ICANN Blog

ICANN Blog ICANN Blog

  • What’s New with ICANN Reviews
    on January 18, 2018 at 8:00 am

    Provide Your Input on the Assessment Report for the NomCom2 Review Have you interacted with the Nominating Committee? If so, please share your input on the Nominating Committee Review assessment report to help improve this important body. Join the NomCom2 Review Working Party (RWP) for calls scheduled for 20:00 UTC on 25 January or 20:00 UTC on 1 February. To participate, please contact mssi-secretariat@icann.org. You can also visit the NomCom2 Wiki Workspace Page for a recording of the recent webinar on the assessment report conducted by the independent examiner, Analysis Group. Share your input on Review Operating Standards by 2 Feb 2018 Provide your input to shape how Specific Reviews will be conducted in the future. The deadline to submit your public comment on the Operating Standards for ICANN Specific Reviews has been extended to 23:59 UTC on Friday, 2 February. The goal of the Operating Standards (see Section 4.6), which are mandated by ICANN Bylaws, is to provide a transparent and consistent review process by documenting rules and procedures. Learn more here. Stay-up-to-date with Reviews! Click here for a summary of status updates for active Specific and Organizational Reviews. Also, be sure to bookmark Specific Review Team Workspace Pages to stay up-to-date with progress and opportunities to provide input: Accountability and Transparency Review (ATRT3) Competition, Consumer Trust, and Consumer Choice Review (CCT) Registration Directory Service Review (RDS-WHOIS2) Security, Stability, and Resiliency of the DNS (SSR2) […]

  • Data Protection and Privacy Update: Seeking Community Feedback on Proposed Compliance Models
    on January 12, 2018 at 8:00 am

    Happy new year to you all. We have kicked off 2018 by continuing our work on data protection and privacy issues. In particular, we are preparing for the 25 May 2018 enforcement date for the European Union's General Data Protection Regulation (GDPR). As I've previously written, we are working to ensure compliance with this law while maintaining access to WHOIS to the greatest extent possible. Our work in this area began when we asked the community for user cases and created a matrix of these different use cases about the personal data that gTLD registries and registrars collect, transmit or publish pursuant to ICANN agreements or policies. In the absence of a WHOIS policy, the user stories are essential for describing the many different uses of the WHOIS system. The matrix informed discussions about whether there were potential compliance issues under ICANN's agreements with registries and registrars because of the new law, and aided in our engagement with data protection authorities. On 2 November 2017, we published a Statement from Contractual Compliance, which indicated ICANN org would defer taking compliance action against any registry or registrar for noncompliance with contractual obligations related to the handling of registration data. To be eligible for this deferral, we asked ICANN's contracted parties and stakeholders to follow this process to submit proposed interim models for compliance. We've published those community-proposed models here. In parallel, we engaged the European law firm Hamilton to provide its legal analysis of these issues. The three-part assessment found in its first memo [PDF, 253 KB] that the WHOIS service in its current form must change. In the second part [PDF, 577 KB], Hamilton answered community questions about the law's applicability and scope. In its third analysis [PDF, 440 KB], Hamilton described how processing data within the scope of WHOIS could be changed to become compliant with the GDPR. We asked for your feedback on these analyses and published your input here. In December, I wrote that we were working to develop interim models for collecting registration data and implementing registration directory services that may be compliant with both the law and ICANN's contractual agreements. To be clear, these proposed models are meant to facilitate discussion and a final model decided on to be an interim solution. They do not replace any existing ICANN policy development work or policies. Today we published [PDF, 624 KB] for community input those three proposed discussion models for collecting registration data and implementing registration directory services. These models reflect discussions from across the community and with data protection authorities, legal analyses and the proposed models we have received to date. Please provide your input on these models. The input from the community will contribute to assessing the viability of each of the models. From that input either variations or modifications to one of these models will be identified at the end of January for the path forward. To help inform this, please provide your feedback by 29 January 2018. Please send your feedback to gdpr@icann.org. The three models are summarized at a high-level below. The models differ based on what contact information is displayed in the public-facing WHOIS, their applicability, the duration of data retention and what data is not displayed in a public-facing WHOIS: Model 1 would allow for the display of Thick registration data, with the exception of the registrant's phone number and email address, and the name and postal address of the technical and administrative contacts. To gain access to these non-public data points, third parties would be required to self-certify their legitimate interests for accessing the data. This model applies if the registrant is a natural person, and the registrant, registry, registrar and/or the data processor is in the European Economic Area. Model 2 would allow for the display of Thin registration data, as well as the technical and administrative contacts' email addresses. To access the non-public information registries and registrars would be required to provide access only for a defined set of third-party requestors certified under a formal accreditation/certification program. There are two variations on how this model would apply. Model 2A applies to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is in the European Economic Area. Model 2B would apply to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is regardless of location, that is on a global basis. Model 3 would allow for the display of Thin registration data and any other non-personal registration data. To access non-public information, a requestor would provide a subpoena or other order from a court or other judicial tribunal of competent jurisdiction. This model would apply to all registrations on a global basis. Please click here to see the models [PDF, 624 KB]. We will share these models as we continue our engagement work, including with the Article 29 Working Party. As always, we'll continue to keep the community apprised of the various discussions we have. We've also received a range of correspondence relating to the GDPR. We urge you to visit our data protection/privacy page to view the latest correspondence, proposed models from the community, and other materials relevant to this discussion. Happy 2018 and we look forward to all the work with the community over the coming year. […]

  • Data Protection and Privacy Update – Plans for the New Year
    on December 21, 2017 at 8:00 am

    As 2017 comes to an end, it's a good time to assess where we are and where we are going with our work to address potential compliance issues with ICANN agreements with generic top-level domain (gTLD) registries and registrars in light of the European Union's General Data Protection Regulation (GDPR). A Look Back at 2017 We started out by working with an ad hoc group of community volunteers to help us create and populate a matrix of user stories of the personal data that gTLD registries and registrars collect, transmit, or publish pursuant to ICANN agreements or policies. The purpose for collecting this information was to inform discussions about whether there are potential compliance issues under ICANN agreements with registries and registrars because of the new law, and to engage with data protection authorities. We continued this work by facilitating discussions within the multistakeholder community during ICANN Public Meetings, blogs, and webinars. Also, we engaged the European law firm Hamilton to provide legal analysis on these issues. This analysis, developed in parts, aims to serve as building blocks for community discussions about how to approach GDPR issues in the domain name space. Ultimately, this data will help us outline a legal framework on which to build possible models for compliance with both the GDPR and ICANN's contracts with gTLD registries and registrars. Part 1 [PDF, 252 KB], published on 16 October 2017, described the potential issues that could arise in relation to the WHOIS service in its current form as a result of the GDPR. Part 2 [PDF, 577 KB], published on 15 December 2017, addressed questions that the ICANN community has raised with a goal of providing a better general understanding of the effects of the GDPR on the domain name space. Part 3 [PDF, 440 KB], published today, elaborates on how the processing of data within the scope of WHOIS could possibly be changed to become compliant with the GDPR. This analysis lays out a legal framework to guide our approach to begin building potential compliance models with the community's input. Charting a Path for the New Year As we look to the new year, we are mindful that the May 2018 GDPR enforcement date is fast approaching. It's important to plot out where we're going so that we start the year with the energy and direction that we'll need to get us to our goal. We've made it a high priority to find a path forward to ensure compliance with the GDPR while maintaining WHOIS to the greatest extent possible. Now, it is time to identify potential models that address both GDPR and ICANN compliance obligations. We'll need to move quickly, while taking measured steps to develop proposed compliance models. Based on the analysis from Hamilton, it appears likely that we will need to incorporate the advice about using a layered access model as a way forward. Before 15 January 2018, we want to publish for Public Comment proposed compliance models. As a first step, we'd like to hear your feedback and suggestions about the layered access approach described in Part 3 of the Hamilton legal analysis. To help us meet this deadline, please submit your feedback before 10 January 2018. As we look to settle on a compliance model by the end of January, the community's continued participation and input will be instrumental in ensuring that we've appropriately shaped the model. Email your comments and suggestions to gdpr@icann.org. To be clear, your feedback about the layered access approach outlined in the Hamilton memo is not intended to replace the ongoing process we published about how to submit a proposed compliance model in response to the 2 November 2017 Statement from Contractual Compliance. We have received one suggested model and know that many of you have been working to finalize your proposals. Your models will help us shape our proposal and we will continue to publish your submissions on our webpage as we receive them. We look forward to continuing our engagement with the ICANN community in 2018 as we work together on this important issue. As before, we will continue to provide updates via blogs, webinars, and documents on our Data Protection/Privacy Issues webpage. […]

  • Do You Have a Domain Name? Here's What You Need to Know.
    on December 19, 2017 at 8:00 am

    Part III – Having Issues Transferring Your Domain Name? One of the primary purposes of ICANN's Transfer Policy is to provide you with the option to freely move your domain name from one registrar to another. In our last blog, we explained how to do this. If you still have problems making a transfer, here is some information on why you might be encountering issues and some additional information on what you might be able to do about it. The first thing you should know is that there are a few instances when your registrar cannot transfer your domain name, such as if it is the subject of an ongoing Uniform Domain Name Dispute Resolution Policy (UDRP), Transfer Dispute Resolution Policy (TDRP) or Uniform Rapid Suspension (URS) proceeding. Your registrar also cannot transfer your domain name if it is subject to a court order. Additionally, as we explained in the last blog, your domain name cannot be transferred if it is subject to a 60-Day Change of Registrant lock. There might be other reasons your registrar is denying your transfer request. This will depend on the terms and conditions of your registration agreement with the registrar. For example, there is evidence of fraud, your name is not listed as the registrant of record, or if you have an outstanding payment for a previous registration period. Non-payment for a pending or future registration period however is not grounds for denial of transfer. It is important that you understand the terms and conditions in your registration agreement so that you know what to expect if you decide to make a transfer. What to Do? There are some common issues you might run into when transferring a domain name. You can't transfer the domain name because it is in a 60-day Change of Registrant lock. This rule is in place to prevent unauthorized changes to your contact info for the purposes of making unauthorized transfers, which could result in making the domain name un-recoverable. If you want to opt out of this protection, you can make the request to your registrar prior to making changes to your contact information. You cannot transfer the domain name because your request falls within 60 days of the initial registration or a previous transfer. This rule is put in place for your protection. Some registrars however may choose to grant exceptions to this rule so you can contact your registrar directly to ask if they'll allow you to initiate a transfer during this period. You cannot transfer the domain name because it is in 'Registrar Lock' or 'Client Transfer Prohibited' status (sometimes used to protect against unauthorized transfers). You can change these statuses by contacting your registrar. Some registrars may provide you with the option to change these statuses yourself via your control panel. In either case, the registrar must provide you with the AuthInfo code needed to change the status within five calendar days of your request. You should know that you can always contact your registrar directly for assistance with transferring, even if you registered your domain name through a reseller or another service provider. ICANN is not a registrar and does not transfer domain names. If you do not know who your registrar is you can search here to find out. If after you've contacted the registrar and you are still not successful in your attempt to transfer your domain name, you can submit a formal Transfer Complaint with ICANN. Click here to read 5 things Every Domain Name Registrant Should Know About ICANN's Transfer Policy FAQs: Transferring Your Domain Name More Information on Domain Name Transfers More Information on Transfer Complaints [PDF, 124 KB] More Information about Domain Name status codes, such as 'Registrar Lock' or 'Client Transfer Prohibited' Learn more about ICANN's Transfer Policy (Effective as of 1 December 2016). The 'Do You Have a Domain Name? Here's What You Need to Know' educational series is part of ICANN's broader efforts to help you better understand the ICANN policies that affect you, your role in the Domain Name System (DNS), and the role of the ICANN organization, registries, and registrars in the DNS ecosystem. […]

  • President's Corner: Finances & Planning for the Next Two Years
    on December 18, 2017 at 8:00 am

    One of my personal priorities for my role in ICANN is continuing to improve ICANN org's efforts to be transparent, accountable and accessible. In this spirit, I am sharing something the Executive Team and I have been spending a lot of time lately, and an area of great focus for us in the coming year. By now I hope you have also read the blog by Cherine on this topic. As I mentioned in the recent Quarterly Stakeholder Call, we saw slower funding in the first quarter of FY18 by $1m versus our approved budget, with lower domain name registrations than planned. So, we believe the FY18 funding could remain flat compared to FY17's funding, instead of the growth budgeted in FY18. We need to make some changes to address that. And, at the same time, we are currently planning for the next two years out – FY19 and FY20. We are also forecasting lower funding for FY19 compared to the approved FY18 budget. As Cherine mentioned, there is also a discussion going on about the Reserve Fund, and we need to factor that into our planning. As a non-profit it is important that we stay within our budget. That takes some work but I feel confident the ICANN community will support us in this effort. The reality is, ICANN has a significant budget but not an infinite budget. We need to make some changes, and can't do everything we are asked. You as the ICANN community will feel the impact of some of those changes. We have already begun addressing this by focusing on finding efficiencies where possible. For example, when someone leaves ICANN org, we are taking a close look at the vacancy, the team's needs and other people's availability and skills before deciding if we are going to fill the role. We are also looking at our staff travel practices for ICANN meetings and other ICANN org commitments, reviewing our language services support levels and offering, and trying to consolidate our collateral and the volume of reports. We are looking at what projects we could delay or stop, and reviewing things with a fresh set of eyes – just because we've always done something a certain way, doesn't mean that's the right choice now. These are just a few examples. We are examining a lot of our internal policies and spending levels, and looking closely at how we do things to make sure we do the right thing, in the most efficient way. It is important that we govern our work to our means. I wanted to share this with you now, to let you know you will occasionally be seeing some changes in how we operate. Some will be bigger than others, and for the ones that impact you, you will be asked to participate in public comment periods, discussions around priorities and strategic planning, and sessions with ICANN org to help us understand what is most important to you. There will be a budget out for public comment mid-January 2018 and I hope you will review and participate actively. Of course, you are in charge of the final version of the budget. I look forward to the result of your input. […]

ICANN Announcements

ICANN Announcements ICANN Announcements

  • IANA Functions Customer Survey Results Available
    on January 18, 2018 at 8:00 am

    LOS ANGELES – 18 January 2018 – The Internet Corporation for Assigned Name and Numbers (ICANN) published the results of an annual survey that measures the perception of satisfaction among Internet Assigned Numbers Authority (IANA) functions customers regarding the services they receive. This survey is the first completed since the ICANN organization affiliate Public Technical Identifiers (PTI) started performing IANA functions on behalf of the ICANN org and accounts for transactions completed between September 2016 and August 2017. The IANA Services Customer Survey measured satisfaction in relation to documentation quality, process quality, transparency, timeliness, accuracy, reporting, and courtesy. In the 2017 survey, customers identified accuracy as the most important measure of performance for the fifth consecutive year. Notably, 94 percent of respondents reported being satisfied with the accuracy of their transactions. Timeliness and process quality, were identified as the second and third most important measures by customers, both stayed consistent with the previous year with 89 percent satisfaction. View the IANA Services Customer Satisfaction Survey Report [PDF, 1.33 MB]. While the results of the survey are generally positive, the ICANN org continues to explore opportunities for improvement, including on the survey format and methodology. In response to conversations with key stakeholders within the community, an option to select "not applicable" was added to each question in the survey and open-ended questions were introduced to better capture feedback. There were also improvements to capture the geographical location of the IANA functions customers, and to further segment the top-level domain (TLD) operators. "Over the years we have refined our approach to surveying our customers, and we've received increasing feedback that it can be difficult to recall the details of their PTI interactions up to a year later. This feedback has prompted us to start planning to survey our customers shortly after our interactions, to obtain more timely and actionable feedback," said Kim Davies, Vice President of IANA and President, PTI. The ICANN org commissioned Ebiquity, a leading independent marketing and media consultancy, to administer the survey, analyze the results and compile an independent third-party report, to keep with PTI's goal to improve transparency in its processes. This year, Ebiquity issued 4,070 invitations during the survey period to IANA functions customers — top-level domain operators, regional Internet registries, RFC authors and other protocol parameter registrants, Internet Engineering Steering Group members, DNSSEC KSK trusted community representatives, and .INT domain registrants — and 7 percent responded. About ICANN ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world. […]

  • Maximal Starting Repertoire version 3 (MSR-3) for Root Zone Label Generation Rules (RZ-LGR)
    on January 17, 2018 at 8:00 am

    Open Date: 17 January 2018 Close Date: 26 February 2018 Originating Organization: Global Domains Division Categories/Tags: Top-Level Domains Brief Overview: ICANN is releasing for public comment version 3 of the Maximal Starting Repertoire (MSR-3: HTML, XML). This version is upwardly compatible with MSR-2 and adds three code points each to the repertoires of Han and Latin scripts. Under the Procedure to Develop and Maintain Label Generation Rules for the Root Zone with Respect to IDN Labels [PDF, 772 KB], the MSR is the starting point for the work by community based Generation Panels which are developing the proposals for relevant scripts for the Root Zone Label Generation Rules (RZ-LGR). The contents of MSR-3 and the detailed rationale behind its development are described in MSR-3-Overview and Rationale [PDF, 1.1 MB]. Link: https://www.icann.org/public-comments/msr-3-2018-01-17-en […]

  • Implementation of the Consensus Policy for Protection of Certain Specific IGO and INGO Identifiers for All gTLDs
    on January 16, 2018 at 8:00 am

    LOS ANGELES – 16 January 2018 – The Internet Corporation for Assigned Names and Numbers (ICANN) today announced that all ICANN generic top-level domain (gTLD) contracted parties must implement the new Consensus Policy concerning the protection of certain specific names of intergovernmental organizations (IGO) and international nongovernmental organizations (INGO) identifiers in all gTLDs. This Consensus Policy relates only to those identifiers specifically approved by the ICANN Board in April 2014 following the conclusion of a Policy Development Process conducted by the Generic Names Supporting Organization. It does not include IGO and INGO identifiers for which Board approval is still pending or for which GNSO policy work remains ongoing. Contracted parties will have until 1 August 2018 to complete implementation of the new requirements for certain specific names of IGOs, the International Olympic Committee (IOC), and the Red Cross/Red Crescent Movement (RCRC). For INGOs, the implementation period will be 12 months from the release of the INGO Claims Systems Specification which is currently under development by ICANN org. The protections within this policy pertain to specific names of certain IGOs, INGOs, the IOC, and the RCRC, according to the recommendations adopted by the ICANN Board. The policy requires registry operators to withhold the specified names from registration for IGOs, the IOC, and the RCRC at the second-level and provides an exceptions procedure for registration. For INGOs, the policy requires claims notices at the second-level. Additional information is available at the ICANN Generic Names Supporting Organization working group and IGO/INGO implementation review team wiki pages. About ICANN ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world. […]

  • Establishment of the Internet and DNS Engagement Center in Seoul
    on January 12, 2018 at 8:00 am

    SEOUL, Republic of Korea – 12 January 2018 – Today, the Korea Internet & Security Agency (KISA) and the Internet Corporation for Assigned Names and Numbers (ICANN) announced the establishment of a partnership center known as the Internet and DNS Engagement Center in Seoul (the "Center'). This initiative elevates KISA and ICANN's partnership, established in November 2013 with the signing of the KISA-ICANN Memorandum of Understanding (MOU). Per the objectives of the MOU, the Center will provide an avenue to foster dialogue and mutual understanding between KISA, ICANN as well as the wider Korean and regional Internet community. The Center will facilitate ICANN's engagement with Korean and regional stakeholders; and carry out cooperation programs in collaboration with ICANN and other Internet Governance Organizations, such as the Asia Pacific Internet Governance Academy (APIGA). This initiative enhances KISA's involvement to engage the wider Internet community as it commits its staff and resources to the Center. The Center's staff will remain as KISA's employees and report directly to KISA. They are in charge of the Center's activities, working directly with the ICANN APAC regional office, and any other partners. Korean stakeholders can continue to reach ICANN in their local language directly via korea.liaison@icann.org. The contact details of the Center are as follows: Seoul Internet and DNS Engagement Center 11F Platinum Tower 398 Seocho-daero, Seocho-gu Seoul 06619 Republic of Korea Phone: +82 2 405 6592 Fax: +82 2 405 6593 About KISA KISA is a government agency dedicated to promoting Internet and information security and contributing to Korea's Global Competitiveness. KISA has set 'Internet Promotion' for the future and 'Information Security' for our safety as its primary tasks, and is focusing on enhancing the information security capacity of Korea's ICT industry while expanding global cooperative partnerships based on the K-ICT Security Development Strategy, in order that these twin pillars may serve as the core competencies of the future Korea in equal and harmonious measure. KISA, founded in 2009 through a merger of three separate organizations, is dedicated to developing Korea's Internet industry and information security capabilities. As an Internet and security promotion agency armed with global competitiveness, KISA will maintain its commitment to creating a safe and happy Internet world. About ICANN ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you have to type an address into your computer - a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world. […]

  • Potential Data Exposure in ICANN RFP System Resolved
    on January 12, 2018 at 8:00 am

    LOS ANGELES – 12 January 2018 – The Internet Corporation for Names and Numbers (ICANN) today disclosed a potential data exposure with JAGGAER (formerly SciQuest), the software as a service (SaaS) tool used for sourcing suppliers via competitive bidding processes such as Requests for Proposal (RFPs). Two suppliers made ICANN aware of the issue on 4 December 2017. ICANN logged a severity 1 problem with JAGGAER immediately, and the vendor resolved the problem within 48 hours. The issue occurred in a module called Sourcing Director, which is used for administering RFPs. Each RFP has a Question and Answer (Q&A) Board where RFP participants can post questions for the ICANN RFP team. Only the ICANN RFP team sees the questions while they are unanswered. ICANN posts the answer publicly, but the identity of the asker is not revealed on the website. The exposure occurred if RFP participants downloaded the page as a file extract. The extract listed the names of the entities that asked questions. We recognize that the problem undermined the expected confidentiality of those asking questions and potentially gave RFP bidders the names of some of their competitors. As soon as ICANN learned of the problem, we reposted all questions and answers as if they came from ICANN, so the names of those asking questions no longer appeared in the file extract. This problem was not limited to ICANN. JAGGAER has verified that it was introduced on 10 November 2017 with the JAGGAER 17.3 upgrade that contained an enhancement to the Q&A file format. Because most people view the Q&A Board without file extraction, ICANN believes the data exposure was minimal. Bidders in three RFPs may have been affected, and they have already been informed of the issue. ICANN is making this information public as part of our commitment to openness and transparency. If you have any questions or feedback, please email globalsupport@icann.org and put "JAGGAER Data Issue" in the subject line. About ICANN ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world. […]