1. 1 ICANN Update by Mike Rodenbaugh Councilor, Generic Names S.O. Officer, Business Constituency 29 October 2007

2. What is ICANN? Internet Corporation for Assigned Names & Numbers

3. 3 ICANN mission statement To coordinate, overall, the global Internet's system of unique identifiers, and to ensure stable and secure operation of the Internet's unique identifier systems. In particular, ICANN coordinates: 1.Allocation and assignment of the three sets of unique identifiers for the Internet: Domain names (forming a system called the DNS) Internet protocol (IP) addresses and autonomous system (AS) numbers Protocol port and parameter numbers 2.Operation and evolution of the DNS root name server system 3.Policy development reasonably and appropriately related to these technical functions

4. ICANN Org Chart

5. Issues Important to Businesses New Top-Level Domains (TLDs), including Internationalized Domain Names (IDNs) WHOIS information IP Rights Protection Mechanisms Domain Tasting Registrar Accreditation Agreement IPv4 … IPv6 “GNSO Reform”

6. 6 New Top Level Domains: Projected Implementation Timeline gTLD Consensus Policy Approved – est. Q4 2007 Draft RFP Posted – est. Q2 2008 Final RFP Approved – est. early Q3 2008 First Round Implementation: Communications & RFP launch Applications Accepted – est. early Q4 2008 Successful TLD Applications Approved – est. Q1 2009

7. Session 27 Recommendation 2 Strings must not be confusingly similar to an existing top-level domain or a Reserved Name. Rationale: A confusingly similar string could cause technical or consumer confusion. Implementation Considerations: – A string that resembles another string is not necessarily confusingly similar. – Staff is exploring various options for implementation of this recommendation, including: The application of an algorithm that provides guidance on which TLD strings are considered to be confusingly similar Providing a capability for formal objection to be filed to an application by a third party on the grounds that the proposed gTLD is confusingly similar to an existing TLD.

8. Session 38 Recommendation 3 Strings must not infringe the existing legal rights of others that are recognized or enforceable under generally accepted and internationally recognized principles of law. Examples of sources of legal rights include: – The Paris Convention for the Protection of Industrial Property (in particular trademark rights) – The Universal Declaration of Human Rights (UDHR) – The International Covenant on Civil and Political Rights (ICCPR) (in particular freedom of expression rights)

9. Session 39 Recommendation 3 (Cont’d) Procedure: A party holding rights that it believes would be harmed may file an objection to a proposed gTLD. Key criterion: Legal rights must be recognized or enforceable under generally accepted and internationally recognized principles of law.

10. Session 310 Recommendation 12 Dispute resolution and challenge processes must be established prior to the start of the process. It is important that all aspects of the application process be known before applications for new gTLDs are prepared and submitted. Dispute resolution and challenge are intended to address two types of situations: 1.The filing of an objection against an application on certain specific grounds developed from the GNSO’s recommendations 2.When two or more applicants are vying for the same or confusingly similar new gTLD (“contention resolution”).

11. Session 311 Recommendation 12 (Cont’d) Specific grounds from the GNSO recommendations: Confusingly similar strings (Recommendation 2) Legal rights of others (Recommendation 3) Morality & public order (Recommendation 6) Community opposition (Recommendation 20) The procedures, standing and criteria for assessment need to be developed, and ICANN Staff has begun this process in consultation with outside counsel and other experts.

12. My Name, My Language, My Internet: IDN Test Goes Live October 15: ICANN launches global test of Internationalized Domain Names – “.test” in 11 languages… العربية 简体中文 繁體中文 Ελληνικά हिन्दी 日本語العربية 简体中文 繁體中文Ελληνικά हिन्दी 日本語 한국어 فارسی Русский ייִדיש தமிழ் 한국어 فارسیРусский ייִדיש தமிழ் Internet users around the globe can now access wiki pages with the domain name example.test in the 11 test languages -- Arabic, Persian, Chinese (simplified and traditional), Russian, Hindi, Greek, Korean, Yiddish, Japanese and Tamil. The wikis will allow Internet users to establish their own subpages with their own names in their own language -- one suggestion is: example.test/yourname. http://idn.icann.org

13. What is WHOIS? Whois is a publicly- accessible database containing contact information of website owners. Registrant for JOE6PK.COM Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado 80206 United States Administrative Contact: Joseph Q. Paquette joe@joe6pk.com 1787 St. Paul St. Denver, Colorado 80206 1-303-245-4567 Technical Contact: Domains R Us info@domainsRus.com 123 Main St Los Angeles, CA 85000 1-480-555-1000 United States ICANN contracts require collection and public access to Whois data.

14. WHOIS info is vital Shows ownership information for domains Includes complete contact information Available to any Internet user Used by businesses to verify customers Used by IP and law enforcement to protect brands and prevent consumer fraud Provides accountability

15. Registrant for JOE6PK.COM Joseph Q. Paquette 1787 St. Paul St. Denver, Colorado 80206 United States Administrative Contact: Joseph Q. Paquette joe@joe6pk.com 1787 St. Paul St. Denver, Colorado 80206 1-303-245-4567 Technical Contact: Domains R Us info@domainsRus.com 123 Main St Los Angeles, CA 85000 1-480-555-1000 United States What happens to Whois under the Operational Point of Contact (OPoC) Proposal? Operational Point of Contact OPoC could be anyone: Corporate IT department Domain portfolio manager Registrant Registrar Third parties and proxy services 5

16. WHOIS and Spam16 Can registries and registrars help mitigate automated email address collection? Registries and registrars offer services to protect registrant email addresses from automated collection via query-based WHOIS services – CAPTCHA – Rate limiting – Anti-scripting techniques – Other measures SSAC calls these measures Protected-WHOIS

17. WHOIS and Spam17 Can registries and registrars help mitigate abuses of email addresses? Registries and registrars offer services to protect available email addresses from display and abuses – Email address substitution – Spam and antivirus filtering Customer chooses to have a 3rd party listed as the registrant, other customers obtain a forwarding email address SSAC calls such measures Delegated-WHOIS

18. WHOIS and Spam18 Comparison of Results For an email address that is not published anywhere other than the WHOIS 1.Unprotected registrant email addresses received significant amounts of spam. 2.Registrant email addresses protected by protected-WHOIS may achieve two orders of magnitude better defense against spam. 3.Registrant email addresses protected by achieve three orders of magnitude better defense against spam. 4.Registrant email addresses protected by Protected-WHOIS and Delegated-WHOIS may achieve close to four orders of magnitude better defense against spam.

19. Next Steps: Studies GAC and BC have each requested studies of WHOIS data to determine if there is a problem, and whether ongoing market remedies are solving the problem SSAC has concluded that registrar/registry solutions can almost eliminate spam caused by WHOIS harvesting, so what is the problem with WHOIS?

20. IP Rights Protection Mechanisms Cybersquatting and Phishing is too quick and easy, and remedies are too expensive and slow Policy Development is needed to fix this Potential options: – Standardized Sunrise Registration Process – Faster and cheaper UDRP, with rapid DNS suspension upon default – Rapid DNS suspension upon evidence of phishing or malware (to be tested in dotAsia?) – Provisional registrations to mitigate costs of domain inventory

21. Domain Tasting Abuse of 5-day Add-Grace Period (AGP) to test traffic and revenue Many domains are infringing, and kept past the 5-day period Tens of millions of.com domains tasted every day = less inventory for more legitimate uses Only a few registrars engaged in massive tasting

23. Source: ICANN preso to APEC/OECD Workshop 4-22-07 Competition in the Domain Name Space ICANN introduced competition to the domain name space Registrars now have a market and a business Consumers have greater choice in price and services Domain name marketplace is even driving how we search – contextually as well as topically – and the scale of sites that can be searched Total registrars = 888 and counting

24. Source: Verisign’s.com registry report, Apr. 2007

25. Next Steps: Policy Development Process – Potential Options Eliminate Add-Grace Period – require full payment before activation of a domain name Eliminate AGP, with exceptions for ‘legitimate uses’ No refund for ICANN (and/or some larger) portion of registration fee “Excess Delete Fee” – no refund if deletes in any given month exceed 10% (??) of registrations

26. Registrar Accreditation Agreement (RAA) Review of RAA which has been in force since May 2001, as a result of RegisterFly fiasco in early 2007 Six specific amendments are proposed, as a result of consultations between ICANN Staff and the Registrars’ Constituency – include terms under which a registrar can be sold and continue to retain its ICANN accreditation – address the responsibilities of a parent owner/manager when one or more of a "family" of registrars fails to comply with ICANN requirements – require registrars to escrow contact information for customers who register domain names using Whois privacy and Whois proxy services – augment the responsibilities placed on registrars with regard to their relationships with resellers – require operator skills training and testing for all ICANN-accredited Registrars – include additional, graduated contract enforcement tools

27. Inter-registrar Transfer Policy Policy Development Process to clarify four points of the RAA re denial of transfer request – Denial for non-payment – Denial for lock status – Denial for 60 days of initial registration period – Denial for 60 days after previous transfer Why a PDP for this, and not for broader RAA revisions??

28. GNSO “Reform” All of ICANN’s SO’s must undergo a review every three years, per bylaws There is sentiment that GNSO does not work as effectively as it should Subcommittee of ICANN Board Governance Committee has made a proposal, subsequent and different than two other expert reviews Proposal would cut Business interests (BC, IPC and ISCPC) from 1/3 voting power, to 1/5

29. Help!! Please join the Business Constituency! – 1500 euro/year for large enterprises – 500 euro/year for small enterprises – Active mailing list & regular teleconferences – Influencing ICANN policy development on behalf of all businesses – Particularly need Financial Institutions www.bizconst.org mike@rodenbaugh.com