The Annual General Meeting ICANN60, with around 1,900 participants, took place this year from 28 October to 3 November in Abu Dhabi. Anyone who thought that the ICANN Community would simply resume their normal business after the successful IANA transition has been proven wrong.
One of the topics that determined the agenda-setting in all Supporting Organizations and Advisory Committees was the EU General Data Protection Regulation (GDPR), which will come into effect on 25 May 2018.
General Data Protection Regulation
Ultimately, from May 2018 the GDPR will also apply for all companies that have their headquarters outside of the European Union, but process the personal data of EU citizens. Alongside the Internet Corporation for Assigned Names and Numbers (ICANN) itself, registries, registrars, and resellers, in particular, will be subject to the GDPR. And violations will be taken to a new level in future: The GDPR makes provisions for fines of up to 20 million Euro or 4% of global turnover.
For the domain industry, the publicly searchable WHOIS database is especially problematic from the perspective of the GDPR. But the requirements of the GDPR go much further. All current steps taken in data processing, from collection through to deletion, need to be scrutinized.
GDPR Domain Industry Playbook
Despite this, ICANN has been quite inert regarding implementation of the GDPR in the domain industry. But time is running out. As a result, during the meeting in Abu Dhabi, the eco Association announced that they are working on a comprehensive solution that will support the entire sector.
With the forthcoming “GDPR Domain Industry Playbook,” eco has stepped forward to facilitate the legally compliant processing of personal data for all parties. Nonetheless, departures from the current ICANN requirements for dealing with data will inevitably lead to breach of contract, so that providers have the choice of risking sanctions from the supervisory authorities or from ICANN itself.
Therefore, the objective is both to ensure compliance with the GDPR and to minimize the risk of being sanctioned by ICANN for violations of their contracts. The “GDPR Domain Industry Playbook” will offer practical guidelines for the implementation of the GDPR for the domain industry.
As a first step, the authors at eco are developing a clean data model. In the end, the implementation of the GDPR is not simply limited to the publication of domain registrants’ in WHOIS, but goes much further. It also includes both data transfers to the USA to Escrow Services or the emergency backend operator, as required for security purposes, and a clarification of the role of the domain resellers, who have no direct contractual relationship with ICANN.
In Abu Dhabi, not only the Registries Stakeholder Group (RySG) and the Registrar Stakeholder Group (RrSG), but also further community members signaled their support of eco’s initiative.
The current status of the development of the “GDPR Domain Industry Playbook” will be updated soon on the eco Names & Numbers Forum website:
ICANN joins in
Against the backdrop of the described risk of violating their ICANN contracts for the WHOIS data collection, a risk that registries and registrars face with the GDPR when it comes into effect in May 2018, ICANN CEO Göran Marby announced that ICANN would initially abstain from penalties for such violations. After all, a number of registrars made it clear during the meeting that, if in doubt, they would always comply with national law.
Despite this, the contracts with ICANN should not be completely disregarded. Those who wish to completely bypass WHOIS, according to Marby, will need to deal with ICANN. Ultimately, ICANN wishes to retain WHOIS. ICANN itself is planning over the coming months to present to the community three models of how the GDPR and the WHOIS requirements could be harmonized.
CCWG Accountability / Jurisdiction Debate
On the Friday before the official start of the ICANN Meeting, a day-long meeting of the CCWG Accountability took place, in which the work of the so-called Work Stream 2 was driven forward. The work is on schedule, so that it seems feasible that the work will be concluded by mid-2018, as planned. A good deal of space was dedicated to the topic of “Jurisdiction,” both in the CCWG Meeting and in the course of the specially designated panel discussion later in the week. For several governments, the CCWG proposals in this area do not go far enough. They would have preferred at least the aim of complete or partial immunity for the organization, if not the immediate relocation of ICANN outside of the USA.
ISPCP Outreach Event
The Internet Service Providers and Connectivity Providers Constituency (ISPCP) avail of the Annual General Meeting every year to organize an outreach event, to which the local community of the host country is invited, in order to provide information on its own work and the work of ICANN.
The event in Abu Dhabi took place on 29 October, with the title “Crossroads of Connectivity: Navigating the Middle East’s Digital Future”. More than 70 participants spent the entire afternoon discussing the topics “What Trends Are Shaping the Middle East’s Digital Future?” and “Embracing Technical Impacts in a Time of Rapid Change”.
The first panel, moderated by Baher Esmat, VP Stakeholder Engagement Middle East at ICANN, included Shady Saeed, Director IoT Partners and Channels at Etisalat; Lars Steffen, eco – Association of the Internet Industry for DE-CIX Management GmbH; and Anthony Harris, Executive Director of CABASE. The panel discussed the challenges for Internet infrastructure, when – through the Internet of Things – more and more connected objects result in ever-greater data streams.
In the second panel, experts discussed how new technical standards for the Domain Name System and other systems are developed. The panel included Salam Yamout, Regional Director Middle East at ISOC; Sarmad Hussain, IDN Programs Director and Roy Arends, Principal Research Scientist, both from ICANN; Edmon Chung, CEO at DotAsia; and Mark Svancarek, Principal Program Manager at Microsoft.
On 30 October, the Public Meeting of the ISPCP took place, in which, among other speakers, Thomas Rickert presented both the current status of the CCWG Accountability and the discussion around the GDPR. Lars Steffen reported on the previously-held Universal Acceptance Steering Group workshop.
ISPCP offers support for KSK Rollover
The postponing of the Root Zone Key Signing Key (KSK) Rollover, which should have taken place on 11 October, was discussed in Abu Dhabi with the Board and ICANN experts. The Rollover is generally an automatic process initiated by ICANN, in which a new pair of cryptographic keys are generated and the public key is shared with the DNSSEC validation resolvers. However, the validation of the affected resolvers carried out in advance demonstrated that a large number of Internet Service Providers (ISPs) were not yet technically prepared. The ISPCP offered support in the resulting necessary communication with the ISPs.
The day-long Universal Acceptance Steering Group (UASG) workshop took place on 26 October. The group presented their newest papers, "Evaluation of UA Readiness of Popular Websites" and "Universal Acceptance of Popular Browsers". In these tests, Microsoft‘s Internet Explorer showed itself to be the best browser when it comes to processing new Top-Level Domains and addresses in Unicode correctly and without errors. Of the more than 750 websites examined, still a mere 7% allow all scripts in web forms. Corresponding evaluations on the topics of Linkification and EAI Acceptance in Software are still in process and are expected to be presented at ICANN61 in San Juan.
In the context of the budgeting for 2018, the communication strategy for the next year was also discussed. After the generation of a range of documentation and informative papers in recent months, these should now be disseminated to the target group of the UASG, through strengthened participation in conferences and other activities – such as targeted mailings to CIOs. The global activities will be flanked both by local initiatives in China, India, Ireland, Germany, etc., and by the existing program of informing other industry associations on the topic of Universal Acceptance.
There was intense discussion on the suggestion concerning whether the UASG should officially recommend a downgrading process for EAI mailboxes. It was determined that the IETF could not offer any guaranteed automatic downgrading function for the transition between already EAI capable mail servers and stragglers.
The UASG will therefore not recommend the following process as a Best Practice, but at least as Good Practice for the downgrading: When setting up the mailbox, the EAI mailbox provider establishes both an EAI address and an ASCII-Alias. The ASCII alias has a display name that corresponds to the EAI address. When a non-EAI-compatible email system is found, the EAI-MTA with the ASCII alias name and the display name is reset. The ASCII alias should not lead to a Punycode conversion of the mailbox name, as the bi-directional equivalence cannot be guaranteed.
Emotional discussion about .amazon
An additional session at the ICANN meeting in Abu Dhabi was that on the allocation of the Top-Level Domain .amazon, in which the applicant Amazon was given the possibility to discuss the issue publicly with the Governmental Advisory Committee (GAC).
The background to this was the already 4-year long fight regarding the allocation of the Top-Level Domain (TLD). A range of experts actually see the retailer as being in the right – after all, they kept to all the guidelines for the application of their own TLD and would not cause damage to the Amazonian states, according to the arbiter. However, ICANN had yielded to the pressure exerted by the GAC in the application process, which had positioned itself clearly against the allocation.
At this ICANN meeting, Amazon presented the eight Amazonian states with the suggestion of supporting them in their applications for .amazonas, .amazonia and .amazonica. This suggestion was, however, clearly rejected by the states in question. The reactions of Brazil and Peru in particular, but also those of other government representatives, was made perfectly clear. Amazon announced that it would continue to seek a dialog, before considering taking legal action.
Farewell to Steve Crocker
Steve Crocker, one of the very first Internet pioneers and author of the first Request for Comments (RFC 1), stood down from his position as Chair of the Board at the ICANN Meeting in Abu Dhabi, and handed over the reins to Cherine Chalaby. A reception was given in honor of Steve Crocker on the second evening of the official conference for the ICANN Community. Chalaby joined the ICANN Board in 2010, after working for Accenture for 28 years.
Denic & eco hosted the German Night
DENIC and eco were of course proud that, two days earlier, Cherine Chalaby had accepted eco’s invitation to the German Night, in order to discuss his goals for his term with the community of the two hosts.
eco Names & Numbers Steering Committee
In Abu Dhabi, the first Face-2-Face Meeting of the eco Names & Numbers Steering Committee also took place. The committee was established at the beginning of the year. The 16 members represent all areas of the domain industry. These include, for example, representatives of Country-Code Top-Level Domains (ccTLDs), and legacy and new Generic Top-Level Domains, as well as registrars, technical service providers, consultants, and secondary market operators.
The members advise and steer the Working Group Names & Numbers and provide impetus and feedback on current association work. At ICANN60, the “GDPR Domain Industry Playbook” was intensively discussed. Alongside regular telephone conferences, the Steering Committee will also make use of future ICANN meetings for personal exchanges.
The next ICANN Meeting will take place from 10 to 15 March 2018 in San Juan. The meeting website and registration are now online here: https://meetings.icann.org/en/sanjuan61
Where was eco active for its members?
- chaired the CCWG Accountability face to face meeting
- chaired the working session of the RCRC reconvened PDP WG
- moderated the Cross-Community Session: Community Feedback on Concluding CCWG-Accountability-WS2
- was a panelist in the Cross-Community Session: Operating Standards for Specific Reviews
- gave a GDPR and CCWG Acct presentation for the ISPCP
- moderated the Cross-Community Session: General Data Protection Regulation (GDPR) Implications for ICANN
- moderated the Cross-Community Session: Jurisdictional Challenges for ICANN
- visited the closed DNA Member Breakfast Meeting
- chaired the ISPCP closed meeting
- chaired the ISPCP open meeting
- moderated the ISPCP outreach event
- participated in the GNSO Council Meetings and presented a report on the GNSO review implementation
- co-moderated the CSG Session with the ICANN Board
- presented the ISPCP with the ICANN fellowship
- chaired the Community Outreach Session in the UASG workshop
- was panelist in “Crossroads of Connectivity: Navigating the Middle East’s Digital Future” in the ISPCP outreach event
- gave the communications update in the UASG Status Update to the Community
- gave a UASG Presentation for the ISPCP
- visited the closed DNA Member Breakfast Meeting