SoylentNews

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Red Alert: ICANN and Verisign Proposal Would Allow Any Government In The World To Seize Domain Names [freespeech.com]:

ICANN [icann.org], the organization that regulates global domain name policy, and Verisign [verisign.com], the abusive monopolist that operates the .COM and .NET top-level domains, have quietly proposed enormous changes to global domain name policy in their recently published “Proposed Renewal of the Registry Agreement for .NET”, which is now open for public comment [icann.org].

Either by design, or unintentionally, they’ve proposed allowing any government in the world to cancel, redirect, or transfer to their control applicable domain names! This is an outrageous and dangerous proposal that must be stopped. While this proposal is currently only for .NET domain names, presumably they would want to also apply it to other extensions like .COM as those contracts come up for renewal.

The offending text can be found buried in an Appendix of the proposed new registry agreement. Using the “redline” version of the proposed agreement [icann.org] (which is useful for quickly seeing what has changed compared with the current agreement), the critical changes can be found in Section 2.7 of Appendix 8, on pages 147-148. (the blue text represents new language) Below is a screenshot of that section:

Section 2.7(b)(i) is new and problematic on its own (and I’ll analyze that in more detail in a future blog post – there are other things wrong with this proposed agreement, but I’m starting off with the worst aspect). However, carefully examine the new text in Section 2.7(b)(ii) on page 148 of the redline document.

It would allow Verisign, via the new text in 2.7(b)(ii)(5), to:

” deny, cancel, redirect or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion” [the language at the beginning of 2.7(b)(ii), emphasis added]

Then it lists when it can take the above measures. The first 3 are non-controversial (and already exist, as they’re not in blue text). The 4th is new, relating to security, and might be abused by Verisign. But, look at the 5th item! I was shocked to see this new language:

“(5) to ensure compliance with applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction,” [emphasis added]

This text has a plain and simple meaning — they propose  to allow “any government“, “any administrative authority”  and “any government authority” and “court[s] of competent jurisdiction” to deny, cancel, redirect, or transfer any domain name registration (as I noted above, this is currently proposed  for .NET, but if not rejected immediately with extreme prejudice, it could also find its way into other registry agreements like .COM which the abusive monopolist Verisign manages).

You don’t have to be ICANN’s fiercest critic [freespeech.com] to see that this is arguably the most dangerous language ever inserted into an ICANN agreement.

“Any government” means what it says, so that means China, Russia, Iran, Turkey,  the Pitcain Islands [wikipedia.org], Tuvalu, the State of Texas, the State of California, the City of Detroit,  a village of 100 people with a local council in Botswana, or literally “any government” whether it be state, local, or national. We’re talking about countless numbers of “governments” in the world (you’d have to add up all the cities, towns, states, provinces and nations, for starers). If that wasn’t bad enough, their proposal adds “any administrative authority” and “any government authority” (i.e.  government bureaucrats in any jurisdiction in the world) that would be empowered to “deny, cancel, redirect or transfer” domain names.  [The new text about “court of competent jurisdiction” is also probematic, as it would  override determinations that would be made by registrars via the agreements that domain name registrants have with their registrars.]

This proposal represents a complete government takeover of domain names, with no due process protections for registrants. It would usurp the role of registrars, making governments go directly to Verisign (or any other registry that adopts similar language) to achieve anything they desired. It literally overturns more than two decades of global domain name policy.

ICANN policy is supposed to be determined through an open and transparent multistakeholder process through the GNSO [icann.org] (Generic Names Supporting Organization), which has representatives from non-commercial organizations, registrars, registries, businesses, and other stakeholders. It is not supposed to be determined through bilateral private and opaque negotiations between ICANN staff and Verisign.

Let me provide a few examples of what the “new world order” for domain names would be under the world envisioned by ICANN staff and Verisign:

1. The government of China orders domain names operating websites that are critical of its policies to be suspended (or simply transferred to the Chinese government).
2. The government of Russia, at war with Ukraine, orders the transfer of pro-Ukrainian domain names to the control of the Russian government.
3. The government of Ukraine, at war with Russia, orders the transfer of pro-Russian domain names to the control of the Ukrainian government.
4. The government of Texas orders pro-abortion domain names to be transferred to the Texas government.
5.  The Taliban government in Afghanistan orders pro-abortion domain names, and those promoting education for girls, to be transferred to the government.
6.  The government of Iran orders all domain names around the world with “adult” content (i.e. pornography) to be transferred to the Iranian government.
7. The  government of Tuvalu, (which already licenses the .TV registry in order to raise funding) facing an economic crisis due to climate changes, orders that every 2-letter, 3-letter, and one-word dot-net be transferred to the Tuvalu government, in order to auction off the domain names to raise new funding for themselves.
8. A government in Argentina launches a new program whose name happens to be identical to the domain name owned by a French company for the past 25 years. The government of Argentina orders that the domain name be transferred to them, without compensation for the expropriation.
9. The government of Italy is upset about a social media company operating from China, and orders that the Chinese company’s domain name be transferred to the Italian government.
10. The UK government is upset that software published by a Swedish company has end-to-end encryption. It orders the domain name of the Swedish company be transferred to the UK government.

I’m sure readers can come up with their own examples of what would happen if governments are able to censor or seize domain names they don’t like or expropriate domain names that they covet, without due process for registrants.

Now, you might be thinking “Hey, I don’t live in or have any connection to China, Russia, or Afghanistan — those governments have no jurisdiction over me.” That’s how things are at present. ICANN and Verisign propose to overturn centuries of legal debate over the nature of liability across jurisdictions with their outrageous proposal

Next, you might be thinking “If they take my domain, I will sue Verisign, ICANN, or my registrar.” However, that would be quite difficult, given that the one-sided registrar agreements forced upon us by ICANN prevents that! (one might get sympathy from courts, if they’re deemed to be unconscionable “contracts of adhesion”).

Using the red-line agreement [icann.org] again, section 2.7(b)(iii) of Appendix 8 (page 148, literally below the screenshot above!) contains the following text:

“a provision requiring the Registered Name Holder to
indemnify, defend and hold harmless Verisign and its subcontractors, and its and their directors, officers, employees, agents, and affiliates from and against any and all claims, damages, liabilities, costs and expenses, including reasonable legal fees and expenses arising out of or relating to, for any reason whatsoever, the Registered Name Holder’s domain name registration. The registration agreement shall further require that this indemnification obligation survive the termination or
expiration of the registration agreement.” [emphasis added]

Verisign, ICANN, and registrars want to be immune from liability, and thus your registration agreement with your registrar contains one-sided terms which protect Verisign, ICANN and registrars.

Next, you might think “If a government in China, Russia, or Iran, or anywhere else takes my domain name, I will get a lawyer and sue them in my country’s court system!”

Unfortunately, that is also going to be very problematic, because of the notion of “sovereign immunity [wikipedia.org]” which generally makes it nearly impossible to start an action against a foreign government outside the courts of their own nation. We saw this in the context of domain names when the US Supreme Court would not allow the dispute over the France.com domain name to be heard in US courts [reuters.com]. If the Iranian government took your domain, you’d have to go to the courts of Iran to seek relief. If the Chinese government took your domain, you’d have to go to the courts of China for justice, and so on. This is why I was so opposed to the proposal relating to IGOs, which would also harm domain name owners’ rights to have disputes decided by courts, due to alleged IGO immunity. [see my extensive analysis of that sham policy change [freespeech.com],  which is now before the ICANN Board, which will likely rubberstamp it, throwing registrants under the bus].

This proposal is even more egregious because domain name registrars take a very thoughtful and  nuanced approach to jurisdiction, in order to protect the due process rights of registrants. My company is based in Toronto, Ontario, Canada, and all my company’s domain names are registered with Tucows/OpenSRS [opensrs.com]. I would expect that if Tucows/OpenSRS was approached by the government of Iran, China, Russia, etc. about one of my company’s domain names, they’d be told to take their dispute to an Ontario court, particularly given that domain names are property in Ontario, Canada [iposgoode.ca].

Indeed, there is an active dispute between various registrars and the government of India [namepros.com], because those registrars (including Tucows, Dynadot, NameCheap) insist that plaintiffs get US court orders to takedown various sites. Those registrars are even facing being blocked by ISPs in India, in order to protect the rights of registrants to due process in their own jurisdiction and national courts.

ICANN staff and Verisign are trying to sneak through this major policy change which has enormous negative implications for domain name rights without any serious debate. If you re-read the announcement page [icann.org] for the public comment period, it appears to simply be a routine renewal. Here’s a screenshot of what ICANN staff claims are the “key provisions” that are “materially different” from the current agreement.

Did ICANN staff highlight the enormous negative ramifications that I’ve pointed out in this article? Of course not! Instead, they bury major policy changes in an appendix near the end of a document that is over 100 pages long (133 pages long for the “clean” version of the document; 181 pages for the “redline” version). I’ve been ICANN’s fiercest critic (and Verisign’s too!) for two decades (see pages 4-5 of a recent comment submission [freespeech.com] which lists some of the “highlights”, including sounding the alarm over tiered pricing, SiteFinder, etc.) When I saw the ICANN summary, it seemed at first glance like a routine renewal with no big changes. But, I had some time on the weekend to go through the redline version and was astonished at the changes.

ICANN and Verisign appear to have deliberately timed the comment period to avoid public scrutiny.  The public comment period opened on April 13, 2023, and is scheduled to end (currently) on May 25, 2023. However, the ICANN76 public meeting was held between March 11 and March 16, 2023, and the ICANN77 public meeting will be held between June 12 and June 15, 2023 [icann.org]. Thus, they published the proposal only after the ICANN76 public meeting had ended (where we could have asked ICANN staff and the board questions about the proposal), and seek to end the public comment period before ICANN77 begins. This is likely not by chance, but by design.

Few others would have noticed what’s going on, so once again I’m sounding the alarm.

What can you do? You can submit a public comment [icann.org], showing your opposition to the changes, and/or asking for more time to analyze the proposal. [there are other things wrong with the proposed agreement, e.g. all of Appendix 11 (which takes language from new gTLD agreements, which are entirely different from legacy gTLDs like .com/net/org); section 2.14 of Appendix 8 further protects Verisign, via the new language (page 151 of the redline document); section 6.3 of Appendix 8, on page 158 of the redline, seeks to protect Verisign from losing the contract in the event of a cyberattack that disrupts operations — however, we are already paying above market rates for .net (and .com) domain names, arguably because Verisign tells others that they have high expenses in order to keep 100% uptime even in the face of attacks; this new language allows them to degrade service, with no reduction in fees).

You can also contact your registrar, so that they are encouraged to voice their opposition to this proposed agreement.  You can also blog about this, or participate on message boards to educate and inform other domain name owners about the great dangers should this proposed agreement be adopted unchanged, so that they too can submit comments opposing the proposed agreement. You can also follow me on Twitter [twitter.com] for further updates.

Verisign is an abusive monopolist. They’re already getting guaranteed 10% permitted annual registry fee increases, due to past weak negotiations by ICANN. The management of the .NET (and .COM) TLDs should be put out to a competitive public tender.

In the alternative, ICANN and Verisign should simply renew the existing contract with absolutely no changes.

I will be writing to the ICANN Board [icann.org] to express my concerns, and asking for at least an extension of the comment period. ICANN staff should also hold a public webinar where they can explain these changes.

As I noted earlier, these changes are either (i) by design, or (ii) unintentional. If by design, the ICANN staff who negotiated this agreement, which attacks  registrars, registrants and usurps the role of the GNSO, should be removed from their position. Such a dangerous proposal to give governments unprecedented powers over domain names should not have seen the light of day if ICANN staff were true custodians of the domain name system. If instead these proposed changes are unintentional, then the ICANN staff (including any external lawyers reviewing their work) are grossly incompetent to put forth a document that they didn’t understand. Gross incompetence should lead to immediate dismissal. It’s time to hold ICANN’s staff, and ICANN’s board accountable for this sloppy proposal that they’re attempting to sneak through to the detriment of domain name owners. Someone has to take the fall for this unprecedented attack on the rights of domain name owners.

Update #1: I’ve submitted a “placeholder” comment to ICANN [icann.org], to get the ball rolling.  There’s also a thread on NamePros.com [namepros.com] about this topic, if you had questions, etc.

all-hands-on-deck dept.

Proposed Renewal of the Registry Agreement for .NET [icann.org]:

What We Need Your Input On

ICANN organization is posting for Public Comment the proposed agreement for renewal of the 2017 .NET Registry Agreement (.NET RA), set to expire on 30 June 2023. The renewal proposal is a result of bilateral discussions between ICANN and VeriSign, Inc. (Verisign), the Registry Operator for the .NET and .COM TLDs.

The proposed renewal agreement for the .NET Registry Agreement (.NET Renewal RA) is based on the current .NET RA [icann.org] with proposed modifications, including the incorporation of some provisions from the Amendment 3 to the .COM Registry Agreement [icann.org] and from the 2023 Global Amendment [icann.org] to the Base gTLD Registry Agreement (Base RA) which was recently approved by the generic top-level domain (gTLD) registries and is currently pending review by the ICANN Board of Directors.

Below is a summary of key provisions in the proposed .NET Renewal RA that are materially different from the current .NET RA:

• The proposed .NET Renewal RA incorporates certain contractual obligations from the 2023 Global Amendment including:
  • A requirement to comply with the gTLD Registration Data Access Protocol (RDAP) Profile [icann.org],
  • The plan to sunset certain requirements to provide Registration Data Directory Services (RDDS) via the WHOIS protocols on a date aligned with the WHOIS Sunset Date set forth in the 2023 Global Amendment,
  • Updated definitions for RDDS related terms,
  • Updated reporting requirements that include changes to address the advice from the ICANN Security and Stability Advisory Committee in SAC097 [icann.org] related to inconsistent reporting of RDDS queries,
  • Service Level Requirements for RDAP availability, round-trip time, and update time,
  • Updates to Uniform Resource Locator (URL) web addresses in the RA and miscellaneous changes (e.g., URLs updated to “https” from “http”) to address outdated links.
  • Adjustments to the allowable uses by ICANN of the Bulk Registration Data Access (BRDA) to include research purposes.
• Commitments related to combating DNS security threats similar to those in the Base RA’s Specification 11, Sections 3A and 3B.

Please know that the attached Redline of the Proposed .NET Renewal Registry Agreement to the 2017 .NET Registry Agreement reflects not only the changes noted above but also revisions that were made as part of Amendment 1 to the .NET RA and as part of 2022 revisions to Verisign’s RRA which is incorporated into the RA.

In addition to the proposed renewal agreement, ICANN and Verisign propose to amend the binding Letter of Intent [icann.org] (LOI) dated 27 March 2020 for two purposes.

1. To extend the commitment by Verisign to adopt enhanced contractual provisions addressing security threats (which includes the ongoing DNS Abuse negotiations [icann.org]) into the .NET RA, as already provided for in the LOI for the .COM RA.
2. To add an agreement that the parties develop mutually agreed upon requirements appropriate for the .COM and .NET TLDs for reporting security incidents to ICANN. This is based on recommendations by the Security and Stability Advisory Committee (SSAC) in its 3 November 2015 Advisory (SAC074 [icann.org]) which were approved [icann.org] by the ICANN Board in February 2018.

Proposals For Your Input Redline of the Proposed .NET Renewal Registry Agreement to the 2017 .NET Registry Agreement (pdf, 1.34 MB) Proposed .NET Renewal Registry Agreement (pdf, 1.16 MB) Proposed First Amendment to the Letter of Intent between ICANN and Verisign (pdf, 116.12 KB)

Original Submission