLD process - program related to numbers, facts and figures.
The BC has a mantra that we recite at every opportunity and that is facts are our friends. And you can only make informed policy if you start with facts. It’s an ongoing challenge for all of us to have facts and not base our policy recommendations on opinions. But we are trying to look at facts. Elisa?
Elisa Cooper: Thanks, Marilyn.
Chris Wilson: Just real quick - I know - make sure everyone that - I like, when I sent out an email to Tech America members I may have not included the Adobe Connect link so if any Tech America members are on the presentations are being sent through Adobe Connect room and that address is ICANN - I-C-A-N-N dot AdobeConnect.com/BUSNSCONST. Just to make sure that everyone can see the - sorry.
Marilyn Cade: No, thank you.
John Berard: Marilyn, if you just send that out to the list?
Marilyn Cade: Actually, John, I will ask (Benny) to do that for us. (Benny), can you send that out and if you have emails for any of - send it out to the list again. And if you have emails from any of the folks who are on the phone, send it out to them as well.
Elisa Cooper: All right, so, you know, before we get started let me just provide a little bit of background. I feel a little bit like I’m preaching to the choir here because I know that many of you are obviously very familiar with the numbers and the figures.
But I know that there are also some that are on the line and some that are in the room that are a little bit new to this. So I do apologize, I know for many of you this will be a little bit repetitive.
But just to lay the background, you know, basically for the last four-and-a-half years we’ve been following this very closely - the new gTLD program very closely. And (Mark Monitor) has looked closely at every version of the guidebook and we’ve submitted comments on those versions.
And I personally helped a number of (Mark Monitor)’s clients submit applications so I’m intimately familiar with the program as well as the process and the rules and the requirements.
So when we had the eventually reveal I think we were a little bit surprised at what we saw. So let’s talk a little bit about what we did see. I know - you know, there really are just two kinds of applications. There is the standard application and a community application.
But when we looked at what the applications were actually for we really felt that they kind of broke out into some different genres. There were the dot brands which now everyone is referring to them as the dot brands. There were the community based, relatively few of those. There were the geographical, also clearly delineated.
But then we also saw applications for what we call - or what I’m calling the open generics and the closed generics. So you’ve got the generic term, (unintelligible) applied for 307 of them.
But then you also have these sort of closed generics. These were instances where companies had applied for a very generic term with the intention of allowing only those registrations to be registered by the registry in essence not allowing basically wide registration, having very strict eligibility requirements.
So when the applications were finally revealed, I know you all know there were 1930 of them, which actually represented 1409 unique strings. So that’s the total number of strings that we might eventually see, although there have already been a number of withdrawals in terms of applications.
There were 1179 uncontested applications and 751 which actually represented 230 strings. So there was a lot of competing applications in there and I think I was a little surprised at just how much competition there was for some of the strings.
I was also somewhat surprised at the relatively large number of dot brand applications. This - there wasn’t really a provision in the guidebook for a dot brand. There was nothing, you know, specifically in the guidebook that laid out different rules or requirements for dot brand. Eventually we saw adopted into the guidebook, this notion of a single registrant, that kind of came later.
The interesting thing about the dot brands, there were - you know, 40% of the Fortune 100 actually ended up applying for a dot brand and that’s a pretty big number, 40%. On the flipside, you don’t need me to do the math, 60% of them didn’t. Okay, so, you know, you kind of look at it one way or the other, you know, either it - it is still a large number.
Man: Now when you say they applied for dot brand, they applied for their own name, not just some other string?
Elisa Cooper: Yes, so that 664 represents just the dot brands, that does not include applications of generic strings that were applied for by companies. So the 664 number is just a dot brand.
There were 116 IDNs applied for. I think we weren’t surprised but I think we were all - also somewhat disappointed. You know, part of the program in my opinion was to see sort of greater diversity in terms of the kind of strings and so this was a number, I think we were a little disappointed about, hoping that we would have, you know, far greater IDN opportunities.
And then in terms of the geographical distribution, I don’t think any of us were surprised that the bulk of the applications were coming from North America and Europe . Again, we were - it wasn’t surprising that we saw just 24 from the Latin America and the Caribbean or 17 from Africa , yet still disappointing.
Let me just kind of stop here, I know we want to kind of keep this - you know, conversational and see if there are any areas or questions or things that people want to discuss.
Marilyn Cade: Elisa, in the 664 - let me just pause for a minute and make sure that - Chris, can we make sure - so has (Benny) uploaded the slides?
Man: These are uploaded as far as I know, yes.
Chris Wilson: The slides are being projected, Marilyn.
Marilyn Cade: Say again?
Man: They’re being rejected he said.
Man: Projected, I’m sorry.
Marilyn Cade: Okay, I just wanted to be sure.
Man: That’s better.
Marilyn Cade: If we go back to the brands issue, were there contested - were there companies who both hold a trademark that is exactly the same that applied?
Elisa Cooper: Yes, so there were just a handful of dot brand applications where there were trademark owners with the same mark who both applied. There were just a handful of those.
Marilyn Cade: Okay.
Elisa Cooper: But, you know, it’s interesting that you mentioned that, a lot - there’s been a lot of discussion about brand owners applying for defensive reasons. And to me those were the true defensive applications, it was really just a handful of those.
The rest of them in my opinion were doing it more for competitive reasons, more out of fear about what their competitors were doing, fear out of not knowing when they may be able to be in the second round. There was concern about that, not so much that somebody would apply for the exact string because it was also their trademark.
So there were just a handful of those but there were some. And those companies, they knew exactly who they were, that they had another - that there was another brand out there that had the same mark but in a different class.
This is just another breakout. So, you know, I’ve broke it - again, there is no such thing as a dot brand application, that’s sort of my classification here. So, you know, if you were actually looking at these members, all of those dot brands are really of the standard type applications.
But I’ve broken it out to you just so you can get a sense for what the numbers look like and just how large a number that the brands actually contributed in terms of the total applications submitted.
Man: Elisa, did virtually all the brands go for their own trademark name and propose to run it closed where they would be the only registrant?
Elisa Cooper: Pretty much, pretty much. Some of them, you know, talked about having their customers or networks, you know, distributors also have registrations but I think that the account was also to keep the actual ownership of the domains in the name of the registry.
So - but it would still qualify as a single registrant TLD even though they were going to allow their different - you know, channels or divisions or subsidiaries or clients to have registration.
Now here is sort of a breakout of the dot brand applications that were made. And again, I think, you know, I wasn’t surprised to see technology as the leading sector applying, media also. The other financial insurance, if you were to combine those two, they’re broken out here on the slide, that would have been one of the leading applicants.
I think the only big surprise for me, there was sort of the relatively few number of apparel companies that applied and I was really kind of expecting to see some larger numbers there. But - you know, for the most part I think what I expected.
Man: Elisa, for European apparel, you mean clothing or production?
Elisa Cooper: Yes.
Marilyn Cade: Any questions from the conference bridge? Okay.
Elisa Cooper: So again, this is where I had some - I was surprised by some of these numbers. If you would have asked me what did I think the most popular application was going to be I would have said .web. I was surprised to see 13 applications for .app but I’m not an app...
Elisa Cooper: And I don’t use a...
Man: Not Apple.
Elisa Cooper: No, no, no, I know. But they’re a big provider of apps. I don’t - what’s that?
Man: There’s a question on the phone.
Elisa Cooper: Okay. So yes, I’m not a mobile device user so I don’t download a lot of apps so I’m not using them a lot but clearly that was the most popular with 13.
John Berard: Question on the phone, my Adobe Connect is flashing a message saying the host has left and you’re going to disconnect me in ten seconds. Is that something I should worry about?
Benedetta Rossi: Hi, John. This is Benedetta speaking. There seems to be a technical issue. It does that every once in a while and then I relog in and it fixes itself so I’m sorry about that, it’s a technical issue. So I sent - I’ve opened a ticket about that.
John Berard: Okay, good. The flashing’s stopped but I thought I was going to disappear off the Internet.
Benedetta Rossi: No, no, no. I keep reopening it so don’t worry. I’m keeping an eye out.
John Berard: Okay.
Elisa Cooper: So again, like I said, I don’t use a mobile device so I’m not downloading a lot of apps. So maybe it’s because I wasn’t - I’m not - I have a five-year-old phone so I just wasn’t thinking about that.
Also, I was surprised by an art, .art. Again, I would not have expected that to be so highly contested.
The other ones, moody music, I think I was surprised although, again, dot brand, I probably would not have expected that to be so highly sought after.
Man: It’s a good chart and .app brings to mind something you and I talked about yesterday, of 13 applicants, 11 of them proposed to open them up so that anybody who wanted childrens.app would be able to buy that domain.
But two of them, Amazon - I think (Brian)’s on the phone, (Brian Husemon) with Amazon, and also Google both proposed that they would run dot app for their own company as a single registrant TLD . Very different kinds of applications.
So those 13 are really not comparable. Two of them are very different than the other 11. And it remains to be seen whether there would be concerns about competition, exclusion, protection. If a single company who had a lot of apps ran app for only its own brand, only for its own purpose.
Elisa Cooper: Right, it’s definitely companies need to be aware of. And now in terms of the top ten applicant, we - you know, when it came to reveal the (unintelligible) had already released a press release so we knew they had those 307. But I think we were surprised by the 101 being applied for by Google and the 76 by Amazon.
We weren’t surprised about the 70 that were being applied by TLDH, or (mine's a machine). Some of the others though that were surprising to me were some of the brands applying like L’Oreal, (Rishmont), and Dish, that they had applied for the number of registries that they had applied for.
Now I want to share with you some numbers, (Mark Monitor) ran a survey of our clients. This is not long ago, probably a month or two ago, of our domain management clients. And we asked them some questions about new gTLDs.
And specifically we asked them, you know, whether or not they thought they would actually be using any new gTLD registrations, not a new gTLD that they had applied for but a registration in any one of these new gTLDs, whether they would actually use it or a core website, meaning they would be hosting content there.
And three-quarters of them did not expect to be using it. Of course, I mean this is crystal ball gazing so, you know, who knows what happens, whether .app really takes off and they start pointing content - or Internet users to that site. But this is how they feel today.
We asked them whether they thought new gTLDs would create opportunities for harm or confusion, 55% of them felt that it would. Half of them stated that their online policing efforts were going to need to increase.
And a third of them were not really sure what to do with their existing domain name portfolios, many of their domain name portfolios to be honest are - they’ve got names in there that they actually no longer need. So they’re concerned about budgeting and exactly, you know, how they’ll handle this potential flood of new registries.
Marilyn Cade: So - it’s Marilyn speaking, in 2009 (Mark Monitor) and (unintelligible) and I worked on a study that was released and it’s still, I think, very relevant because the - so what the study showed.
And by the example, large brands across five different sectors, roughly 92% of their registration portfolios - and they were in the thousands and thousands, were defensive registrations. They were not used at all.
And so different from I had a registration in a ccTLD and I use it because I’m putting Spanish language content up or I want to have a presence in an Arabic country because I’m selling services and products, different from defensive registrations by (KGT Whitlaw) or something other of that nature, which the defensive registration portfolios are filled with.
So did you guys ask about - in their - welcome, we have been joined by Ron Andruff and Scott McCormick. Did you guys ask about what percentage of the defensive...
Elisa Cooper: Yes, we actually did. I might have mentioned that to you. And I don’t recall the numbers off - you know, specifically but, you know, I think it was around 90% to 95% of the portfolio - we asked the clients how many (port) registrations we had and then we asked them how large their overall portfolio was.
And it was somewhere between in - based on that math and the bulk of the portfolios were between, like, 90% and 95%.
Man: So (unintelligible) understand more about that, (unintelligible) because often a company might acquire - I mean Bill might buy PayPal.shop. You wouldn’t have any fear that someone else could buy it. You might buy and it simply redirect to PayPal.com, a redirect.
Is that redirect - I mean redirects like that, it’s not new content. But isn’t that considered defensive? I mean is that considered using? And is it that way you asked the question?
Elisa Cooper: So for the purposes of this survey and for the purposes of the way I talk about it, when you’re redirecting - if you’re not using that domain, actively marketing with that domain, if he decides, okay, I - this is what is going to appear on our marketing materials.
This is where we’re going to direct people from - you know, online advertising and this is the string we’re going to show, if it’s not a name where you’re doing that it is simply being redirected, yes (unintelligible) more registration.
If it’s what you’re actually marketing with, what’s appearing on your collateral, what’s appearing on your business card, what - you know, then it’s a core registration. That’s how I classify it.
Bill Smith: And that’s a reasonable classification. This is Bill Smith. But what I would just briefly say is we’ve got the - I think it was Verizon we recorded at one of our meetings, one of the ICANN meetings, that they had (unintelligible) up a set of sites that they had acquired through...
Marilyn Cade: Recovery we call it.
Bill Smith: (Unintelligible) they just chose to leave them up and see what happened and they recognized that they actually were generating business from. Now - well, above the cost of maintaining it or anything. So it was - to me it would be something interesting to look at from (unintelligible) standpoint.
Man: The notion of getting traffic. By having something resolve a redirect, it’s hard for anyone to know if it’s incremental traffic if that didn’t resolve would the user have fixed their (typo)graphic error or gone to a search engine?
Man: You don’t know. But a business might choose...
Man: That’s the million dollar question.
Man: I’ll keep up (unintelligible) .com because, you know, who knows. Maybe I get people coming to it because they’ve made a mistake or what’s next to L, I can’t remember J or something.
Marilyn Cade: However - yes, however, when we did an analysis - this is Marilyn speaking. I should just tell folks, we are both being audio recorded and there will be a transcript. So do try to remember to say your name when you speak and I’ll try to say my name when I speak.
There - we did a study of 300 words with misspellings and extensions that were not related to services. And the interesting thing is when we went - and it was not a scientific study but we went and looked at all the sites, and guess what, the misspelled names typically had your competitor’s products first.
And many of them then had fraudulent sites. And then in tenth or eleventh or twelfth or one-hundred, you got back to your own site. So this whole area, I think, is very murky on, you know, what the implications are and you as a - the other thing is, you pay for the traffic, that is your advertising money.
So, you know, I think the cost of this is still not really clear. I know we’re going to move into discussions. Do you have a few more slides?
Elisa Cooper: I have just one more slide. And I would just say, Bill, absolutely. I whole heartedly agree that, you know, what I would call defensive registrations are in some cases getting some pretty decent traffic.
And I’m not saying by any means, like, that a company - I would not - look, the measure of whether or not to keep a domain in my opinion is whether or not it’s getting any traffic or how much traffic you’re getting or what’s your threshold for, you know, traffic is getting at least - you know, ten visits a month or whatever it is.
Elisa Cooper: But I agree, but just for the purposes of that study it was just - you know, are you marketing with it.
I think Jonathan had a question.
Marilyn Cade: And then David. Jonathan and then David?
Jonathan Zuck: Sure, Jonathan Zuck here for the transcript. I guess we can always find exceptions to everything and I think one of the malfunctions of ICANN is keeping everything as amorphous and fluid as possible because there’s always an exception.
I think if we’re going to really examine what the success or failure of the new gTLD program is we’re going to need to make some generalizations. And the idea that something just to redirect is no marketing around it, seems like a realistic way to at least begin the conversation. We can go back later and see if there was some byproduct or some accidental traffic.
But the underlying business models of the majority of the new gTLDs is to collect rent, you know, from brands then that’s worth trying to investigate. And I think making some generalizations (unintelligible) be accomplishing that.
Marilyn Cade: David and then Amy.
David Olive: Quick question, thank you for the statistics and the information you’re providing but can you give us an indication of the responsiveness of the people you sent the survey to? I mean was it interesting and thus you got a large response or was it just your normal average response? Any indication on that?
Elisa Cooper: It was better than average. So it was just the (Mark Monitor) client base, it was better than average response. It was better - definitely better than just sending out a survey to the general public, significantly better than that.
And just kind of as a reminder, you know, we serve only large corporations so these are just sort of Fortune 1000, Global 2000 type clients.
Man: Still good response.
Elisa Cooper: Yes, yes.
David Olive: Okay, thank you very much.
Elisa Cooper: Yes, no, my clients are...
Man: Non-US companies?
Elisa Cooper: I have just one other slide that I wanted to present because the big question we get is really what should business be doing now relative to the new gTLDs? And clearly we still have a little bit of time for companies to submit comments.
We have time yet still for formal objections to be filed, although I think the majority of the formal objections that are of interest to companies cannot actually be filed by companies. They must be filed by industry organizations that are representing the community.
You know, many of the concerns by business are really about generic applications being applied for by companies with the intention of keeping the registry really closed.
But again, in order to submit a formal objection to have standing to do that it must be done by an entity that represents the community. So a company - like a trade association. So a company for instance couldn’t be able to file that kind of objection.
Marilyn Cade: So I have a specific question. But let’s take .cloud, happens to be my favorite concern, other people are worried about .search. I’m worried about .cloud.
How would a trade association - and I’m just going to use Tech America as an example, but Tech America has a leadership role in the area of cloud through this big initiative that you did. But how would a general purpose, high tech association get standing? Could they?
Elisa Cooper: Well, this is my understanding from the guidebook. I mean you have to, one, show that there is a nexus between the organization filing the objections. So I really think it would have to be a cloud trade organization. So I don’t know if a...
Marilyn Cade: (Unintelligible).
Elisa Cooper: Yes, so that’s problematic. And...
Man: And if you just create one.
Elisa Cooper: No.
Marilyn Cade: No.
Man: If you just create one, one of the criteria is a long-standing representative of the industry. So you may not even qualify if you create a cloud. But if you did create a cloud organization, undoubtedly one of the members would be the actual company who’s proposing to run .cloud for its own purpose.
Elisa Cooper: Well, there is that issue.
Man: It’s a huge problem and the association would include the member about whom the concern is being raised.
Elisa Cooper: Yes, no, there is definitely that concern as well. But they would need to show this organization preestablished, preexisting organization have to show that this proposed registry would be of harm to that particular community that’s filing the (unintelligible).
And again, they would have to show a nexus between the name of the community and the actual string. So I think that will be tough in that situation.
Man: It’s good to clarify that between now and September 26 the associations and anyone could file an objection just like that, making the same arguments.
Elisa Cooper: Comment.
Elisa Cooper: Comment, not an - yes.
Man: And they’re free. And by virtue of the fact that they’re tagged as a community objection to the .cloud application they would be passed on to the evaluator. And would be regarded as seriously as an objection or not, how will you regard it?
Elisa Cooper: So look, we have the experts in the room so I feel kind of silly answering this. But my understanding is, you know, the evaluators are looking at the actual application. They’re not - unless there is a community evaluation I don’t know that submitting comments that are related to the community objections will really be reviewed by the examiners.
But, you know, like I said, I’ve got, like, the experts here in the room. So I would defer to them if there’s anything they want to add.
Woman: Yes, but we’re not experts. Our policy - you know, we’re in the - I’m in the policy (unintelligible) so I don’t really understand the specifics of the new gTLD program. I mean on the security side - the rest of us...
Elisa Cooper: I didn’t mean to put you on the stand.
Woman: Yes, I know.
Elisa Cooper: Okay, well...
Marilyn Cade: Maybe we could take that question though because...
Woman: We could take that question back and get an answer.
Marilyn Cade: We’ll gather some questions. (Unintelligible) had one (unintelligible) to come to Washington and we were going to have the opportunity to include him but he’s had to cancel that trip. So we’ll reward him by sending him questions.
Woman: I will be happy to shuffle those along.
Elisa Cooper: So just from my understanding of the guidebook, and I’ve read that thing many times, is that, you know, the examiners are looking at it - that the technical questions, they’re looking at the financial questions, they’re looking at the administrative requirements.
They’re not making any sort of subjective decisions about the application, it’s very objective. It’s either you can meet these requirements and you get the full points or you get partial points or you get no points.
To - I think address that issue of whether or not it’s not in the best interest - well definitely getting at that question about whether or not it’s in the interest of the community or not it’s going to have to be addressed by a community objection.
Man: And the comments that are filed, there’s been hundred of comments from Patagonia from people that consider themselves Patagonia . And they’ve checked the box, say this is the community objection, even though it’s just a comment. I understand that.
And they’re supposed to be bundled up and handed to the International Chamber of Commerce, they’re the arbitrator, the vendor who’s been selected to decide whether the community objections is really substantial.
Elisa Cooper: Well, if the community objection is filed then I believe so. And it - just to clarify and then we’ll move because I know we have a lot of stuff we want to cover today, there is a geographical review panel and so probably that Patagonia instant is going to be looked at carefully by the geographical examiner.
Because they’ll look at the application and say, that panel looks at every application and makes a judgment to say, well, is it a geographical thing or not? And so I’m sure that’s (unintelligible).
Man: And as you know, Patagonia is not on the list?
Elisa Cooper: Right, it’s not on the list.
Man: Normally they would not be able to look at it.
Elisa Cooper: So just - you know, some of the things that companies need to do because this is what we get asked quite a bit. I talked about reviewing the applications and submitting comments or objections.
A big part of what is going on and what will be happening soon is this trademark clearinghouse which we’ve all talked about ad nauseum, which, you know, is not in and of itself is a right projection mechanism but which will support sunrise periods and will support this trademark claims process.
That trademark clearinghouse is supposed to open basically a web interface in November is my understanding, that trademarks could be submitted into the clearinghouse starting in November.
Companies will definitely want to think about, you know, what trademarks will they be submitting, starting to think about collecting that information that will be required. Of course, we don’t know exactly what those fields are just yet but I assume that we’ll know that very shortly.
And we have got a pretty good idea based on previous validation periods that have occurred for other trademark - other registries in the past.
A lot of companies are thinking now about what are they going to do about their portfolios because they have become very large and they are very full of these defensive registrations and what they’re going to do in terms of budgeting going forward.
And if you take, you know, future incentives that there are probably about 700 registries where companies will have an opportunity - will be eligible to register a name, if you - you know, even consider registering one domain in each of those, it’s - the costs are pretty significant.
You know, even if it were just $20 year, you know, you’re talking about $14,000 for trademarks, that’s for one domain across 700. And that’s just for one year. So the costs very quickly can become, you know, pretty significant.
Amy Klobuchar: Can I say - I’m just asking a question about the cost because - I’m sorry, guys, I’m Amy Klobuchar from Reed Smith. You’re estimating 700 open gTLDs. You know, I’ve talked (unintelligible) letter, they’re estimating 400 open generic gTLDs.
You know, we’re trying to get our minds around and I’m wondering if (Mark Monitor)’s done analysis of really how many truly generic gTLDs are we going to worry about for purposes of calculating costs?
And also for purposes if many of these registries develop an ICM final block (list), you know, how many will we have to account for when we’re considering not just defensive registration but also preemptive block?
Elisa Cooper: I would like - definitely like to say something about the defensive block, this is my personal opinion, this is not a BC opinion. And that is, you know, for (unintelligible) I think it’s great. You know, they do end up running several hundred registries. It will be great for brand owners to be able to block, you know, one time across all, you know, 200 registries that operate.
But if it gets down to the point where, you know, the brand owners are having to defensively block in each registry during the sunrise period, to me that’s no different than a defensive registration.
Except now instead of actively getting to point your defensive registration somewhere and get the benefit of the traffic, if you even get any traffic, now it’s going to basically point to a page that says this name is (lost). That’s my personal opinion.
Bill Smith: Bill Smith with PayPal. So I would suggest we use a number like 1,000. And the reason I would use 1,000 is because we know there’s going to be another round of this. And when you do math adding zeros is much easier.
That’s my suggestion, use 1,000.
Steve DelBianco: And Amy - this is Steve DelBianco, the distinction between 400 and 700 is huge. And it’s because we don’t know, right, because things like app, book, cloud, baby, beauty, search, all of those are going to apply both as closed and open generics.
And if the vendor who wants to run them closed were to prevail at auction that’s not among your 400. It’s not among Bill’s 1,000.
If it’s closed then they honor that for as long as they honor closed, you don’t need to spend any money there. And they may not let you in if you wanted to.
Bill Smith: This is Bill Smith again. I wasn’t done. All right, as an example and we have 10,000 names. And 10,000 times a 1,000 is - what, 10 million times ten is 100 million. We aren’t going to spend that money. If you do the math there is no way to continue with the mechanisms you’re currently using.
And that’s what I see here. And I hear everybody talking about it, when we keep doing what we do. And I don’t believe we can do that going forward. And I see an opportunity here for us to merge issues with respects of rights, trademark rights, projection, and security, okay.
We in the security industry need the ability to do rapid takedown of domain names, IP addresses, etc. We’re willing to put up a - we are willing to post a box that says, with - if you grant us the ability to do a takedown and we do it wrong for the wrong reasons, we’ll pay.
I suggest that here’s an opportunity there with trademarks as well, do the same thing. You have mark holders post a bond, actually sizable but well less than $100 million, okay, to say someone registers a name, okay, that we object to and we can prove - or we think that we can prove that it rightfully belongs to us, the set bond gets takes taken down quickly.
And if there’s a process that it has to go through - it has gone through. And it turns out that name was fraudulently registered or whatever, that somebody has to pay it should be either whoever registered it, the individual or perhaps the registrars/registries.
We need to move the responsibility for some of this away from some of the people doing the harm. That’s my belief and I believe we can do this. So - you know, protecting rights and enhancing security. And we need to think about something different because the math will not work.
Marilyn Cade: I know Fred has a question. I want to come to that but I’m going to add an aspect that I don’t think we should overlook and it is - and it’s a term that we all need to begin embracing called transferring negative externalities. We are transferring costs and protection and the protection of consumers on to the brand holders.
And we can’t just assume that cost is the fee you pay for a defensive registration or a blocked state. It is also one of the key aspects of the BC’s proposal things need to be standardized and centralized. The more times you have to learn a new process the more times you will do things wrong.
And the more costs there is to the brand holder if they have to - if they have multiple and variant versions of sunrise, for instance, or for any other service. You add human resource costs as well.
So I do think it’s hard for us to project but I think Bill’s pointing out that this does not scale. This - the - doing things the way we’ve been doing it does not scale. And somehow we have to find a way of doing a more effective job of educating more effectively about this issue.
Bill Smith: Yes, I believe fundamentally we have to find a different way of doing things. Sunrises won’t work. I did the math on the XXX. When I got contacted I pushed up the line and said...
Elisa Cooper: Yes, I know. Definitely I think one of the keys up here on the slide is that, you know, for companies who’ve been policing their brands, relying on others to point out registrations that were made that were infringing or fraudulent, you know, waiting, you know, for that to come to them, there are still companies that do that. That is not going to work.
Companies are going to need to become much more proactive about policing their brands on the Internet, identifying those domains and taking action whereas in the past maybe they’ve just sort of waited or they’ve done it manually or they’ve looked for it.
Because I fully agree, defensive - companies cannot continue - and already seeing that they’re not because we - you know, for the last couple of years we’ve had these IDN , ccTLDs, and the ccTLDs continue to have their liberalizations and we’re just seeing those numbers decrease to be honest. There’s not a lot of interest in these new registry launches that continue to recur.
We’re just not seeing the kind of numbers that used to be that when there was a liberalization or a launch of a new TLD , companies just did everything. They just did everything and they did all kinds of variations, typos, misspellings, and they’re just not going to be able to keep that up. They don’t have the budget and so I think taking more of a stance on policing will be critical.
Marilyn Cade: (Unintelligible) had a question and then Patrick.
Man: Yes, I just - I mean I think the right protection mechanisms that they state - that they (unintelligible) were created for 200 to 300 extensions. And now we’re in a state where there are a lot more extensions than that.
And I think that’s probably why a lot of people are sort of standing up and raising their hands and saying, you know, there’s a problem with the right protection mechanisms as defined.
And I think, you know, Bill’s right. We do have to get together and we have to start think abut how can we rationally manage the quantity of gTLDs and how do we do that. In the meantime, I think that the point that you made earlier, which is important, is that you do have plan and you have to (unintelligible) you might want to do in the worse case.
And, you know, there’s some extensions that are truly, you know, problematic and that you will need to block. I mean if you think about your brand name in association with WTF or RIP or SUCKS, those are not brand associations that you want to be making.
And so you’re probably going to have to consider a block because I don’t even want to see my brand name next to those in any context, any way, shape, or form. And others, you know, if they fit in with your - with your plans and where you’re serving product and the category that you may have some registrations.
But I think, you know, what we’re recommending for our customers to do is to download this set of strings from the portfolio if they’re a customer and actually, you know, do a spreadsheet.
And figure out, okay based on my brand, what are the associations that you have to make or what should you register and what should you think about. And where should you fight and what’s the actual risk and what’s at stake. And that probably dictates how hard you’re going to have to fight to create new right protection mechanisms for your organization and for the community.
Patrick Jones: So I just wanted to - this is Patrick Jones from ICANN, clarify a point you made about - are your clients not seeing the domain name registration gTLDs grow from their perspective because the numbers - some of these TLDs are growing even if it’s not your brand owner clients that are registering there.
Amy Klobuchar: Yes, it’s our brand owner - it’s our registration (unintelligible).
Patrick Jones: So just this week, I think the operator of the Russian ccTLD announced that they had hit 4 million registrations.
Elisa Cooper: That is an exception. I will say - yes, the (unintelligible) definitely.
Patrick Jones: And that the operator of the .AE space is (unintelligible) 100,000, I guess the larger space in...
Man: Arabic script?
Patrick Jones: Well, that’s in there, just .AE. Their Arabic script space is also growing as well.
Marilyn Cade: But Patrick, those are new users primarily in those countries. And the bully pulpit approach that in some cases the governments are taking - and I am not being critical of this because Europe did this as well when they introduced .EU.
So it’s encouraging - so many of those registrations are not the defensive registrations that we used to also get from the corporates. They are new users or in some cases they are companies who are deciding they have to have market-facing presence.
.RU has some other interesting characteristics that I won’t elaborate on.
Patrick Jones: My point was just to clarify the (unintelligible).
Elisa Cooper: Yes, from a corporate perspective we’re just not seeing the defensive registration and in the ccIDNs with the exception of the Cyrillic RU. That was - that one was one of the first ones, I think, the launch. And that was probably a couple years ago already I'm guessing. So that one did actually get a lot of (unintelligible).
Marilyn Cade: We can take two more comments on this, let Elisa wrap up, and then we’re going - I’ll adjust our time for our next section because we want to be thorough on this. So Margie and Steve?
Margie Milam: Sure, Margie Milam with ICANN staff. One of the things that as you think about the impact on businesses is that some of these RPMs are a little in flux.
Like, for example, the uniform rapid suspension, you know, in Prague there was a session where (Kurt Prince) and his team pointed out that the cost - that we could not find a provider that was willing to do the URS for the cost that was, you know, recommended. So we’re at the point now where we’re trying to convene a smaller team to see what parts of the URS can be updated to reduce the costs.
And so I just want to at least point out to the business, you know, constituency that, you know, those are areas where you might be able to make some impact in helping to frame how that URS might be adopted - or adapted.
Marilyn Cade: And we’re going to talk about the need to adapt it later.
Steve DelBianco: Steve DelBianco, I know Fred and (Kalissa) have talked about what their advising their clients in terms of being prepared going in. But there is one variable and if you’re optimistic you might assume that these warnings, these trademark claims notices, so that somebody tried to register a PayPal support.
And they got a notice immediately that said, PayPal’s a registered trademark, you may be infringing on the trademark, we’re going to inform PayPal that you’re registering this name, do so at your own risk. This would be the first time we’ve done that in a wide scale.
This afternoon’s debate is to make sure that the notice comes back on the words, PayPal support, not just PayPal. It’s pretty useful if the only warning you get is the actual term.
So assuming we get something more than the term it self, those warning notices may put a dent - may put a dent in a number of these registrations of people perceiving this. And there are the problems for you because that’s what’s causing you and your clients to go back and recover their UDRP.
Man: I would just ask, why do you assume that that is going to be (unintelligible)?
Steve DelBianco: If we don’t do it at all today and we’re going to do it instantly at least for 60 days, in all the new TLDs they have to issue these warnings.
Man: But for - I thought for exact match. Now you’re suggesting we’ll go beyond exact match.
Steve DelBianco: The proposals that we’ll be discussing this afternoon involve more than exact match. And we can defer that discussion up to you, Marilyn.
Man: I just was wondering, you were assuming that the...
Steve DelBianco: That’s right. It’s not much good, right, but let’s be optimistic that we can get it to be expanded. And if so it might mitigate some of the preparatory costs you may have to put in.
Frederick Feldman: It’s Frederick Feldman with (Mark Monitor). The problem with the proposal that I’ve seen so far is that they are - you know, some combination of exact match in terms and when you see the permutations that are made with respect to, you know, (unintelligible), you know, quick, discounts, bargains.
You know, I can give you the permutations that you see that inexact match is the only way actually to solve this problem in terms of notification to brand holders and as defined all the proposals are actually next to (unintelligible) where our clients who actually are well-known brands.
Steve DelBianco: You be there this afternoon to talk about this?
Frederick Feldman: I will.
Marilyn Cade: Okay, guys. We’re going to move on because the purpose of this is to try to get us all on the same page in terms of understanding. And I think you want to wrap up on the...
Elisa Cooper: Yes, I’ll just take a minute. The last point is really - and that’s what we’re doing today is just becoming more familiar with what - why it’s protection mechanism. There are - and Margie mentioned, the URS is still in flux, the implementation as a trademark clearinghouse is still being discussed.
Tremendous - there’s a lot of discussion about it, tremendous amount of discussion about it by the registries and the registrars. But just be kind of familiar and I think there’s still time to communicate with ICANN.
And also to be familiar with some of the rights protection mechanisms that will be available after the fact. So once the registry is in place there are still some new policies which will be implemented that can be used in emphasis where the registry has sort of systematically registering (unintelligible) names or where a community registry is not really following their prescribed community guidelines.
There are some new policies and mechanisms for addressing those (unintelligible) things as well. So I think the last thing that we’re advising your clients to sort of be aware that there are some new rights protection mechanisms and, you know, everybody - I’ll just say this, again, this is my personal opinion, you know, we don’t have any of this stuff today at all, okay.
So ICANN has made, in my opinion - there has been a great effort to try to implement these right protection mechanisms. And it’s much more than what we have now. We don’t have any of this stuff. We don’t have a URS . We don’t have a trademark clearinghouse.
I mean in the past when we’ve had sunrise periods the brands have had to validate their marks every single time with every single registry.
So there have been some real improvements, I think, with the launch of new gTLDs. Sure, there’s still room for improvement to be made but I think we should also, you know, take into consideration that we’ve actually made some pretty major strides.
So that is what we are sort of advising our clients and with that I will turn it back over to Marilyn.
Marilyn Cade: Thanks, I want to go to the conference bridge and see if anyone wants to make any final remarks before I make a summing up comment and we move to the next agenda item. Anyone in the room, one final comment?
We will make sure that Elisa’s excellent presentation - and Elisa, thank you for doing this. I think sometimes we all think we know things but when we see them summarized in such precise, organized manner really brings things home, and particularly for new folks. I think seeing this kind of presentation has been very, very helpful.
The thing we want to do next, we’re going to move to talking about what’s up at ICANN that’s important to business. And I’ve asked two people to join us with a particular focus. We’re going to start with Patrick Jones. Let me first of all ask David - David, you’re going to have to leave us shortly, are you?
David Olive: I’ll stay a little longer.
Marilyn Cade: We’ll move on but before I do that I just want to ask David to move over to where people can see him so that I can say a couple of words about him.
David Olive comes into ICANN a couple of years ago from a distinguished career in diplomacy and then - at Fujitsu and was for many, many years the Vice Chair of Policy at (WITSA) as one of his informal leadership roles.
And he was very actively involved in (ITIA) and Tech America in the days that he was in the industry.
So we’re very fortunate that David in his role at ICANN and overseeing policy is - brings a real depth of knowledge and understanding of the concerns that the business users bring and that the high tech sector brings. He has a very expanded role beyond that but I just wanted to point him out to any of those who you don’t - who don’t know him and to make sure that you consider him a go-to person.
Margie’s a part of his team. He has a larger team that - David, would you want to say a few words about your policy team?
David Olive: Yes, thank you very much, I appreciate that. In the recent announcement by our new President, Fadi Chehade, I was, again, recognized and will be continuing as Vice President over Policy Development Support, but in part - and large part, it’s really the recognition of the policy team and the community that supports that policy development process within ICANN.
The BC’s an important part of that and other stakeholders and constituencies who are a part of that and our team supports that. It’s a recognition of that role within ICANN as a major role. And so I very much appreciate that. I happen to head at the moment but it’s your hard work and the effort of our team that makes that so.
To that extent, it’s an important work that you do here for inputting into the policy process within the GNSO as well as other comments you make for the ICANN activities. And so I thank you for that.
In terms of our team, we’re about - we’re a little short of full complement. We’re 21 members shy of about two at the moment, I’m trying to fill those positions. We’re probably one of the most geographically dispersed groups. We have a few here in Washington where I am based. We have a few in and around the Los Angeles area where the headquarters is based.
And the rest are really in Europe in various places, some link to the Brussels office and some working remotely. So to that extent we try to cover the various time zones and be closer to our stakeholder constituency people.
To that extent, it’s covering the support of the GNSO obviously, the ccNSO, and the ASO in their policy development process. And we also support the advisory committee, certain of them - of the security and stability advisory committee, the (unintelligible) server advisory committee, (RSAC) at large for example. And advise, of course, GAC and others when they ask about the policy development process.
So it’s a large portfolio. The staff covers many issues but we’re here to work with you and support you in your work as you make the policy development process work in the bottom-up consensus program we have. And we support that multistakeholderism and we support your work here. So thank you.
Marilyn Cade: And I’m - I knew David had to slip out so let me - introduce Patrick Jones. Patrick spent a number of years in the policy development process himself. And I had the great privilege of working with him very directly on the (unintelligible) names working group and a number of other settings.
And he is now part of the security team. So I’m going to let him tell you more about what he does and a couple of key issues that are particularly important.
One of the things that we sometimes don’t see enough of in the BC or elsewhere is the ability to reports that are directly digestible and easy to understand. And I do want to compliment the security team for the hard work they’re doing and also for the work you’re doing with the SAC and the way that I think it’s paying off for business. So Patrick?
Patrick Jones: Yes, just from a logistics standpoint, we - the two of us have until 11:00 . Is that correct? Let’s split our time, that way - okay. And I want to try to provide - also this is an opportunity to take questions from those that are here on the phone.
As Marilyn mentioned, we have published a variety of documents including recently - the summer we had a - between May - mid-May and last week an open comment period on a draft statement of ICANN (unintelligible) security.
And that comment period was extended several times, received quite a bit of input from a variety of components of the community. But it was really missing direct input from the business constituency and from businesses.
So I’m hoping that we can have a conversation about ways to engage - how to get the feedback on topics such as this, and also how to have an ongoing dialog so that we don’t always live from commentary to commentary, there’s actually a constant stream of communication between our team, ICANN, and the boards and stakeholders such as this meeting.
It’s unfortunate that Marilyn stepped out because I think this point she would be really interested in, September is a huge month in ICANN’s history. ICANN was formed 14 years ago this month through the first memorandum to understanding between ICANN and the US Department of Commerce.
(Unintelligible) became the affirmation of commitments three years ago this month. Now we have the brand new (IANA) contract that will take effect at the end of this month. We have a new CEO starting this month.
So September is shaping up to be a very big month for us. And the milestones like this are important for showing, like, where we started from the beginnings of ICANN throughout its history until - up to the world that we live in now. I like to use this statistic to show how much space that we operate in has changed.
So in 1996, two years before ICANN was formed, there were around 23,000 domain names in the Internet space, 23,000 total. There are no 240 million plus or minus domain names across 13 countries, 315 top level domains.
There are now more Arabic scripts TLDs in the (unintelligible) zone today that generic TLDs existed in 1996. So we have approximately 16 Arabic script TLDs that have been delegated, not all of them are quite active in the (unintelligible) zone yet but on top of that we have 32 delegated IDN ccL - gTLDs covering 22 countries and territories, another eight in the process.
And then as Elisa showed, there’s 1900 plus pending applications for the review of the new generic top level domain process. So you can see that the world we live in now is dramatically different than the world that existed in the pre-ICANN days many years ago.
But the importance for security and stability of the Internet (unintelligible) hasn’t changed, that’s been a constant from - underpinnings of why ICANN was formed to have multistakeholder, transparent, co-operative, collaborative processes to have (unintelligible) globally unique, single authoritative group zone and the unique identifiers that operate from it.
So securing security, stability, and resilience of those identifiers is core to ICANN’s mission. It’s core to what our team does. And it’s important that it does take into account the community driven multistakeholder processes that we all operate from.
So our team has an internal and external role. We have the traditional internal oversight function from risk management oversight of corporate IT, (unintelligible) of our meetings, physical security, corporate security, this traditional security function.
We also have this unique function that is very important to supporting the bigger mission of ICANN, and that’s the outward facing coordinator, collaborator, facilitator role that our team plays. In a sense we serve as a bridge between the technical community, the policy community, the legal community, the variety of stakeholders that participate in ICANN.
And our group is placed in a way where we can help digest documents or service and providing subject matter experts speakers at a variety of events and offer quite frequently to come to the business constituency and to other groups at ICANN meetings to talk about what we're doing here through the advisory committees like the SSAC or other working groups like the community driven DS security and (unintelligible) analysis working group for policy discussions around the security implications of the new TLD program.
That's sort of from a standing - a starting point what our team does and what we've been doing.
We’re also responsible for ICANN's obligations under the affirmation of commitments around security.
Just last week the board accepted the final report of the FSR Review Team that tasked the staff coming up with the implementation plan and presenting those at the ICANN meeting in Toronto .
This brings me back role and remit statements that was published in May. And now I'd really like to see if we can get that dialogue going.
How do we engage with the business community and others in a better way rather than living from common period to common period and document into document?
On an annual basis we publish our SSR framework that lays out what are our priorities and objectives for the fiscal year and security.
It touches on the larger aspects of security for the organization. So our department is just one function but there are security aspects in IANA and compliance in legal in the new TLD program and policy development.
And how can we provide greater transparency and clarity around the budgets that are associated with those things that are ICANN (unintelligible) start watching this.
It's not enough to just (unintelligible) once a year. Part of the SSRT recommendations are to have better I don't want to say metrics but a - either a dashboard or an ongoing concept look into how we’re reporting on the things that ICANN is committing to and that the community expects and gives you the information that you need but also provides us with a common feed of information rather than just working form document to document once a year.
So I want to pause there and see if there are questions.
Man: I'd like to try to respond to that. It's a good set of remarks. But the idea that paying attention to security is like paying attention to my breathing and heart rate. You mostly only notice it when it fails or changes dramatically.
And so with so many other things on our radar screen the way to get our attention when you think you need our attention is to point up something that has changed.
And security is so big into the DNA that there's no question that it's there. But if there were a change in your budgeting for how to do it next year that’s a change we ought to notice and weigh in on. It's our obligation to do that.
If there’s another change, an external change, not a budget change, an external change you know we'll notice that.
You talked earlier about the scale of the Internet and its domain names. But let's be realistic Patrick you have nothing to do with that. The domain names are registered by registries and registrars with whom you have contracts.
The number of entities with whom you manage contracts hasn't really changed in a decade right? It hasn't changed by an order of magnitude in over a decade. It’s still roughly 300. It might be as many as 350 right now.
But the quantity of entities that you interact with hasn't changed in ten years. It's about change.
And that change well it scares the hell out of us because that is a change under which the ability if you could manage so many different entities, many of them brand-new to this and many users who will be brand-new to the Internet that is the change that we tend to focus on.
There’s no doubt that it's in your room to budget adequately and I think you do a really good job at monitoring that. But it's the changes that we want to pay attention to.
Marilyn Cade: Let me apologize for having to do something which I'll explain what it was because it actually relates to security. But before I do that I want to make a slightly broader statement.
There’s several - more than a year ago, maybe a year and a half ago Scott we had a discussion -- Ron and others here will remember this -- about the importance of differentiating the BC from the IPC and not just being the shadow IPC.
And we've focused on the importance of security and stability and resiliency to business users as a key area that differentiates us.
So yes we’re very concerned about protection of brands but we look very hard at risks, and threats and fraud and abuse and risk to users, not just the risk to the trademark holder.
And I think the work that has been going on since Jeff has come in is really, really welcomed.
The other thing I was remiss and not acknowledging is that when Jeff first showed up at ICANN we were very fortunate that Patrick introduced me to him I think on his first outing.
And we've been very fortunate that Jeff and Patrick come and speak to the BC at every meeting in a very I think open and interactive dialogue.
Scott represents the business constituency on the DSSA -- sorry for those on mute you on the phone -- is particularly important working group.
And I might just ask Scott and then maybe Bill may want to say something as well about the importance of the interactions and relationships.
Because I think the DSSA report is pointing to something that we really understand. And that is there are implications at the edge by decisions that are taken at the core.
And if we engineer risk in we pay the cost in frailty and security risk.
So to me engineering risk in can be not being aware of the importance of some of these - some of this work that is going on and missing the fact that people cannot do Internet the IP and the Web providers.
So I'm talking registries and registrars. They have to be engaged in this discussion as well.
Scott do want to say a few words about that?
Scott McCormick: Scott McCormick here. Just so everybody's clear too the - there’s the GFSA working groups, just working groups as well as there is the SSR working group which Jeff Bruggeman is on in DC. And I know Patrick and Jeff have been involved with both.
The - (this) working group is primarily looking right now at the risk of - to the DNS, different risk situations, how they can be mitigated situations that may even arise in the future. And I know there's a lot of what if’s that we've tossed around and stuff like that in the working group.
So it's really hard to come down to conclusive facts of what could or will happen in the future.
So we've been looking at past situations. And not to throw anybody under the table but the recent GoDaddy situation that they thought - everyone originally thought anonymous hack was a perfect risk opportunity that we’ve put into the books and said hey is this a viable situation?
Marilyn Cade: You’re going to have to explain it to many of us who missed it somehow.
Scott McCormick: So publicly what is out there...
Marilyn Cade: Facts.
Scott McCormick: ...what was out there when GoDaddy originally taken down what last week I think it was...
Marilyn Cade: Yes.
Scott McCormick: ...was that anonymous - somebody from anonymous had come out hey we hacked them and took them down.
GoDaddy very quickly came back and said no it was their own fault. It was something with corruption in their router tables.
You know, until they publish a final report nobody's ever - and if, you know, if they do publish a final report will we ever know what actually happened there?
So it could be, you know, them protecting themselves -- who knows.
So with that being said again though, stuff like that, you know, in a very large company and it supports billions of small businesses both domestically in the US and abroad can have something like that happen, can happen to the DNS so at the group level.
So we’re looking at situations like that saying what is, you know, groups and admin flipped and put something in that shouldn't be there.
Man: Yes first how long - I missed that incident (unintelligible).
Man: It was about a week ago.
Scott McCormick: It was about a week ago and they were taken down for I think they got it up, backup within about three or four hours started to get back on.
So but again, you know, what's the loss to small businesses, any businesses that were supported by their infrastructure? So email everything was down including GoDaddy's domain.
So but the SSR is looking at - or sorry the GFSA working group is looking specifically at those threats what could be out there and so we've put together a report and I sent out to BC probably a month or so ago after the previous ICANN meeting.
In Toronto we’ll have another - should have another report out in Toronto as well. So...
Marilyn Cade: Ron and then (unintelligible).
Ron Andruff: It's Ron Andruff. Thanks for that report. But the question that comes up in my mind are you running scenarios so what if scenarios and then kind of the fix when something should happen?
I mean are you kind of some of those things in place where you can actually pull something off the shelf and put a fix in or are you just trying to - are these ready - readiness drills, preparedness drills just to understand...
Scott McCormick: So this phase...
Ron Andruff: ...what we’re talking about?
Scott McCormick: ...one report is just - so do an initial look at what's the landscape of threats and how to go about doing an assessment.
It is out for comment. It's possible that this work will be absorbed in board level working group that is active. There’s now a board level DNS risk management framework working group.
We’re currently interviewing consultants or a consultant that will then take the next step of the work that was pioneered by the (GSSA) to develop an overall risk management framework for the DNS related to ICANN as an organization.
So this will be an important data point but the other piece is getting the stakeholder group input on this phase one reporting.
It may seem like very plain and vanilla yes it looks fine, I don't see anything to add there but this is actually an important opportunity for all the stakeholders who have sent representatives like Scott from (GSSA) to either say we will (unintelligible) you or you're missing something -- really need that input.
Woman: Patrick to what degree are you dialoguing with kind of the funnel vehicles that get out to the security community?
I mean I'm talking about the chief information security officers executive networks, Mandiant, RSA , you know, the companies that have these large conferences that can put you in front of the people who can tell you in addition to the ISPs what their security problems are with the Internet structure?
Scott McCormick: Well we certainly need to do a better job of reading deeper into the business community. We’re fortunate to have Jeff Moss as our Chief Security Officer. (Unintelligible) had (Jeff) on one of the largest conferences in that space. He’s a regular speaker at RSA .
So it’s not enough to go to those places. We really need to start - needs to be more two way or multiple path from those experts.
And we did post, a CSO roundtable at the ICANN San Francisco meeting but, you know, that was two years ago.
Man: You needed to just...
Scott McCormick: My big message for coming here was that I really wanted to do a better job of engaging this community, this constituency how can we do that?
Because I see these issues as important and I'm really missing important feedback from this part of the ICANN community.
Marilyn Cade: I'm going to go to Bill because he was at that meeting. But I wanted to do this before (Chris) is here. He’s going to have to (jump) out.
We had had a conversation Jeff you and I about trying to organize a CSO exchange because the senior security folks from some of our BC members, so we happen to for AT&T it happened the guy that is active Jeff Bruggeman actually is involved and directly engaged in the security discussion.
That's not necessarily true for (Susan Calagucci) from Facebook but there are Facebook experts that Amazon I think (Brian)'s on the phone.
But, you know, maybe one of our takeaways might be the idea of being able to talk with you (Chris) because (Check America ) has great networks engaged in that space.
And Amy maybe you guys could help us as well with putting out an invitation to - from CSOs from your community and put something together with Jeff that’s special for them because we’re not going to get him for a week at a ICANN meeting but we might get him - you were at that session in yes, would you Bill?
Bill Smith: Yes sure. Bill Smith, (unintelligible). Yes in fact we PayPal were the ones who suggested that we do it. And...
Marilyn Cade: That’s one (unintelligible).
Bill Smith: So Patrick first thing I want to say is that we the business community generally I think but certainly PayPal, we know that you guys are doing great work, right?
This stuff is not easy. The one problem is so right, and you know this, this is a world of zero tolerance, right?
And when something bad happens all that good work all right, doesn't mean anything, okay, at least in that moment.
So you're hearing some stuff from us and I'm going to add it actually. But I hope it may come out in a way that we may be able to assist.
Security at ICANN is terribly confusing, okay even for those of us who have been there. And I consider myself a medium-termer now that I've been here tor two plus years.
It's just confusing. There is the S factor, right? What does it do when - especially when you come in new? I still don't know exactly what it does even though I know a lot of people love it.
DSSA great work okay. How does it relate to SSAC? There’s a board level committee. How does it relate to the DSSA and SSAC?
ICANN itself ICANN.com is what I call it, the corporate entity of ICANN not the organization you, (Jeff) all the other people in there doing security.
What's the relationship there, you know, between you and all these other things that are going on?
The SSR is perhaps the most understandable, okay? I can go to a single document. I read the affirmation of commitments. I see the paragraph about SSR. I know what that group does.
(Rest of them) I can't figure it out. This is one of the reasons we wanted to bring the CSOs...
Bill Smith: ...to San Francisco was to try and educate.
We find that if we go to the CXO level in companies, okay and say who's your registrar, your domain name registrar, no one will be able to answer you.
Marilyn Cade: They can’t answer that.
Bill Smith: They can’t answer that.
Woman: I couldn't agree with you more Bill.
Bill Smith: Okay?
Bill Smith: And that is a huge problem....
Marilyn Cade: So, so...
Bill Smith: ...okay? So, so...
Marilyn Cade: Bill wait I...
Marilyn Cade: I'm going to ask you a question.
Bill Smith: Okay but one more thing that I will be done. And on the (unintelligible). In terms of the review of the document that you have out I would love to review it, okay?
But I am one person in my company who pays attention to ICANN, the IRIRs, the IPUs, (ISR), okay? And right now my attention is focused on IPU related. It has to be because...
Marilyn Cade: They awaken.
Bill Smith: ...once every 25 years to update these regulations it could dramatically impact not only the security of the Internet but the Internet itself and the government, that's really where that group is going.
And so then I apologize for that, welcome you here, help us figure out how to make sense out of security at ICANN.
Marilyn Cade: So Patrick can I before you answer him one of the things that we are working on in our newsletter for Toronto Patrick and his team will be doing a two-page spread with that.
And I - we’ve just been figuring out what's going to go into it. And I think Bill just helped us figure out what would go into it is at least one page ought to be devoted to how the pieces fit together which I think because we because we want this to be a tool like in our newsletter where we have the org chart with who the contacts are.
This would be - so maybe Patrick we could talk further about that. Because that would be very helpful for us to have in our newsletter and also have on the Web site to explain to people how these different groups interact with each other.
Bill Smith: Well yes what they do and then what are the organizing principles around this? I seriously I see each of groups (often) independent doing stuff occasionally talking with each other.
And when I go to the meetings like the SSA then the board level meeting I come out confused, right?
I understood each of them sort of separately but then I'm confused again (like) well they actually overlap a hell of a lot.
And just why do we have two, right? None of us have enough time to devote to any one of these things let alone four or five.
Man: Your - the point is really well taken. We actually are working on information that will help make some of this clear.
It's also useful to make a distinction between the part of the core structure of ICANN SSAP which is an advisory committee support and some of these other working groups and committees that are may have short life short duration like GFSA board level working group.
Those things aren't intended to be long term functioning of the - of ICANN (unintelligible) organization.
So but those are really good points that I want to make sure that we provide information to Marilyn and exists in an easy to access place on the ICANN information tools that makes it easy for newcomers to see how we fit with the overall structure.
Man: One other thing is...
Marilyn Cade: Let me (continue) Scott's comments, (Rick)’s comments and we'll...
Bill Smith: Yes.
Marilyn Cade: ...be wrapping up.
Bill Smith: Bill Smith again. This one - yes it's going to be very pointed, okay? We can't afford incidents like the security incident within the new gTLD application process again, okay?
And not only the fact that it happened but how it was dealt with and it was called a...
Bill Smith: ...glitch for a month, okay? That's - that did not help at all. Not only - okay so there was perception problems. There was huge expense associated with that by people on the outside. Talk about externalities, negative externalities.
People had to sit around a month keeping people, mark time waiting and spending money so that they could then go and complete their application.
So that really hurt ICANN, okay and perception and it’s going to take a while to recover from that.
Marilyn Cade: So we’re quickly getting go to Fred and to Scott and then we’re going to wrap up on this on (unintelligible).
Frederick Feldman: I guess my comment is this practically a very large percentage of Fortune 1000 global 2000 companies don't actually employ security measures and the domain names some that are actually available.
So for example if people aren't using things like registry lock on their primary.com to drive, you know, hundreds of millions or billions of dollars’ worth of revenue for them.
So I would just say that, you know, there's some very basic things that people should do and they're not doing those.
So I think, you know, when you think about security with respect to, you know, the domain names that are driving, you know, a large portion of Internet commerce you should just really go to the most simple clear messages possible to companies inside the (unintelligible) infrastructure. I hope it’s still on.
Woman: I would also just echo that for DNS spec as well. There - you don't need me to tell you but very low adoption of DNS specs by corporations.
Man: So just to go back to the CSO chief initiative -- stuff like that, while Black Hat and Defcon, I go every year. You know, I'm involved with the hacking community. I do security for a living. I live and breathe the stuff.
What was very fascinating to me was the fact that, you know, Patrick - since Patrick and (Jeff) have come together as a team more people have become to realize what ICANN is and what its purpose is.
But what's even more fascinating if you go to someplace where you've got every Fortune 500 company on down at a meeting and they gave an actual course on one of the presentations was on basically the functions of the Internet, who controls what and so on.
The only three people that raised their hands in the room that knew what ICANN was Rod Beckstrom, Jeff Moss and myself.
So it gives you an idea, you know, with 1500 people in the room nobody even knew what ICANN was which is kind of hard to fathom when you realize we all need to DNS to do our work so just wanted to make that little comment.
And also talking about that kind of Black Hat, you know, I'm just going to say it -- it’s going to sound derogatory -- you have to consider the messenger given Jeff Moss's background.
And you have to consider that there is a different audience at Defcon than there is at A Mandiant, or an RSA conference or a CSO trade group...
Woman: ...because you actually need to reach, you need to reach CSO many of whom do not have an understanding of Internet governance or they’re the primary driver of Internet governance policy and implementation at their company.
So while I do appreciate, you know, Jeff Moss’s multimillion dollar empire and perhaps billion by now you do have to tailor the message to the corporate security community that is running the apps and running the infrastructure in which we’re all talking about.
Marilyn Cade: Speaking of...
Man: Can I have one follow-up please...
Marilyn Cade: Sure.
Man: ...please? So the engagement part is necessary but I don't think it's efficient to what Patrick seems to be asking. Because I sent what he can measure the number of formal comments that are posted documents that you put out and proposals and budgets that you put out.
And I got that from your early part of your remarks is that you are anxious to see a lot more written comments submitted to ICANN, a demonstration of the two-way interactive engagement.
Patrick Jones: No I don't think that's it. And I want be make sure that Margie gets the full amount of time.
But it's not about the number of comments, the quality of the engagement. And I can get - we can get as much good interaction from time and with DC at the ICANN meeting or in this type of setting as we can in a formal comment period.
We want to use all the channels available to drive that engagement. Comment form is only one. And from my perspective it's not the only way that we should (use it) to get input.
The other thing -- and this is my lead into Margie -- this year in Toronto we are going to be jointly using the traditional DNS (unintelligible) timeslot and have a very different type of channel, no PowerPoint no ten minutes per speaker, letting people no offense but drone on and on their own thing.
It's going to be moderated with a engaging group of experts. And the topic area is ICANN’s role and remit in security.
So we've invited Jeff Bruggeman as someone from the BC but also as a key member of SSRT. Jeff Moss will be on there, (Al Tumi) as ICANN’s previous CEO and also the CEO who set up the security team.
Debbie Monahan from the New Zealand Domaining Commissioners Office and said she would participate.
And we've got a couple of surprise guests that depending on their availability may come as well. So if...
Marilyn Cade: We love it. The single most important thing you can do to help us be there is worry about the time slot is allocated in.
Man: Yes. Overlapping with our meetings would be bad.
Woman: Monday after...
Man: Monday after...
Woman: ... noon .
Marilyn Cade: The high level group - the high level government group is meeting on Monday afternoon. And there is a slot where it's very possible that the, at least the chairs will be interacting.
So that doesn't mean that lots of our members can't be there. But the slot is important because people won't miss if they’re allowed to be in the room. When that high level governance thing is going on they won’t be in the room.
Patrick Jones: Web cast, lots of remote participation. Since that it will be free-flowing interactive comments from before be welcome and encouraged. And that is what - another way that we’re trying to drive that engagement on this topic. (Unintelligible).
Marilyn Cade: Excellent and I applaud the fact you're both doing it. And I want to thank Patrick for another reason.
And that is that Jeff and Patrick came and spoke to the BC. And Patrick did us the immense favor of making sure that the part of the transcript which included our dialogue was acknowledged in the comments.
So I want to thank you for doing that because we didn't get formal comments in but at least we did have a good interaction.
So we have a takeaway on this ( CSCO ) which I am going to talk to (Chris) about and come back to. We’re going to move to Margie.
Marilyn Cade: Oh yes sir?
Man: Elisa is there any way you could like contact (Mark Mallory)'s clients and find out who...
Woman: Thank you (sir).
Man: ...within your group that who deals with security...
Elisa Cooper: Yes.
Man: ...among the clients, your clients. And then because that would be a way for us...
Marilyn Cade: Right.
Man: ...who do we need (unintelligible)?
Marilyn Cade: Right.
Elisa Cooper: Our chief security office executive network is a group of the Fortune 2000. And I already have a mailing list of all the Fortune 2000 CSO groups by virtue of that group and our (breach) practice.
So, you know, it's very easy to get out to that community and get meaningful engagements. But not all the chief CSOs are going to be at Black Hat and there's just a much different audience at Black Hat than the people that you need to get at.
And just remember we’re dealing with a security issue. We’re also dealing with a national security issue.
So if we have a major screw up this is something that particularly in Washington will - there will - be an acute attention being paid to after the election.
Man: Global, not national.
Elisa Cooper: Yes no absolutely, absolutely.
Marilyn Cade: So thank you. And I think we've enlisted you and enlisted you and (Chris) to do some follow-up on that. Margie?
Margie Milam: How much time do we have? I have a fair amount. I'll probably limit it for the topics.
Marilyn Cade: Why don't you start. I think we can curtail. (Bruce) will be arriving so we can curtail the next section because I'm really just presenting the input the BC is already given so that can take me only 15 minutes.
Margie Milam: Okay.
Marilyn Cade: So I think we can give you...
Margie Milam: Okay so who's spinning the slides then?
Margie Milam: Next slide please. These are the topics I thought we could talk about. We can, you know, reduce this if these aren't topics that you're interested in.
Marilyn Cade: Okay but if we prioritize this I think the RAA has got to be a priority the Whois topic. Protection of international organizations, let's make that short.
Margie Milam: I know, actually the - considering the discussion this morning and this afternoon you'll want to hear.
Marilyn Cade: Okay.
Margie Milam: I won’t go through the whole presentation but there's a few takeaways for this group...
Marilyn Cade: Okay.
Margie Milam: ...I want you to consider.
Marilyn Cade: Then we can just selectively figure out what goes into the - right.
Margie Milam: (Unintelligible) from my slides. So let's start - the first - RAA is the first one.
As many of you may know the - there is a standard agreement that all registrars sign with ICANN to be an accredited registrar.
So it isn't a negotiated document. It's a standard form. And we’re currently in the process of updating that form.
This - with the project that was kicked off in Dakar when the board asked for a negotiation to get kicked off and asked for a two track process, one being the negotiations that are actively underway and the second being an issue report request and knowing that there are topics that may not actually get negotiated into the contracts, those issues could also be dealt with through a policy initiative.
And so the issue report is the process we use on the policy side to kick off a new issue within the GNSO. And so those are the two processes.
We've built a community wiki that has the updates for the negotiation. And since Prague what we've been trying to do is really bridge the differences between the registrars and the gap in law enforcement interest.
As many of you may know some of the key issues in the negotiations relates to a number of requests that came from the law enforcement community in order to make it easier for them to deal with cybercrime and DNS related abuse.
Since Prague we have also focused on developing the framework of a privacy and proxy accreditation program.
And that's something new that the community that your community I think would be very much interested in.
There will be a session in Toronto where we’re going to try to get input from the community on what that program might look like.
So as you think about Toronto and what, you know, how to prepare this might be something the BC would want to weigh in on, you know, the types of parameters would there be in the accreditation program.
And the way it fits into the negotiations is that essentially we have reached an agreement with the registrars that the RAA would say that if ICANN develops an accreditation program for privacy and proxy providers that they will only accept registrations from accredited privacy and proxy providers.
So that's how it kicks. And that's how it fits into the RAA. But it is a big issue for the business community because it can talk about things like reveal, relay request, who can be an accredited provider when, you know - how can law enforcement get some information.
Those are the kinds of things that the program could address. And that's why we’re going to be very interested in Toronto to hear. Bill?
Bill Smith: Yes Bill Smith, PayPal. So quick two things, the wiki hasn't been updated in three months so we...
Margie Milam: No actually it has - it’s if you’re on the homepage it was updated probably two weeks ago.
Bill Smith: Okay. I'm wrong.
Margie Milam: I'll send you a link if - are you on the homepage?
Bill Smith: I did a search and the search takes me before - to before June 2012.
Margie Milam: Yes it's...
Bill Smith: It's a top search left to ICANN RAA negotiations.
Margie Milam: Okay, okay. I'll send you a link.
Bill Smith: Just let you know.
Margie Milam: And we also there was an announcement sent to all the, I believe...
Bill Smith: Okay.
Margie Milam: ...the GNSO council (unintelligible).
Bill Smith: Oh I'm wrong I'm just saying...
Margie Milam: Okay yes.
Bill Smith: ...you might want to pay for a Google search...
Bill Smith: I made this comment in Prague . I’ll make it again hopeful perhaps that the new board structure at ICANN could actually do something about this.
I cannot understand why ICANN is negotiating with its service providers on the service terms. They should be told these are your terms. You can choose to accept them or not.
And we have been going - it's almost a year now I think on these negotiations. And now what I hear is on privacy proxy, you know, those things we’re going to put in language that is identical to the language that's already in the agreement where we've never gotten or once maybe, some new additional requirements or specifications placed on the registrar’s registries.
We’re going to put identity language in now for privacy and proxy accreditation -- stuff like that. And it'll never get through a PDP process.
So the - this is just kicking the can down the road again. I hope that ICANN management takes a different view going forward and just says this is the stuff that needs to be in these agreements, you're putting it in there.
It's open to negotiation. It makes sense to get to choose to sign or not. And we’ll listen to reasonable things but we have decided as a corporation how this must be done.
Bill Smith: If the negotiations conclude and you start a PDP it could be several months before the new amended RAA is done.
But what would be the mechanism to force registrars to sign the new one in order to sell names in the new space?
And that's a long-standing BC position is that we don't allow registry to be in the new gTLDs unless they sign the new registry agreement code of conduct.
Why would we ever allow a registrar to sell names in the new space if they don't sign the new RAR?
Margie Milam: So you ask for the process for doing that?
Bill Smith: Intent and process. Is there any intent to force all registrars to adopt the new one as soon as it's done in order to sell names in the new space and what would that process and timing look like?
Margie Milam: No that is not part of the like current roadmap for the new gTLD program. That is a board issue. So if it's something that, you know, that says the BC feels strongly about that's certainly something you could talk (unintelligible)...
Bill Smith: We have. For nine months made that point.
Margie Milam: Right.
Bill Smith: But is it that we need to get other allies to say the same thing? Probably.
Margie Milam: Essentially even though were multi-stakeholder model right? So you need - or in the community beyond the BC...
Margie Milam: ...for that sort of...
Margie Milam: ...approach.
Bill Smith: Called in the GAC, the Government Advisory Committee. The governments or what finally stimulated the beginning of the RAA negotiation because law enforcement was really upset.
They will be really upset if they get a decent negotiation and then none of the registrars feel like signing. We'll wait till their next contract is up and then sign the RAR.
If the new names are being sold and none of these new requirements are being followed we’re going to have a seriously disappointed stakeholder in the government and law enforcement.
Marilyn Cade: So I'm going to be...
Marilyn Cade: ...sure that we go through this and then maybe try to capture...
Marilyn Cade: ...the...
Margie Milam: Okay.
Marilyn Cade: ...things that we need to do.
Margie Milam: Okay. So we can go on the next slide. And as I mentioned, one of the - we heard several things in Prague .
And what we've done since Prague is really focused on those issues. And we did hear a lot about privacy concerns in Prague about some of the law enforcement requests and whether or not it would be violating local laws to be able to require some of the data retention issues or have a really enhanced verification on Whois for example.
And so what we've - what we also heard from the GAC was that best way to seek input on privacy concerns was to ask the GAC questions as opposed to because they speak for all aspects of their government.
And so what we've done is we’ve really tried to hone in on how to get input from your GAC that would be helpful.
And we’re leaning towards trying to build a robust exceptions process similar to what's in the ICANN procedure right now for Whois complex with privacy law.
And in other words it was very difficult as you can imagine when you're negotiating to try to find the baseline that would be acceptable in all countries.
And rather than try to figure out what the lowest common denominator would be we’re hoping to get to a, some sort of middle point on these issues like the retention periods for example.
And then to the extent that it may violate the laws of a particular country then build a procedure to deal with that as opposed to having the lowest common denominator be the floor for all registrars.
Margie Milam: And so that's where, you know, at least from staff perspective that's where we’re headed. And the registrars are aware of this.
Woman: Margie just a point I'm raising, you know, as being a part of a global law firm and having done a privacy survey on a global basis for essentially what is contact information.
This is something that you could easily commission, research or a law firm to do. Now, you know, certainly not saying our firm could do this given our representation but there are other firms in town with global platforms who could survey global privacy laws on simply contact information quite easily.
For example the majority of my clients are global multinational companies where I am routinely surveying over 20 to 30 countries for various different projects.
That really regards much more than simply contact information which is the Whois.
You know, I’m looking at many, many more complicated issues like IP address retention, you know, different types of much more legally flexible pieces of data.
What you're looking at here is a fairly easy global survey. And you may actually get a response back if you do a little bit of research and ask each of the governments to simply confirm your research so you can get the laws in place and start to get the (unintelligible) results.
Margie Milam: And it's more than Whois unfortunately. It is the law enforcement requests deal with Whois and that's one aspect of it.
The other aspect is they want the registrars to retain information like billing information, IP address, you know, that was used to contact the Web site.
You know, so there's a lot of other information that's in the law enforcement request beyond just Whois that shows up in the Whois record. And but that's certainly, you know, good advice...
Margie Milam: ...to consider.
Woman: And I have to tell you, you know, when we’re dealing with global survey products, you know, we’re dealing with contact information cards, demographic data, shopping history.
What you really need to do is just detail out the field an (outflow) of this because this - we don't want to spend two years arguing about privacy law with regard to Whois.
Marilyn Cade: Bill has a comment and then we’re going to move quickly on.
Bill Smith: So I don't know if (unintelligible) a future point you have a statement that says (unintelligible) unique concerns basically about the requirement for this information especially in Whois to be there except in exceptional cases.
Marilyn Cade: The need right, the need.
Bill Smith: Right.
Marilyn Cade: Yes.
Bill Smith: Okay yes I heard the privacy people stand up. And I came up behind them and said and there, you know, these are exceptional cases where the information should be withheld.
The general case should be according to the affirmation of commitments that the information will be there, will be accurate okay.
And yes there are exceptions. That's what the Whois Review Team came out and said. There will be exceptions. It should not be the rule though.
And so I have a concern here that says oh we heard the privacy community...
Margie Milam: Oh and well...
Bill Smith: ...and we didn't hear anybody else.
Margie Milam: Right well we’re moving towards verification. I mean that's, you know, for the first time in the contracts you’re going to find a requirement for, you know, verification.
And the debate is regarding whether, you know, what that verification will be and when it should be.
Bill Smith: Okay verification is one possible way to get the information (unintelligible). But that's not enough.
So the fact that law enforcement is requesting that great, okay? But I am - I respect people's rights to privacy okay individuals who are not - especially not engaged in commercial transaction.
But there are very serious security implications for not being - having access to this information in being able to do things with sites either knowingly or unknowingly damaging okay consumers, damaging the Internet.
And you, you know, it - we need to pay attention to that and at the same time respect people's privacy rights. They are equal.
Woman: Still and many countries have already made this call. So I mean it's not like, you know, if you have the research to support the balance of privacy versus security you can let national law and national precedency reside and make an informed decision instead of having the ten year dispute which we currently have which is the security community versus the privacy advocate.
Both know that a compromise is necessary. And all - again everyone's done it in (unintelligible). It's just taking that knowledge and letting it bubble up to the overall umbrella organization.
Margie Milam: Yes okay. Okay next slide. So one of the reasons I'm here in DC is we’re actually meeting with the registrars tomorrow and Thursday and bringing GAC and law enforcement representatives to the table to try to bridge the gap on some of the positions.
Because from a staff perspective we feel that we need to make progress on the law enforcement request in a manner that, you know, that they hear their registrars concerns and they, you know, find a compromised position and then that'll help put the rest of the agreement in, you know, in conclusion.
Because from our perspective the big issue’s verification and data retention and really addressing the law enforcement (ask). That's been our position from the very beginning.
So where - we are having meetings tomorrow. And then because in Prague we heard about the - I think it was Steve Metalitz who indicated, you know, why wait to start the privacy proxy accreditation program till the negotiations are concluded? Why don't we keep that work off now and have it run in parallel?
And that's what we’re trying to do from the staff perspective to try to set up the session in Toronto so that we can get feedback from the community.
And as I mentioned, you know, we really definitely want the business, a viewpoint on this. Because that, you know, coming up with parameters of what the privacy and proxy accreditation programs should look like is very important.
And from the staff perspective we’re not seeing this as a PDP as a requirement to have the accreditation program.
There may be aspects of it that would be useful to have a PDP on if community - if it's difficult to identify what would be a reasonable, you know, parameters.
But, you know, so as you're concerned Bill we’re not, you know, saying that this is - this has to be a PDP although we certainly, you know, would welcome a PDP on some of the issues on perhaps when should you reveal, you know, on the information or, you know, that - those sorts of things.
But that's, you know, that's council’s prerogative whether the GNSO council decides to kick off a PDP on that.
But we’re, you know, starting to work now and hoping to make some progress in Toronto .
Next slide please.
And just so, you know, I think you may have been at some of the sessions in previous meetings but, you know, these negotiations we’re focusing on verification and data retention.
But there's a lot of other things that are really good and represent a lot of the requests we've heard from that community including the business community when a GNSO council drafting team on RAA has set some recommendations on what it should be.
So I'm just - I'm not going to go through these all but you can see that, you know, these are - these takes the RAA a step further where there's abuse point of contact for example of law enforcement knows how to - and the public, not just law enforcement can find out who they can contract at a registrar in order to deal with an abusive situation.
I've already talked about the proxy accreditation program. A lot more information about the registers to be provided to ICANN related to officers directors and affiliates and the kind information that we typically haven't had access to in the past. Marilyn?
Marilyn Cade: I have two questions. One is and I think maybe this affiliate point may be addressing my question.
So when you're saying their extensive additional register information to be provided meeting their buyers, their resellers, their ISPs, their affiliate relationships?
Margie Milam: No affiliates meaning a common ownership, you know,...
Marilyn Cade: Oh okay.
Margie Milam: ...the corporate structures, you know, whether they’re - whether they run a proxy service for example. That may not be necessarily clear -- that sort of thing.
Marilyn Cade: So that was one question. My second question is some people in this room know that Sarah Deutsch and I were very heavily involved in the initial focus on the US Anti-cyber Squatting Act as well as some other people probably on the phone.
The prohibition against cybersquatting, are we using that definition from the US Anti-cyber Squatting Act or from some other definition?
Margie Milam: No I believe we tried not to focus on just one country law but I think it would pick up what...
Woman: (Unintelligible) model.
Margie Milam: In any event the - yes the - I don't have the language in front of me but it's not exactly from the act of the US .
Marilyn Cade: Could you send this? Do mind...
Margie Milam: Yes sure.
Marilyn Cade: ...if could make a note to send it? Because I think that would be something that's really of interest to us, a very strong definition about what if cybersquatting may actually help us with our defensive registration problem.
Margie Milam: Okay. Okay.
Ron Andruff: (Unintelligible) my name’s Ron Andruff, just going back to the affiliate thing. But so if I understand you correctly we will finally now know who these families of registrars are. Everything will be a one piece of paper.
Steve DelBianco: Well ICANN will know but...
Margie Milam: ICANN will know...
Steve DelBianco: ...but not allowed to publish it.
Margie Milam: Some will be published, some won't. And the question is where? So that's part of that was still under negotiation.
I don't remember the specifics on where we are at - on all of the information.
Steve DelBianco: So we may still not know.
Ron Andruff: Yes well here - that's kind of where I was leading Steve and that's...
Ron Andruff: And this is exactly what I think needs to happen here. If ICANN is this bottom-up transparent organization I have a big problem as an individual within the BC watching a negotiations going on in - behind closed doors with a contracted parties where there’s no ability for the community to observe what's going on, number one.
This affiliate program has been going on for years. No - and compliance said they don't know who owns the various registrar - registries - registrars I'm sorry. That is mind-boggling to me.
So this for - from the BC's point of view I would think is certainly a huge issue. We want to know, everyone should know, it should be public knowledge...
Ron Andruff: ...who owns which registry or registrars and what are those relationships between those bodies.
And we also need to know what is going on in a more public fashion with regard to the - this negotiation.
I know that when I took responsibility for the.travel contract at the registry with ICANN that contract was imposed on me. There was no discussion about a contract.
This is the contract take it or leave it. If you don't want to take it go back of the line and we’ll negotiate with other guys until you're ready to take it.
Why this contract negotiations have been going on for so long, it's an abomination. It's an abomination in the ICANN process. And I'm sorry I'm using those strong words but this is wrong, dead wrong. And I want to be on the record as saying it.
Marilyn Cade: So how do we help you because one of the things Kurt had asked me for was the opportunity to talk to us about our views about where things are?
How do we help you with giving you some verbal comments? You'll have the transcript by tomorrow. But I think we ought to be taking some notes ourselves on what else we need to say to ICANN in writing...
Man: And who we should say it to Margie. I assume Kurt is no longer the lead on the negotiation.
Margie Milam: I’m sorry.
Man: I'm assuming Kurt Pritz is no longer the lead on the negotiation?
Margie Milam: I believe Kurt is still involved and (John)’s involved. I mean because, you know, in the new reorganization there's obviously projects ongoing that are difficult to do, you know,...
Marilyn Cade: The transition period.
Margie Milam: Yes so, you know, as far as I understand it, you know, the legal team’s involved, Kurt’s involved, you know, Akram as well.
But I don't know who - I don’t know who is the lead on.
Man: Should I contact (Bobby)? I'm serious I...
Marilyn Cade: No. No I think we respond to Kurt.
Man: I'm - okay but I am very upset that this thing needs to go on. I'll use Ron’s term as well. It's an abomination, okay? That it’s - and we don't want to - mean to shoot the messenger.
Man: Let her talk. Let her talk,
Woman: We understand this is a sensitive issue in the community.
Man: This has been going on a long time behind closed doors. As registrants we are not allowed to operate this way, okay?
Look at the new gTLD process, okay? The amount of information that was required I can tell you our company chose not to file because of the amount of information we have to disclose, okay?
Why isn't that same amount of information required from your service providers, the registrars or registries?
Margie Milam: And to be fair the registry agreement (unintelligible) but not negotiated, you know, the agreement involved from the beginning of the program to...
Man: I understand but it was published...
Man: It was public input on the new registry contract.
Margie Milam: There will be public input when we get to the point of having, you know, an agreement that that's, you know, at least represents the compromise. So it's not going to be...
Man: But again...
Margie Milam: ...done and then signed and you have no input. And we've had discussions, you know, including there was the one in Toronto where you can share your views on, you know...
Marilyn Cade: So Margie - are you guys are here for two days. Kurt asked me for an opportunity for us to provide this kind of feedback.
I think what we'll try to do is to see if putting it in writing to Kurt and copying others works. But could you help us - you've got a little more to go through...
Margie Milam: Sure.
Marilyn Cade: ...could you help us with - so you're in two days of public comments. You clearly need to be able to convey that there is a growing amount of for the transcript I'm going to use the technical phrase, a very technical phrase that is called hell no we won't go attitude that is beginning to emerge of frustration and concern about certain things.
And it - we don't want business to be in a - such a withdrawn phase that we can't get an effective RAA agreement.
But we have concerns about certain things. And other things we just don't know how concerned we are because we don't know.
Man: Well one of the things we know we know are concerned about was that the RAA be binding on anybody selling. But the other the BC was insisting that the data be validated.
That is that in this list of things on which progress is being made. Could you update us on that?
Margie Milam: Yes and I apologize for a short amount of slide. I should've included the validation issue. Yes there is an agreement to validate. The question is how much to validate.
And currently I understand the registrar position to be that they will validate either email or phone number or address. And so - and they will also do the data check in the field.
So for example the address is it an address that, you know, is in the country and the country’s in state? You know, some sort of sanity check on the information that's in the...
Man: We need to validate. That isn't what we mean.
Margie Milam: So as...
Man: We mean that the person is who they say they are and they are reachable at where they said they could be reached.
Margie Milam: Right so they would be reachable at either phone number or email or this is the registrar position or address...
Marilyn Cade: So (unintelligible) and reachable?
Margie Milam: Yes.
Marilyn Cade: Correct and reachable.
Margie Milam: Correct in the sense that it's not the data fields...
Marilyn Cade: Thirty Mickey Mouse Lane .
Margie Milam: Right, right but they're not actually checking that that particular registrar is at that address. That level of verification is something that the registrars feels that have to be a broader community discussion...
Margie Milam: ...they’re willing...
Man: ...(unintelligible) or difficult or...
Margie Milam: Yes I mean all of that. And then also - I mean also you think of the global nature, well how do you do it and Africa for example or, you know, South America or...
Marilyn Cade: But reachable...
Margie Milam: ...different places might have more difficulty than others.
Marilyn Cade: Reachable may mean cell phone number or email number. So I think this is - Bill has a comment. I think this is a conversation we are going to want to spend more time on.
But what we’re looking for is accurate, it's real, it's a real working phone number and it's a real email. It's a real and the person is reachable at it. Bill wanted to say something else.
Bill Smith: That's right. Bill Smith, PayPal. Any thought been given to using the basically the SOCA matrix that was presented I think in Singapore ...
Bill Smith: ...initially again. But basically that says there levels so, you know, their application and validation that can be done.
Man: And risk-adjusted.
Bill Smith: Yes and you just risk-adjusted it and you get a number and then things like well let's see well it looked like a good address.
Okay fine you get a one. And that means, you know, that you may have to wait a day or something to get your name into the data or whatever.
Are the registrars even, you know, willing to go to something like that or to something that says, you know, and we actually verified right, that the name matches the address this, that and the other thing?
That’s the kind of thing at least, you know, we as PayPal do. We take risk, right?
And yes it’d be great if everything was validated and we absolutely knew the person registering, you know, this domain was who they said they are.
We also know that that's not possible Africa is or other places. I'm kidding. There are in fact real difficult.
But there are other jurisdictions where you do a pretty good job right, of saying yes this person - I have a 98% confidence this person is who they say they are right and that they are authorized to engage in this transaction.
There they are. We’re going to go ahead and do it, right? As opposed to what I keep hearing on these negotiations is oh it’s part in Africa therefore we can’t do it anyway.
Bill Smith: Yes it's hard. This is not a simple problem. But there are relatively I think as SOCA has pointed out, relatively simple solutions that many of us employ. Why can't it happen here?
Again I know you just the messenger but, you know, ICANN in my opinion, PayPal but then ICANN needs to step up here. ICANN as the corporation needs to step up and say there are ways to do this and as registrars start mark my (unintelligible).
But you will - I think you would do this but you will do these things. This is how you will do it. Here’s the framework and you have to agree to do this otherwise you're not going to be a registrar anymore because this is not 1998, okay?
We don't need hundreds of registrars. We can deal with, you know, we don't need competition in registrars.
Ten registrars would be would be competition enough...
Marilyn Cade: So...
Bill Smith: ...all right?
Marilyn Cade: We have - hold on. I'm going to exercise the chair’s discretion here.
Man: Well you should.
Marilyn Cade: We have a board member coming and we’re going to have an opportunity...
Man: I'll (hit) first.
Marilyn Cade: We have an opportunity to have a conversation...
Marilyn Cade: ...with a board member. And it happens to be a board member who has expressed significant concern about improvements along the same line that we’re just raising.
So why don’t we spend more time with Margie and make our list...
Marilyn Cade: ...of things and then also make our list of things that we need to put in writing.
Margie Milam: Okay. Yes and all those points are ones that you can share in writing. Because I think it's useful to share...
Margie Milam: All right let's move on. One thing that (unintelligible) I want to say about the RAA at the moment - can you next slide please?
Oh (unintelligible) maybe this one. You know...
Margie Milam: ...we've taken the negotiations and in a way where we've also asked for - for the registrars to step up to additional obligations like an SLA for Whois or a transition to a new Whois protocol.
And we've asked for support for adoption of DNSEC and IPv6. These are areas where the registrars have been very firm but they don't feel that they are comfortable going in the direction that ICANN has sought.
So I'm just sharing with you of areas of, you know, that are still under negotiation. You know, and from the ITM perspective we asked for revocation right in the event that the main industry evolves to a point where the current model’s no longer appropriate.
Man: That's revoking the registrant contract?
Margie Milam: The model itself. For example if you get to a point where, you know, maybe they're all wholly-owned and then there's no, you know, there's not a need to continue with the registrar model as a requirement.
We've asked for that as you can imagine the registrars oppose that. But we’re trying to think ahead because we don't know where the market’s going to evolve over the next, you know, a few years after the new gTLDs launched.
And what we don't want to have is a contract where we’re stuck to this framework of a relationship that no longer makes sense, you know, given where the market evolved.
We don't necessarily think that it'll happen. We want that ability to do that. And it would be something that would apply across the board on all registrars not like just oh we don't like, you know, GoDaddy or something, you know.
It’s not registrar specific. It's a recognition in discussions with the community that, you know, that keeping that model no longer makes sense.
And so that's just something that some of the areas that we’re still negotiating under, you know, and in the negotiation because we don't want to be forced to having to maintain the same agreement, you know, over the next ten years.
Marilyn Cade: Margie it's Marilyn. I'm sorry but I need to be sure I understand what you just said. If we have open generic TLDs in the future there are huge competition issues if there are - if there is no generic registrar business.
If we allow dominance - if we were to hypothetically say VeriSign no longer has to use competitive registrars they can be their own registrar is that what we’re talking about?
Margie Milam: It may not be, you know, if that's the situation the community may not support that. It's...
Marilyn Cade: Okay.
Margie Milam: ...not a unilateral thing.
Marilyn Cade: No, no, no I hear you but here's a piece of personal perspective from Marilyn Cade having done this for many years.
Take back to the general counsel my personal view that there are competition issues associated with exploring changes like this that need to also be thought through not just sharing what the community wants. Because the community may be dominated by people who have opinions but there still may be competition issues.
So could you just raise that as a concern that also needs to be addressed?
Margie Milam: It doesn't mean that they wouldn't completely be eliminated. It might be that they have a different model for say the generics. I mean you know what I'm saying? I mean it’s not...
Marilyn Cade: I just feel like the times and we say we’re a multi-stakeholder model but if the community wants - just remember we live in a rule of law.
Bill Smith: Quick (unintelligible) comments Bill Smith at PayPal. I think we should - I'll disagree with Marilyn. And I think we’re going to hammer on this verification, right.
Bill Smith: Okay and we’re going to demand that and it should be a this, you know, the - a line that ICANN will not cross in the negotiation except if ICANN gets everything else it wants and then it will pull back.
Man: If I'm not mistaken this...
Man: So it's a great negotiating tactic. But everything else has to come.
Ron Andruff: So Ron Andruff speaking. If I'm not mistaken that's - there’s a line in the contract for the new registries that says we can change this contract, we can pull this contract at any time.
So not something along those lines that says allows for that? In fact I should look at my book study or Elisa.
Isn't there something in there that says ICANN has the right to change the contract at any time with registries? If I'm not mistaken there is.
Man: Well there's certainly consensus policies can change but is there a revocation rights?
Man: I'm not sure revocation...
Ron Andruff: But changing the contract or make modifications to the contract. So I think there was a precedence. There may be - I may be...
Margie Milam: My recollection -- and I could be wrong is that there was in an earlier draft but got that taken out and as a result of comment, you know, over the period process that we went through so...
Man: Of course PPs can always change...
Margie Milam: Yes. Okay so I guess we’re probably out of time...
Marilyn Cade: So keep going...
Margie Milam: Okay next slide please. I think we’re done on the RAA at this point. Let me see what the next slide was? (Unintelligible) wasn't sure.
We - okay we've already talked about this. Oh one of the issue I want to go back to is the implementation issue. And I think one of you may have raised this.
We’re trying to find a way to implement - once we get to whatever the form is, implement all of them at the same time because otherwise you might end up in a situation where the cost of doing business are noticeably higher for some registrars versus others.
Margie Milam: But that is something that we’re trying to grapple with to find a way to whenever we get to this form of agreement that we implement it across the board.
Bill Smith: Right. So the suggestion that PayPal has submitted but never got up under the (same) on these - with his things was to actually say these contracts all expire on a date certain.
And so if you're a new registrar coming in it basically says it's a five year term. Whatever comes in bam well 2010 this contract expires and the new one starts.
And every registrar has (unintelligible). You don't get to - or re-up and do the next thing, right, your old one.
All of the contracts for registrars to eliminate this problem okay they have no choice. They have to go to the next one. And they have to go all on the same date. There are no competitive issues and it cleans stuff up for ICANN.
The current mechanism is unworkable. With 300 registrars it will be even worse when it gets beyond that. You know, this stuff has - we have to get on to a more workable schedule.
And that really is the only way to do to answer those types of questions. Everybody's contract has to - when a contract change for everybody or, you know, for the registrars it has to change for everybody.
Marilyn Cade: So I think that’s consistent with what...
Man: Right because...
Steve DelBianco: And the bottom two about implementation challenges, the cost, the BC has a written position on trying to encourage ICANN to take on as much centralization and standardization as possible thereby delegating less of the code and maintenance and effort to the Registrars and Registries .
So the examples we brought up were sunrise, trademark clearinghouse, which we are going to operate centrally, right, single vendor controlled by ICANN. The same thing's going to be true with the URS vendor. And finding a way to centralize that, think about domain blocks, a centralized process to validate whether you are allowed to get a block if we move to that.
So the more we can centralize these things the less the costs are shifted out to the Registrar and Registries. A simple thing like holding your trademark clearinghouse database in one place and allowing people to do calls to it to get an answer but don't force them to maintain a copy of the trademark clearinghouse database on every Registry and Registrar; that just doesn't make any sense.
Woman: All right.
Man: And I’m sorry, if I may, just one last quick comment. I just want to pick up what Phil said. And this comes back to the implementation. It's absolutely right that what Phil is saying that as this new RAA is finished all Registrars - it comes back to what Steve said earlier, anybody who wants to sell new domains in this new regime it's a new contract, a new regime, everybody starts with a fresh new contract.
Because you can, as sure as I'm sitting here, a larger player is going to say, you know, this is going to take us a long time to sort out and it's going to cost us a lot of money and they're just going to string it out and string it out and string it out as long as they possibly can just to - exactly as we've seen in every one.
And major corporations are not in a hurry to go to IPv6, it's a cost. Why do they want to do it? Something that's forced on them and it's not being forced on (unintelligible). So in the same way the larger players are going to push back on this and drag it out so it should be a clean slate, new regime, new contract. Thank you.
Margie Milam: Yeah. Okay so how much more time do I have?
Marilyn Cade: I'm going to give you my entire 30 minutes so you get the next...
Margie Milam: Great, okay well let's talk about Whois. I won't spend too much time just to point out some of the new stuff that's happening in terms (unintelligible) usually I think Council (unintelligible) going to be asked to look at in Toronto so let's hit the next slide.
As you guys may recall, you know, there was - based over a Whois policy and a series of studies were undertaken after October 2007 to get data to support future policymaking.
And so we used an RFP approach to do that. And most of - and these are very extensive year-long studies that are underway and we're now starting to see results. So at least for your community you'll be very happy to know that this effort, you know, will be, you know, will be successful in the sense that you'll start seeing reports including in Toronto on some of these issues.
So let's go to the next slide. The Whois Misuse Study - I think I'm not going to go into each of the studies but you've got the slides. You know, we've awarded them, you know, very prestigious researches, Carnegie-Melon is one of them. The results will be in mid-2013. And so this will really hone in on some of the issues of whether Whois - public Whois increases harmful acts and whether anti-harvesting measures are effective.
You can go to the next slide. The Registrant Identification Study - and I believe this study - yes, this study we will actually be talking about in Toronto . This one examines how registrants are classified including natural persons, various legal persons and whether they're privacy or proxy service providers.
And this was the University of Chicago (unintelligible) University of Chicago business study. And they're releasing their results in October, which is why we believe we'll be able to talk to them in Toronto even though it's probably a draft report at that point but at least the community will get a view as to, you know, what's been going on with these studies.
And I think this will help, for example, from my perspective, in trying to come up with this privacy and proxy, you know, accreditation program some of the information that we learned from the study might help - feed into that work.
Next slide. This one is the Privacy and Proxy Abuse Study. We got the National Physical Lab of the UK to do this. And this study will be expected in 2013. And it really just talks about how - whether bad actors use privacy or proxy services, you know, at a higher rate than regular registrations so it'll be interesting information, you know, to help feed into some of the work on Whois issues.
Marilyn Cade: Sorry, (say) it again about whether who uses...
Margie Milam: Whether privacy and proxy services are associated with alleged harmful acts. So in other words...
Marilyn Cade: Yes.
Margie Milam: ...is it misused in order to...
Marilyn Cade: Right, right, right...
Margie Milam: ...to do bad things...
Marilyn Cade: Right.
Margie Milam: And that one's currently under way and 2013 is when we will get results. Next study. Okay this is the one I wanted to highlight especially for your councilors. We tried to study the privacy and proxy relay and reveal requests and found that we had difficulty doing that; that when we published an RFP we could not find a provider to conduct the study so we did a pre-study which was awarded to Interisle Consulting .
And they've just concluded their study and they've recommended a path forward. So in Toronto we actually will be talking to the GNSO Council and the GNSO Council has it as one of its action items to decide whether to recommend to proceed with a study on Whois privacy proxy relay and reveal.
Steve DelBianco: Earlier you talked about the potentially certified privacy proxy providers and having a code of conduct for how they'd have to operate. It would presumably - what we would learn from this study would inform how you write the requirements for those vendors as well as writing the agreements.
Margie Milam: Right.
Steve DelBianco: So this becomes an example of why a fact-based study on why the status quo doesn't work is necessary to drive a PDP. So...
Margie Milam: ...you know, you should talk to your councilors about because, you know, there may be resistance in doing any further studies and this is one that would feed into that work that I was describing earlier about the potential privacy proxy accreditation program. So that's why I wanted to highlight it because it is an issue for Toronto .
Man: How fast could you get the work done?
Steve DelBianco: What were their recommendations.
Margie Milam: I don't know but...
Man: Five years.
Margie Milam: Yeah, yeah, I don't know but we will have Interisle there in Toronto talking about it so that's the issue - Lyman Chapin...
Marilyn Cade: Chapin...
Margie Milam: ...did this study and he'll be in Toronto talking about the results.
Marilyn Cade: And just an FYI for the BC members I've invited Lyman to come and be - specifically come and talk with the BC in our agenda. A lot of the work I've done in the past is not on statistical analysis; it is using other forms of research mechanisms.
And I think we will try to take a look at this, Margie, because there is something to be learned from understanding these facts even if it's not a statistically valid study. But I take it - I take very much the fact that we're going to have to help defend that if we want more work to be done.
Margie Milam: Next slide. So there's a lot of activity on Whois in - particularly in Toronto . And I think an area that the BC may be interested in is the Whois Review Team final report.
And just to highlight that there's a debate in the Council as to how much of the recommendations should be done through a PDP versus outside of a PDP. And that's an area where I think input from the community would be most, you know, most helpful because the Council currently does not have consensus on that issue.
But the Board will be looking at, you know, and has asked staff to come up with implementation plans on each of the recommendations for, you know, the review team - or recommendations. Bill.
Bill Smith: Bill Smith; PayPal. So I'm aware that the GNSO Council is talking about this stuff. I'm just - I'll throw out a rhetorical question. I'm curious as to why - because the Whois Review Team report went to the Board..
Steve DelBianco: And the Board asked Council which of these do you need to do a PDP on.
Bill Smith: I understand. But I would - with a Board member in the room - has - and as a Review Team member who spent the better part of my life or almost a year and a half on this report I sure would like the Board to respond.
Bill Smith: Yeah.
Man: Yeah, we will respond, yeah.
Bill Smith: And pushing it out and asking others to decide - make a determination. I won't use the abomination word that Ron used earlier but as one of the roughly 15 members on that I'll speak personally.
I certainly hope that the Board takes it seriously. And I hope that it is the Board that actually makes the decisions and the review; not other members of the community.
We took our work very seriously. We expected to report back to the Board, which we did. And we hope the Board makes the decisions about how to take actions on that.
And so for me it's disconcerting that I hear the GNSO Council is discussing this, discussing that, doesn't think that this should happen this way; this should happen that way.
Marilyn Cade: So...
Bill Smith: From our perspective it's the Board's decision.
Marilyn Cade: The BC is on the record, and our councilors have (straight) forward the BC's position. But I will just ask the question, not to be responded to right now, Bruce, but I guess our view is that the work done by the review teams is unique and includes extensive public comment processes all along the way. And it, in fact, is required to be representative, which is not true of any working group; no working group is required to be representative.
And a working group can be loaded up by interested parties and skewed dramatically. So the review teams are quite unique. And in fact people are appointed through a very strong vetting process in order to be on a review team. They are highly staffed. They work very, very hard. And we believe that the status of the reports of the review teams are unique.
So we can come back to that but I think to echo Bill's view as a member of the Review Team, also a member of the BC, but I think we are very concerned if the status of the work of the Review Team is nothing more than just another opinion-based document from, then we're wasting our time and the vast amount of resources that we have committed to the review team process as a part of the ATRT coming out of the Affirmation of Commitments and elsewhere really is going to concern us about whether ICANN is actually able to affect change other than by negotiation with contracted parties.
Margie Milam: Okay, next slide. So the only thing I'll talk about the thick Whois policy - and we'll skip through the slides - is that we will be kicking off a PDP shortly. And we do encourage the Business community to participate in. This is the issue of whether thick Whois should be required for all Registries. And currently DotCom and DotName - DotNet - are thin registries and we're trying to develop a consensus policy to evaluate whether they should be required across the board.
So, yeah, so that's...
Margie Milam: ...and I don't have more time on that but just, you know, please make sure that you get adequate representation when they're...
Marilyn Cade: Right.
Margie Milam: You know, right now they're drafting the charter so it's still a little preliminary but fairly soon, probably in Toronto, the charter will be accepted and then the working group will be kicked off, the work will be kicked off.
Margie Milam: ...names and new gTLDs. This is an issue report that I wanted to talk to you about. It's the question of whether, you know, there's a lot of work that's currently being done on the Red Cross and the International Olympic Committee names in new gTLDs.
And a issue report was requested on the topic of whether it should be expanded to include international organizations including the NGOs, IGOs, you know, organizations that have sent letters to ICANN asking for the same types of protections that are currently issued to the Red Cross and the IOC in the first round.
And so we had a public comment on the preliminary issue report and essentially we'll be publishing the final issue report momentarily. And the GNSO likely in Prague - I mean, in Toronto - will be voting on whether or not to proceed on a PDP on this topic.
I don't think I'll go into the specifics of the Red Cross and IOC issues because that's a separate issue and we don't have time for that. So let's go to the next slide, so I wanted to share how it might affect the Business Constituency.
The question in the issue report was whether to protect the names of international organizations. And the question is what is an international organization? And what the scope should be; should it be narrow to just, you know, international government ones and NGOs or could it be broader to address the issue of defensive registrations at the second level generally to all trademark holders?
And that is the question that we asked and addressed in the issue report that the GNSO Council will be asked to vote on probably in Toronto . You could do a, you know, we, as staff, we're going to recommend that there be a PDP so - and we're asking the GNSO Council to consider the scope of it and whether it should be broader than just focusing on specific, you know, types of trademark holders as opposed to all trademark holders.
If you could flip to the next slide. So, you know, here's the kind of things that we thought the PDP could cover if it's initiated by the GNSO Council, you know, defining what an international organization is, who should get, you know, or whether there should be special protection for international organizations and really identifying the criteria as to which international organizations could qualify for special protections.
So if you step back for a moment and if you get, you know, WIPO or the UN, you know, would they have - do they have or should they have special protections in the same manner that the Red Cross and IOC currently have for the first round?
And then really the question that we're posing - that may affect your broader community is should the PDP really address the broader issue of defensive registrations at the second level for all trademark holders or should the PDP be narrowly focused to just international, you know, IGOs or NGOs. Bill.
Bill Smith: Yeah, Bill Smith, PayPal. I made this comment (unintelligible) the US IGO. It's not just the second level though.
Margie Milam: It's top and second level.
Bill Smith: No. Third and fourth and fifth, okay. The problem actually gets worse the further away from the root you go. Okay we are not just starting - we are seeing things, as an example, where we see PayPal.reallybadactor.reallybadregistrar.reallybadregistry. and then stuff, okay.
And that is - you see that when you mouse over the URL. And what happens is humans read left to right, machines - the DNS processes right to left. And what you see is PayPal, okay.
So the - protecting at the second level, in my opinion - this is a personal opinion - doesn't actually accomplish anything because the parties who are going to make use of this are just then going to say fine I'll go get, you know, badactor.com and now I'll just - because I own the second level, right, I now can put anything I want at the third level, fourth level, fifth level. Okay.
And I don't believe there is a way to protect against that because I am allowed, within my domain, to assign any name I want to a domain. You can't protect inside an organization. So this is interesting, great topic to discuss but in the end the bad guys are going to figure a way around all of this.
Marilyn Cade: So I'm going to say something real quickly about this. Margie, I met with the General Counsels of the IGOs and I have done a fair amount of additional research on this. I think it is possible to define criteria about what is an international organization because there are some set of treaties that recognize their standing.
I'm not - I think the last bullet is the bullet that is of highest concern very often to businesses and potentially to NGOs, not IGOs, but NGOs, that the reality is that right now worldwide unless there are a set of treaties that define an organization as an international organization ICANN may call itself an international organization but legally it is not an international organization.
And so when we get into this we're going to have to be supported, if this goes forward in whatever form, it is going to have to be supported by a very thorough issues report and very strong documentation and a very good understanding of the international treaties.
Otherwise we're going to just have a PDP process that is chaos and nothing but opinions and people throwing their views of legal interpretations at each other. So my message back to staff on this is there's going to be a lot, perhaps, more work than might be envisioned and maybe even the need to retain outside counsel support in order to support an issues report that could support a PDP.
Margie Milam: Yeah, and the question, Marilyn, is whether that work gets done in the PDP or gets done outside - I mean, you know, before the PDP gets kicked off. And that's, you know, certainly in the new PDP process there's the ability to get - to, you know, try to get outside experts to weigh in on those issues and do within the framework of the PDP itself.
Marilyn Cade: The more you engineer risk into a process the more risk you have throughout the process. Start with facts first. That's just my personal view. And now we're going to move on.
Margie Milam: Okay so I think that's - that's essentially all I wanted to cover today given the time. You know, as I already talked about the staff recommendations and the fact that the final issue report is due to be published soon.
Marilyn Cade: Well I want to thank you for coming. We're going to need to move to Bruce but I want to offer people one last comment for either you or Patrick after I make the following comments.
It's really helpful for us that both of you have come and spent time with us. And I will just say I know it adds to the work of the staff but my message - and I'm glad to have this opportunity to say it before one of the ICANN Board members - so many of the group gropes that take place at the ICANN meeting in large sessions are group gropes.
We have diverse groups trying to come together and spend 90 minutes on very complicated topics. And I think, for us, we probably - and through the transcript - there are 31 people who participated in the meeting and the transcript will reach the rest of our members. It'll be public.
We have much more opportunity to understand and provide informed exchanges when we are able to have the ICANN staff come and meet so not just with us but with others as well. And I want to thank the two of you for making this effort. So join me.
And you get one minute because we got to go to Bruce.
Man: Very quickly I wanted just to echo what Marilyn said. And, you know, we really appreciate staff from the BC point of view. As we start getting into these new PDPs and so forth I just want to pick up on a comment that Marilyn side. This idea of IGOs and having a perspective on that I have none.
And I would venture to guess within our group of BC, you know, maybe we have one in our 80 or 90 members that might. So it's really important that we do get outside experts to frame that discussion, number one.
And then, number two, when it does get down to the PDP level what we're seeing now is that we tried to change the model within ICANN, within the ICANN community, that we would - that the Council would no longer be voting on things and so forth. We get it out into working groups and these working groups would bring it back.
What's happening now is working groups are coming in stalemates because people are getting on board those working groups to kind of tip the boat in their favor. So if enough of them that they can block the dialogue that we'd like to go through. And I think that was seen when we looked at the vertical integration.
It was a, you know, a stimulating dialogue but it was pretty well - it was clear that this was never, ever going to pass a consensus. So we might want to be starting to look at what those - how those working groups are made up so to make some framework around what makes a working group.
(Unintelligible) that that working group can come to some conclusion as opposed to being anybody who wants to jump in just jumps in and so whoever has the larger voice that they really want to have heard at the end of the day they come and swamp the boat a little bit if I could use that term.
So those are the two elements that are really critical in this process going forward; how we get to consensus policy can only be started by very good clear instruction at the top in terms of issues report, then the PDP is launched. And only those who have a voice that can bring to that discussion should be (unintelligible) somehow and able to go in there. That's just what I wanted to add. Thank you very much.
Marilyn Cade: Guys, we have only 45 minutes with Bruce because we have to leave. Can I ask you to take this up with - separately if you need to do it right now. Okay.
Man: Just because of how passionate I was with you guys I want to do a plus one to what Marilyn says, okay. We appreciate greatly the work that you guys do, the fact that you're here and all of the staff that I've worked with at ICANN have been fabulous. So thanks.
Marilyn Cade: Thank you. So let me introduce Bruce Tonkin. I know in some ways Bruce is a well-known face to many of us who go to the ICANN meetings. But let me give a very quick introduction to Bruce.
Bruce does work for Melbourne IT. He is the CTO there. But years ago he apparently decided he was going to play a major role in helping to make sure that we could have bottom-up consensus-based policy development in an organization that barely existed or understood what it was at the time when Bruce accepted the role as Chair of the Council and played a major role in helping to bring many of the effective policies forward.
He was then elected to the Board from the GNSO, which is a tough thing to do because we are not always aligned within the GNSO. And he is - we're very fortunate that he is serving as the Vice Chair and continues to play a real leadership role in helping to try to look for consensus and for agreement.
And we make a practice of having interactions with Bruce and with Bill Graham, the other Board member who is elected from the GNSO on a regular basis. We're taking advantage of Bruce being here. And let me open this by asking Bruce if he would like to make a few comments and then we'll kind of go into a general discussion. We're walking out of here at 12:30 . Bruce.
Bruce Tonkin: Thanks Marilyn. I guess there's a couple of things that the Board is working on that might be of interest to the Business Constituency generally. In addition to Vice Chair of the Board I'm also Chair of the Board Governance Committee.
And we've been sort of (unintelligible) working our way through the ATRT recommendations. I think there's something like 27 of them and I think nearly 20 of them ended up with the Board Governance Committee so we're working through those.
Two that, I guess remaining, one is ATRT Recommendation Number 6, which is really about when should the community use a - or when does the Board advocate using a policy development process, PDP; when does the Board simply open something up for public comment and when does the Board not feel the need to open up for public comment. So you'll see a paper, which should be out by the end of this week, on that.
At a high level we've identified the straightforward (unintelligible) so, you know, if there's going to be a new policy that imposes requirements on registrars and registrants, you know, that would go through a PDP, when we're asking for input on strategic plan and operating plan that typically would be a public comment process. It's a fairly open process; anybody can submit comments. And the staff typically consolidate those comments and then make a recommendation to the Board.
And then the third case is on topics like appointing the new CEO or, you know, appointing - setting the salary conditions for the Chief Financial Officer. Those are things the Board generally does internally and doesn't go out for public comment.
What we've found, though, there's - between the first two examples, so the full PDP and the general open public comment, there's an intermediate level. And examples of that have been getting feedback on the trademark protections and the Board supported a process of what was - ended up being called the IRT, the Implementation Review Team.
The Board actually authorized (travel funding) for that team. And then when the report was received the Board specifically asked the GNSO for input. With respect to getting metrics for consumer trust and consumer protection the Board specifically asked each of the parts of the ICANN organization, the advisory committees and the supporting organizations to provide us input.
And I'm pleased to se that many of those groups actually got together to (unintelligible) this issue rather than just (unintelligible), you know, we think that's good process.
And then we also saw something similar with the applicant support for (unintelligible) community to provide support for new gTLDs for I guess the term was needy applicants. And again there was a lot of collaboration between the different parts of ICANN to produce the proposal.
But none of those processes are documented. And they have tended to be a bit unpredictable. And so when the IRT came and did their work, similar to Bill's comment on the Whois RT, the expectation was the Board would just implement those recommendations. And the Board chose to go and ask the GNSO for input. And, you know, that wasn't a predictable process.
So one of the things we're going to run at the session in Toronto is in this intermediate case there's not a full PDP but we're looking for input. What would be an ideal process to do that in a predictable way because there aren't many cases where we do want to hear from the institutional stakeholder groups formally rather than just from individual public comments. So we're trying to define that process more clearly.
The other topic that we have commenced is reviewing particularly the reconsideration requests and the independent review process. The reconsideration requests typically probably gets used two or three times a year. The independent review panel has only ever been used once and that was by the applicant for DotXXX.
The view of the independent review panel process was it was very extensive. Both parties probably spent millions on it. so that, you know, that means that it becomes a process that only the very wealthy are going to be able to afford to use.
And then the reconsideration requests - certainly there's quite a bit of satisfaction, I think that people feel that they've asked for reconsideration and, you know, the answer they get is, you know, we haven't changed our minds. And perhaps the basis for asking that reconsideration isn't always clear.
So both of those areas that we've appointed some experts to provide advice. One of those is a former Supreme Court judge in South Africa , Mervyn King. Another is a person who's had sort of senior, I guess in effect, a judge in Australia that's worked with administrative appeal tribunals which is similar to how these processes work. It's sort of appealing a government decision or appealing a decision of a government entity.
And then we've also appointed a legal firm that has experience in these matters as well. So they'll be analyzing these mechanisms but also obviously seeking input from the community on how they can be improved.
Marilyn Cade: There are three mechanisms...
Bruce Tonkin: And the third one is the ombudsman.
Marilyn Cade: Right.
Bruce Tonkin: That isn't something that is going to be a huge focus. We have reviewed that and compared it with best practice. You know, we've asked the ombudsman to sort of come back and see how those processes are comparing with other ombudsman processes.
Still of course open for people to comment on that but the feeling is that the pressure is probably to reform the other two (unintelligible) - unless you have other (beads).
Marilyn Cade: Well, Bruce, there is another proposal that has been out there. And I should just say for the record it's Marilyn speaking. I have used two of those processes. Neither one of which was at all satisfactory. And then the second case on the reconsideration the person whose decision I complained about provided the legal advice to the reconsideration committee.
Marilyn Cade: So I'm not exactly sure if I understand how that works, you know. But there was also another proposal that was made and that was - that's been around for a while - and that is the idea that there would be a - kind of a different form of judicial entity that complaints could be taken to.
So when they're looking at reviewing these two will they be also looking at additional measures for...
Bruce Tonkin: Yeah, I think - you're right, to look at all of those, yeah. So that- the terms of reference for that review should be public but if not I'll check and see that they are. But certainly, you know, those groups are available to report on that.
Specifically addressing Bill's comment about Whois review that's probably an example where, you know, there's some certainty of process so the Board's received a report which it takes very seriously, it has discussed. You know, we've certainly had workshops and gone through all the recommendations.
The Board will be, you know, making a formal response to that report. But generally, you know, the Board sees itself in a governance role rather than being, you know, a policy Council. And certainly there's some things in that report that are very straightforward so an example would be that, you know, ICANN treats Whois as a strategic issue and that's a straightforward yes.
Then there are matters that become a little bit more implementation so an example would be that the idea that all the different bits of the Whois policy; some of them are in contracts, some of them are in policies. Pulling all those bits into a single thing what's the best mechanism to do that?
You know, should we - and the Security and Stability committee has recently responded because we went out and asked the different groups. And they've suggested, you know, starting with really clearly defining the purpose of Whois and getting that clear as part of doing that process. So those are - those are implementation suggestions.
And then certainly I don't think we've received the final view from the GNSO. But, you know, in terms of their input on Whois...
Marilyn Cade: You mean from the GNSO Council?
Bruce Tonkin: Council, yes, yeah. But even, you know, using Marilyn's specific terminology there it's not limited to the GNSO Council so if a stakeholder group or a constituency or a house, which is to, you know, provide their own input that would obviously be taken into account as well so it's not exclusive to the GNSO Council.
My expectation would be that you'd get that formal response in Toronto from the Board. And I'll also be pushing for this to be on our sort of public meeting agenda so the Board will be meeting at the end of Thursday. Some of it the routine matters associated with an AGM , you know, electing officers of the company.
But the view is the topics that are of very high community interests should also be part of that public meeting and Whois would be one of those. So other than that those are just sort of things I've, you know, might be responding to Bill but just giving a sense of areas that we're focusing on in terms of improvements. But any other topic I'm happy to address...
Marilyn Cade: Perhaps we would also ask you - I'm not asking you to comment on it but help to maybe describe just a little bit the - when you say the changes at the AGM - many of our guests here are not necessarily familiar so just kind of thinking about - or those of you who aren't - the AGM is the annual meeting.
It typically takes place the last meeting of the year. It always is designated by the Board at the end of that meeting is when new Board members are seated or new Nominating Committee or elected so new elected Board members or appointed Board members are seated.
So the existing Board works through the meeting. At the end of the Board meeting then the new Board is seated and elects the Chair and the Vice Chair.
Bruce Tonkin: And appoints people to the committees and various other bits and pieces.
Marilyn Cade: So - and I’m sorry I was distracted for a minute. We were disappointed in the manner in which the decision was taken to not hold a Board meeting in Prague . We were disappointed when the Board met by themselves in a closed session and took the decision on something that had been out for public comment.
We were disappointed when the Chair, during the public comment period, tried to make a decision to remove something from the public comment agenda that the community had asked for.
So maybe we could talk about how we provide better input to make sure that the Board understands when we do expect things to be taken in the public comment discussion and the public forum. There's sufficient time for something besides new gTLDs, as important as they are. And that we have assurance that the Board understands we expect them to act in public even if they are only acting we expect them to act in public.
Okay? Do I - do you all agree with me?
Man: I think the public meeting is very important. It's very important. It's what we were speaking to earlier prior to getting here. The RAA discussion should not be going on in private. We're a public organization; it has to be transparent. Otherwise where can we pin ourselves and say we're on solid ground? And that's the problem.
If the Board's not having that public meeting, as painfully as it must be for the Board to sit there all day, it's got to be there so that we can see it; we can participate. We can see body language, we can pick up on nuances. Otherwise we don't know who's fighting our battles or not; who's rolling over on our battles that are important to our constituency or others from the - members of the community has to have input into that or a vision of that. Thank you.
Marilyn Cade: And...
Bill Smith: Yeah, Bill Smith, PayPal. So, yeah, I agree with Bruce, I mean, there needs to be some public session, okay, and some - I think some (unintelligible) discussion should occur (unintelligible). I'm speaking as PayPal now not as the BC.
I also think the Board needs to do (paramount) on its work outside of public (unintelligible), okay, in order to accomplish things, have discussions in advance and have positions going in, etcetera. And we would like to see the Board be far more decisive, take action.
An example for us would be the RAA. Our belief is - and we have submitted a comment on it, I don't think it ever made it to the site. We'll send it again. But basically ICANN the corporation should dictate the term of the service to the contracted parties. We can have discussions, we can have discussions in the organizations and (unintelligible) the input, etcetera. But in the end the Registrars and the Registries are service providers.
They're providing a service to the ICANN Corporation and also to the community. The terms should be dictated to them by and large. They should not be (unintelligible), okay, they should be fair. But they should be done in such a way that the community benefits. And I believe that is the intent.
But this drawn out process of getting to new terms where stuff that has been discussed in the community for decades, okay, to finally find its way into a contract that needs - we need to short circuit that somehow. We need to clean up a bunch of the stuff that has occurred, in my opinion, PayPal's opinion, understandably so, right, from 1998 on; 1998 (unintelligible), right, happens, yes, lots of accretion.
But it really is time to make a change and with this - the stuff that's going on at the ITU , which I am intimately involved with and fighting on a daily basis, okay. Now is the time to make some changes. We are looking to the Board, actually, to take some action, be more decisive. It won't be popular probably in the community but you'll certainly get our support, okay.
I will speak personally and corporately if the Board takes more positive action and gets, you know, things - basically gets things done (it) moves forward. So the standing still marking time, kicking the can down the road is not helping ICANN (at) ITU or other places or multistakeholders in general, okay.
And we believe very strongly in the approach. We are supportive of the organization, the entity, community but it does need to move forward. Ron - I don't know if you were here when Ron pointed out the committees that form, workgroups and then we can't reach consensus. That has to stop, okay. We have to find a way through that.
I happen to think that the style and nature of ICANN encourages and that. Don't know exactly solutions but we need to be able to form groups where problems are addressed, solutions arrived at in a timely manner not in years, okay. And tell you we, PayPal, will support positive change in that regard.
On the Whois stuff in particular I believe - firmly believe - and I think all the members of the Whois Review Team do as well - that the Board is taking this seriously (unintelligible).
My personal surprise in the, no doubt the GNSO, was well we've had all (unintelligible) lots of public comment. We got the input from those constituencies already. Going back out to the Council invites yet another possible review and time to argue.
And the team - the Review Team - is not available to take a look at that and to say wait a minute, we heard this, we took it into account. It went in the report this way. Here's why we did that.
The other thing is we're not looking to the Board necessarily to implement everything. I'm not - sorry, not the Review Team - this was the Review Team's opinion as well. We didn't expect the Board to implement; we expect the Board...
Bruce Tonkin: ...whether it's going to accept the recommendation or not, okay, with input however you want to get it. We believe you take it very seriously. I just wanted you to know we also took our charge very seriously to not go into
We've tried to stay away from that and even in recommendations tried not to go too far on some things because we felt it would be overstepping. But also the group - it took us a long time to be able to get together to work effectively as a group because of the nature of the topic, right; the fact that it was Whois and that it hasn't moved anywhere. And at the end of it we were all confident that we had come up with a good report, good recommendations and that we had found ways forward through some very thorny issues.
So well basically we did the best that we could from a very diverse group butting heads a lot and said, yeah, this really is something we all can agree on. We believe in these recommendations. And we'd like to see them move forward.
Now it's okay, right, we're not saying every one of them has to be done sort of as recommended. We understand that. But it is something we work very hard on taking input in the first groups, having real arguments and discussions over things. But this is - we can agree on this. This needs to happen. And having taken input from around the community. So it's - as Marilyn said these review teams - these reports are - the community views them as different from just a regular working group. And here's a suggestion; this is...
Marilyn Cade: And to follow on to Bill's excellent overview on that we are, at some point soon, going to be asked to put names forward for the next ATRT. If I expect to get people to spend the amount of time that Jeff Brueggeman spent on SSR and that Bill and Susan and (Len), (Len) is on the phone, spent on the Whois Review Team and they basically - I mean, they keep doing their real job for the constituency plus they take on what is practically a 50% workload. It is huge.
And they take on - we're only allowed one per SG so it means it's a huge negotiation. We, by the way, do not (accept) that the Council appoints them; the SGs put names forward. These people come from the SG with the endorsement of the SG.
Then they are - they go into a process where the CEO and President, so Fadi, and the Chair of the GAC make the final appointments. And then there are two or three independent experts.
I'm going - I'm going to be going out negotiating with two other constituencies to say, you know, we have the best candidates and that best candidate or candidates have already gone to their boss and said hey boss you ain't going to see me for X period of - and, I mean, it's this real immersion.
So if we're sending a message that the review team work is not special and unique then we're sending a message that is going to mean we can't give the best qualified people to it.
Bruce Tonkin: Yes, that's good, perfect. And the Board actually does treat the review teams as different so (unintelligible). And we understand it's part of the ATRT. But I think it does come back to a couple of points on process and committees and other things that you've mentioned.
About the only thing at ICANN that really runs to a tight timeline is the Nominating Committee because it has to actually produce the results by a certain date (unintelligible) in the year. A lot of the other processes are much more fluid, let's say.
And that's part of the problem and whether it's the GNSO - if you actually read the bylaws it's actually got quite a specific timelines which are never adhered to. And then if you take the example, the Whois report, I think partly the frustration you're getting there, Bill, is the time because you, as a group, went through a number of public comment processes and then it's gone to the Board. And I can't remember exactly when that is probably six months ago. And...
Bill Smith: Not quite.
Bruce Tonkin: ...then particularly - it probably would have been reasonable for the Board to say we want a response back from certain groups within 30 days and those groups know in advance that they're going to get that request, they should already be reviewing that and having the plan.
Because if they start from scratch, as many of them have and I know I'm a member of the Security Committee, for example, that tends to take them, you know, three to four months because they start from scratch and then they run their processes, which, you know, and then they come back with a response. So the whole thing adds another six months.
And then before you know it you're up to the point where you need to do another review of Whois because...
Bruce Tonkin: ...you've spent a year (unintelligible) the Board kicks the process off it's probably two years in by then and then you got a year left. And it's a little bit like that with the ATRT is that it takes a long time. And we're just finishing implementing some of the recommendations and we're just about to start the review again.
I think you haven't really - when the next review starts it's like the 3rd of January, they don't really have history because ideally you would have had two or three years worth of whatever the change was made to say whether that change had effects.
The reality is when the review team starts again they so well some of these things only just started. We don't even know whether they work yet.
Bill Smith: And that was actually one of my recommendation was getting, you know, do this basically, this study, on a regular basis in order to provide other - provide information to the next review team, right. Make sure that if it's going to happen make sure it happens fast because the next review team should have better data than we do. Yeah.
Bruce Tonkin: Yeah, and the Board - the recent Board resolution from last week on the Red Cross - because that's another thing that's drifted along. But I think part of we should have had an earlier meeting between the Board and the Council to be clear what the Board was asking because the Council seemed to focus on the top level in - well I don't know whether it was a working group or whatever it was - and really didn't address the second level which was actually what the Board was expecting.
Marilyn Cade: Right.
Bruce Tonkin: So after three months...
Marilyn Cade: We kept trying...
Bruce Tonkin: ...or whatever the period was the Board really got no input on the second level which is what we thought we were asking. And so in the latest resolution on that topic we basically said, you know, more or less telegraphed, I guess, where the Board's heading in that topic and then saying, you know, unless we hear before the 30th of January with strong reasons why we shouldn't proceed, you know, we're going to proceed.
Bill Smith: I think that may be something the Board could do on other things as well. Instead of asking - they were asking for input on certain things, going to - whoever - about say the Whois report basically say we received - this was received. It's been going on for a year and a half.
Is there anything else you need to tell us? Or is there anything you disagree with? That's it. And you have 30 days.
Marilyn Cade: So I'm...
Bill Smith: As opposed to saying well please go off and do this review and then give us info. I'm just suggesting that as a business we spend a year and a half doing something we're not going to sit around for another six months asking everybody else will could you review this that we spent a bunch of time on and give us your input that you already did. It's just way too much review. This is PayPal, not...
John Berard: Excuse me, this is John Berard. I wonder if I might...
Marilyn Cade: Sure, John.
John Berard: ...jump - yeah.
Marilyn Cade: ...and I’m going to go - let me go to John and then to Ron and then to Sarah. And then I'm going to ask Angie and Gabby if they have any comments or questions they would like to raise for Bruce and then I have a question. So, John, you're on.
John Berard: Sure, I apologize for not being in the room although it's probably good because you wouldn't see me glaring at you at this point. I do think that there's sort of a retrospective simplification with regard to Red Cross and IOC and NGO protections at the first level, second level.
I think that if you - that it really has followed a fairly open and clear process. And there was plenty of time for the Board to have said, no, no, no, that's not what we meant. I realize that the Council and the Board have not operated as smoothly as either of us would like. I hope that that can change in the future.
But, you know, one of the difficulties is that it's not just the relationship between the Board and the Council that dictates the relationship between the Board and the Council. There are, as ICANN changes, an increasing number of external forces that seem to be influencing the discussion.
And so I think that it would be prudent to talk about what the current environment is like as opposed to what the initiating environment was like, how we got from there to here. I realize I'm being probably more oblique and perhaps opaque.
But the fact of the matter is that I am confident that the Council has operated as the Council was designed to operate. It may be that that design needs to change and maybe that's part of the discussion with regard to structural changes in light of the new gTLD program.
But I don't think that it is as simple as you suggest in retrospect that the Council was negligent or slow in responding to the task set before it.
Marilyn Cade: Let me to go Ron and then to Sarah and then I'm going to go back to the conference bridge.
Ron Andruff: This is Ron Andruff. Bruce, you touched on something - and I just wanted to actually grab that thought because I think you're very aware of it. You just said it very clearly that now time has gone on from the time that the study took place until now we're supposed to have another review of it.
And there's a lot of things like that that are kind of cast in stone within ICANN. One of them coming up now is GNSO review. Well we don't know where we're at because we're still kind of working through it. We do know that there's problems with PDPs and working groups and we need to do some refinement.
But I think that this may be one of the things that the Board might want to have a look at in terms of how quickly the review process - some time ago we decided, you know, maybe five years ago or 10 years ago that they were going to do these reviews, you know, kind of regularly and make sure we're all constantly checking and improving the overall functioning of this thing called ICANN.
And therefore one will be the GNSO review, then we'll have Board reviews and all these reviews. What's happening is we're seeing now the length of time to actually do a review and then get some implementation elements in place. I'm part of the Standing Committee on Implementation so a lot of these little bugs that, you know, things that are considered and put into place when in actual fact when they're operational they're not quite working right.
So we come - our SCI steps up and says okay how do we address this? Do we need to address this? Or is this something that'll work itself out? But my point is that the time that was originally allowed between review processes in various elements of ICANN isn't quite long enough.
So, you know, now to the idea of considering whether the GNSO is actually operating effectively and do we need to revamp the GNSO this is not the time to do it. We've got too many moving parts with the gTLD program and all kinds of other things.
So maybe this is something that the Board - I'm not even sure in what area or who would pick this up but it's something to consider about putting back to the community the length of time between review process. As an example this SSR report just came back and everyone's kind of looking at it.
There was supposed to be some time to see how it would actually function, those elements, if there was some reality to, you know, the recommendations. But there is no time right now and now we have to start another one or the ATRT, I'm sorry.
Marilyn Cade: ATRT.
John Berard: Yeah, so we have to start another one. Maybe we should be delaying that a year just to allow the implementation to come in, the things that we found out. It was a good study, a lot of man hours, a lot of good thoughts. Let that critical thinking now be used for a year and then go back.
So maybe we need to make those modifications. I think to do another ATRT right now on top of the one we just did without having implemented the first one is kind of foolhardy. You know, we really - it's the same experience we need with new gTLD program. We need to actually get some out there, have the experience of it and then based on that start looking at next rounds.
And obviously that's a very hot topic but the reality is we need to have experience to see where the holes are in the Swiss cheese, plug those holes, correct what's not right and then, you know, bring it out again. So...
Bruce Tonkin: One of the first things there is you might want to have two different timeframes for process. In quite a few of the GNSO policies I remember when I was chairing the Council at the time we actually built into the policy I think a one-year review.
And what I don't think we've really thought about is how does that one year review happen? Like it is a fast review like take 30 days or something and get some feedback and improve or is it a really big heavyweight review like we currently have.
So I think what you saw of the GNSO process it was a heavyweight review. In fact it actually got reviewed about two or three times because within one year there was a (unintelligible) review I think then the GNSO did a self review and then there was a third external review.
And some of those, in effect, made some strategic changes. You know, the creation of the houses, the creation of the Non Commercial Stakeholder Group, etcetera. So they're almost like the (unintelligible) with strategic changes.
And then there was bits there saying, you know, we want to use the working group as a method of doing policy development work. But that working group has been in operation on the fly if you like. Maybe what we really want is a lighter weight review of that saying let's look at the working group, let's spend 30 days just looking at how the last two or three working groups went and what are some things that we can immediately implement.
So you have a much faster cycle on the smaller stuff and then a bigger cycle on the...
Marilyn Cade: ...it's Marilyn - that we should go back and say okay taskforces had assigned seats and then they could have observers. So each constituency could have two people or three. Limit the same number of votes. But you were responsible and accountable and there was balance.
That got blown up through the external review process so that what we wanted somehow was more voices but not more accountability. And I think we have to go back and say, you know, we've long looked at this and said you can have a wide process of taking comments, a narrow process and go back to a wide process.
But what we're doing right now, I mean, I think, you know, we could see immediate opportunities for improvements. And I'll give you an example that's only begun to be talked about between the Exec Comms of the constituencies.
I had a chance to mention this to you. It is really likely that next year these constituencies at an SG level need dedicated ICANN support to help them do drafting and research on initial opinions. It is just not feasible for us to rely only on volunteers.
And we don't have that support. The ALAC has it. They have three professional staff and wanted to have (unintelligible). The Registries and Registrars have liaison staff that are at the professional level. We haven't asked for it so I am not being critical of what hasn't been there.
I'm trying to lay out a challenge of how if we're going to support three times the number of participants from each of the constituencies we probably have - and that's a review might show what are you able to do yourself, what are the gaps, what do you need help with as opposed to let's restructure you. And I think that's one of the concerns that I hear Ron mentioning and others.
I know Sara wanted to ask a question and then I want to go to the conference bridge and then we're going to be...
Bruce Tonkin: ...in probably five minutes.
Marilyn Cade: Yes, so Sarah.
Sarah Deutsch:: Well I didn't have a question and I have a - it's not a concern it's just a related piece of information for the guests and out of town people. There's a tornado watch for this area until 7:00 pm .
Sarah Deutsch:: It's not a warning yet but...
Bruce Tonkin: That's not a question that's just...
Sarah Deutsch:: It's perfect for an ICANN discussion.
Sarah Deutsch:: And I wanted you to be safe.
Marilyn Cade: Do we have anyone on the phone who wants to make a comment to Bruce before we offer Bruce the last two minutes and wrap up? Bruce tells me that his favorite interactions are with the community.
Man: Broadly defined.
Marilyn Cade: Do you want to say something?
Bruce Tonkin: No I'll hand it to you to sum up.
Marilyn Cade: Okay. Well first of all let us thank you for coming and also thank you and we'll make sure that we express our appreciation to Bill as well. The two of you always make time to hear from the community; not just us but others. I think that's a really important opportunity so that it's not, you know, the Board knows the face and the views of a wide number of the members of the community.
So I think that's a really important resource to the Board. So you can have the formal opinions but it's good to have the non-homogenized opinions as well. And thank you for making the extra time to do that.
This, as I said, has been something of a working session for us. We did not touch on a topic that I'll just summarize. We do have a position on the idea of what is - what impact does the new gTLD program have on the GNSO.
I think our page and a half summarizes that. We think ICANN has far more to do than just introduce new gTLDs. And I will say personally I felt sometimes that 90% of the air in every room in every meeting has been taken up by new gTLDs. And I hope we can - with the Board's help and the new leadership - get back to a broader perspective which is really important for this organization and the organization's survival and success.
And with that I'll just hand out a couple of drawings that embody the importance of understanding how ICANN fits into the larger picture. I have more copies of that for anyone who doesn't get it.
Bruce Tonkin: Might need an A3 sheet for that.
Marilyn Cade: But I think the bottom drawing illustrates, you know, the Internet, as Bill said earlier - Bill Smith said earlier - the Internet is on everybody's agenda. And ICANN, as part of this, is on everybody's agenda. We fight the battles in the rest of the world.
And we would like ICANN to do a better job of working with us and not doing things all on their own but using the resources particularly of the Business community that are very, very heavily involved in some cases with many of these organizations and has a very broad reach.
So, you know, do count on us for being really interested in dealing with the external threats that ICANN is experiencing while we are calling for internal improvements and dealing with internal risk.
Thank you very much for coming.
Bruce Tonkin: You're welcome.
Marilyn Cade: And let me thank all of you on the phone and those of you in the room and we are adjourned. The transcript will be available on our wiki. And we'll make sure we send it out to all of the guests who participated so you also have the PowerPoint.