Recorded Webinar - Insights from ICANN 59: Johannesburg

Insights from ICANN 59 Johannesburg

Please be advised that these free recorded webinar presentations have been edited from the original format (which might include a poll, product demonstration, and question-and-answer session). To set up a live demo, please complete the form to the right.

In July, Gretchen Olive, CSC® director of Policy and Industry Affairs, and Ben Anderson, head of new gTLD services for CSC, present their findings from ICANN59 in the City of Gold—Johannesburg, South Africa.

As experts in the industry, Gretchen and Ben will address best practices in effective global domain name, trademark, and brand protection strategies, with a focus on new gTLDs.

Webinar Transcript

Anu: Hello, everyone, and welcome to today's webinar, "A Wealth of Knowledge from the City of Gold: Insights from ICANN 59." My name is Anu Shah, and I will be your moderator. Joining us today are Gretchen Olive and Ben Anderson

Gretchen is an internationally recognized expert on ICANN's New gTLD Program. For nearly two decades she has helped clients navigate the evolving internet landscape through more effective global domain name, trademark, and brand protection strategies. She has served on several INTA subcommittees focused on the preservation and protection of intellectual property rights and consumer safety on the internet.

Ben is the Head of New gTLD Services and is responsible for overseeing the development of the company's product portfolio and proposition. He is an active member of the industry on the topic of gTLDs and currently sits on the board of various domain and compliance bodies for ICANN and INTA, regularly providing expertise, guidance, and advice on any developments.

And with that, let's welcome Gretchen and Ben.

Gretchen: Thanks, Anu. All righty. As always, with any ICANN meeting, there's a lot to talk about. So let's just quickly go through the agenda we have for today. We're going to do our usual kind of ICANN overview. I'll load some new graphics for those of you who have attended before. We're going to really spend a lot of time on policy today, because as you'll hear in a couple of minutes, this was sort of a very policy-focused meeting in the ICANN cycle. And then we'll also share some other important meeting insights.

So let's start with first of all let's understand who ICANN is. So ICANN is the Internet Corporation for Assigned Names and Numbers. It's really made up of ICANN staff and a Board of Directors. ICANN staff are a paid staff. Then it's really surrounded by just an enormous number of volunteers that are kind of organized in different groupings.

So let's just kind of go through that really quickly. So you'll kind of the light blue-colored boxes. These are folks that having voting rights.

So you'll see at the top sort of middle the GNSO. That's the Generic Name Supporting Organization. That's where a lot of things happen. That's where a lot of the kind of the policymaking that that bottom-up consensus policymaking happens. This stakeholder organization is made up of the registries, the registrars. There's also, you know, IP interests as well as . . . sorry. There's ISPs. There's IP interests and businesses and nonprofit kind of groups as well. So you'll kind of see a very broad spectrum of participants there. There's also At-Large and then, obviously, the President and CEO.

In those gray boxes all the way to the right, you'll see that these are nonvoting members. These are really advisory committees. These are folks who are experts in particular areas, whether it be technical or kind of public policy from a government perspective. These are folks who kind of watch and then sometimes participate in the different ICANN policy processes. But they're there to give the ICANN Board advice, to share with them their insights into what's being considered, whether or not all the public policy considerations have been considered, or whether there's some things that have been forgotten from a public policy perspective or from a governmental perspective, particularly, or a technical expert perspective. So it's an eclectic group. There's a lot of very divergent interests, and consensus is very hard-fought. But in an ICANN meeting, you will find people from all over the globe coming from all different sectors.

Now, as I mentioned earlier, ICANN is just kind of a year into a new meeting schedule and structure. So I just wanted to kind of review that with everybody so you kind of understand what our focus is here today.

So there are three public ICANN meetings a year, and they call them Meeting A, Meeting B, and Meeting C. We might have to get some marketing on that because it will make it a little bit more interesting.

But the March meeting is really a lot like the old, kind of legacy ICANN meeting. Six days. It kind of covers everything from soup to nuts. There's a lot of high-interest topics that are discussed. There's many, many tracks, and the public forum is kind of now split into two sections.

Meeting B, which is the June meeting, which is the meeting we're here to kind of share the insights from today, this is a shorter, more kind of focused meeting. It's a four-day format. It's really focused on policy work and giving members of the community, that ICANN community we just went through, opportunities to interact with each other and discuss the policy work that each of these groups are working on. There's not a lot of the sort of pomp and circumstance that surrounds Meeting A and Meeting C. So there's no welcome ceremony. There's no public forums, things like that. It's really very policy-driven.

And then Meeting C, which will be later this year, think of it as sort of the annual meeting of the board of a corporation. That's kind of their big meeting. They really focus on what sort of ICANN is working on, what they've accomplished. There's certainly policy work that's being done during all these meetings, but it's more about sort of kind of putting status on the table and everything and making sure that people are aware of what's going on and where the organization is driving towards.

So with that behind us, let's dig into some of the policy work that's being done. So there's a number of what's called PDPs that are underway and have been underway. So PDP is Policy Development Process. All these ICANN acronyms, I know it gets a little bit like alphabet soup sometimes.

But one of the first ones we'll talk about here today is the new gTLD Subsequent Procedures PDP. So this PDP was something that was chartered in January of 2016, so a little over a year ago, and really it's looking at Round 1 of the New gTLD Program. How did that go, and what additions or modifications are needed to existing policy to kind of go forward?

So you kind of see a timeline here, and this is obviously the timeline as of this year. It doesn't go back into last year. But really the group has quite a bit of work still ahead of them. You'll see in May they closed what they call CC2, and that's basically Community Comments, CC, so Community Comment 2 comment period. So they had put some initial thoughts out there on their work, some initial documentation, and they had solicited some comments on some questions that had come up during some of their initial deliberations in 2016.

Really, at the point we're at now, in June of 2017, at this ICANN meeting is the work group has gotten through kind of their I call it initial kind of run-through of all the kind of buckets of issues. Those buckets, they call them work tracks. They've kind of gone through the first run of the work tracks. They're looking at these comments that have come in on some of the questions that they had, and they're kind of incorporating that into their thinking and their going-forward work. So let's look at that little further.

All right. There's kind of three overarching issues, and then there's a number of work tracks, like I mentioned. So let's just talk about the overarching issues, because they've done a fair amount of thinking here already.

So the overarching issues really refer to like the different types of TLDs. For those of you who may have been tuned in and involved in Round 1, you'll remember the Applicant Guidebook really didn't have a lot of categories of TLDs. They had two types of applications basically — a standard application and what was called a community application. It never contemplated things like .brand or even specifically geographic or geo-TLDs. So there was a bunch of things that weren't really I would say fleshed out and different types or categories of TLDs that weren't really fleshed out in the initial policy documentation for Round 1. So that's something they're considering. Is that something they should do? Is that something that's important, or is it better to keep it kind of at the high level?

There's predictability and community engagement. So there were a lot of twists and turns in Round 1. A lot of applicants for Round 1 found themselves surprised by issues that came up during the application evaluation process of the different new gTLD applications, both open and closed. So there was a real sense of lack of predictability. How does ICANN engage the community in a way that kind of gets the issue resolved, gets the proper airing of the issues, but kind of gets issues to resolution quickly? Are the mechanisms that are in place in the ICANN world really enough?

And then there's this question of applications assessed in rounds. So we talk about in 2012 that was Round 1 of the New gTLD Program. That's not accounting for what we call kind of the pre-rounds or the beta rounds that happened back in like 2001 and 2005. But anyway, Round 1 was a very defined period of time when you could apply for a new gTLD.

The sense is that should ICANN always do this in rounds, or should there be kind of an ongoing process? I think the general consensus there is, at least for the next round, it should be a round to make sure that kind of ICANN's got things buttoned up, but maybe forward, it might be on a rolling basis. There are certainly issues that come with that in terms of monitoring, etc. So those are some of the issues they're grappling with.

So let's just briefly talk about the different work tracks. Just to give you a sense of the different work tracks that are there, there's overall process, support, and outreach. There were a lot of kind of thoughts and complaints about sort of inefficiency in the ICANN process and whether or not they really properly supported applicants, because not all applicants kind of knew the domain name system inside and out. They may have been entrepreneurs. They may have been tech people. They may have been community groups who are very unfamiliar with ICANN and all its processes. That was very challenging. So it looks at that.

There's also Work Track 2, which was really the legal, regulatory, and contractual obligations. So all of the people involved in this application process, both the applicants and any kind of parties they may work, technical partners they may work with, there's different contracts that get put in place with ICANN that regulate sort of the do's and don'ts. Was that completely buttoned up, or are there issues still there?

Then there was string contention, and objections and disputes. There was a lot of inconsistency there, a sense of the singular/plural issue. Should ICANN allow both? There was disparity in some of the decisions around string similarity. Then some of the objections and disputes really didn't go swimmingly. So some work around that.

Then Work Track 4 is internationalized domain names, and the technical and operational details around those things.

So there's a potential Work Track 5. That's why I have a question mark there. It's kind of on the go right now, but it looks like it's going to be kind of official here. It's related to geographic names.

So many of you may remember a lot of the controversy around the .Amazon application. There was a lot of and still is a lot of kind of dialogue over that application and others that has caused a lot of kind of stress and I would say contention between those who may have trademarked that match, those kind of geo names, as well as others who may live in those regions or whatever and governments. Governments kind of lay claim to a lot of the strings. There's been a lot of question about whether or not that's exactly right. So there's a lot of on the go here.

Just to give you kind of just some highlights of the discussion around these issues, on Work Track 1, they talked a lot about kind of trying to make things a little bit more efficient in terms of the evaluation of especially the registry service providers. There were kind of a stock number of registries out there. So there could be one registry that's behind 100 different applications. It seemed somewhat inefficient to have each time that registry re-evaluated. So these are some of the efficiency things that they're looking to and actually talking about potentially having ICANN sort of pre-certify or pre-approve registry services providers for applicants then to select from so that they don't have to kind of redo those evaluations each and every time.

On Work Track 2, there was pretty substantial discussion around closed generics. That has been a hot button topic for a long, long time. Basically, what's meant by closed generic is where an organization takes maybe a generic term and they apply for it. It's like an industry category or something, but that's not a trademark that they hold. But they want to operate it for their exclusive use. So during Round 1, it was decided that closed generics should not be allowed. But there's pretty substantial discussion as part of this Work Track 2 about whether or not that's the right going forward strategy, and they really have been looking at the pros and the cons of the closed generic discussion.

I think if you look at the key arguments supporting closed generics, some people say it promotes the business model, innovation, and competition. It provides greater consumer choice, supports free expression, avoids problematic circumstances in which ICANN gets involved in regulating business models and competition.

But on the flip side, there's people saying it harms competition. It favors large industry players. It confuses end users and hinders expression by giving some players exclusive use of generic terms. So they've got more work to do there, but definitely a contentious topic.

There was also some discussion in Work Track 3 about the Governmental Advisory Committee's early warning process and how . . . that was where the GAC, that's the Governmental Advisory Committee, that's one of those advisory committees in those gray boxes I showed you at the top of the presentation that really kind of digs in on that public policy side of things. There was this mechanism within the first round, where once the applications were published, the GAC could provide an applicant an early warning that their string or their application could be problematic from a public policy standpoint, so kind of put them on early notice that they either are going to have additional hurdles to overcome or that their application may not be successful. It actually gave applicants an opportunity to withdraw at a higher refund rate.

It had an impact on the predictability of the whole process, and so that's a lot of the discussion on Work Track 3 right now, as well as the GAC advice process where they really kind of chimed in on some issues that there was concerns about is that in some way impinging on freedom of speech? So certainly a lot going on there.

Then Work Track 4 on IDN variant. It's kind of interesting. There are a lot of strings where you look at the string and there's kind of an internationalized version of it. Maybe it's with umlauts or with a tilde or something like that, some different kind of cultural language designation to it. They talked about whether or not should the applicant of that term also be able to get those variations? So that's kind of the discussion going on in Work Track 4.

So as you can tell, there's a lot going on. As the timeline said, they're not anticipating having a final report really until I would say . . . they were saying Q2, sorry, Q3 of 2018. But I think that that's really, really pushing it, to say the least.

All righty. So let's move on to the next PDP, and it will go a little faster from here. That one's a really chunky one. It's just sort of like a basket of all the issues it seems that kind of converge with the New gTLD Program.

All right. This PDP, again Policy Development Process, it relates to rights protection mechanisms or RPMs. So this PDP was put together, and it's kind of broken out into two phases.

Phase 1 is focusing on those rights protection mechanisms created for the Round1 of the New gTLD Program. So things like Trademark Clearinghouse, things like Uniform Rapid Suspension, some of the post-delegation dispute processes, all those kind of special new rights protection mechanisms, that's what Phase 1 is focused on.

Then Phase 2 is going to focus on kind of a review of those Uniform Dispute Resolution Policy that's back from 1999 — it's hard to believe it's been that long — which applies to all gTLDs.

So you can see from the timeline here that they also are moving along, but have quite a bit of ways of work to do. But I think that certainly this is a work group that it's really focused. It's very hyper-focused. So I think it's easier for them to kind of plow through. I wouldn't say it's easy. But I think it's easier for them to plow through on some of these issues.

So a lot of the discussion that's kind of been going on in this group right now and at the session in Johannesburg is around whether or not the trademark claims notice process was really effective during Round 1. There's a sense, a general sense that it was successful in preventing infringing registrations. So there are members of this PDP group who are really kind of pushing and would like to extend the claims notice period beyond the current 90 days.

So as you've all probably recall if you file a mark with the Trademark Clearinghouse, when one of these new gTLD launches, for the first 90 days they basically interact with every registrar electronically. The registrar is connected to the registry that's then connected to the Trademark Clearinghouse database. When somebody within a registrar system tries to register a name that exactly matches a trademark in that Trademark Clearinghouse Database, it comes back through as a warning. As part of the registration process said, "Hey, the string you're trying to register exactly matches a trademark in the Trademark Clearinghouse."

The sense is that that process is done a lot to kind of discourage infringing registrations, because if you proceed, you basically are on notice that you're potentially infringing on somebody's legal right, and you have to affirmatively kind of go past that warning. So a lot of trademark holders would like to see that 90-day window extended.

So that's kind of, I think, the battle that's brewing. It slows down the registration process for some, and so they are not so keen on extending that. But I think it's not a bad suggestion. It's hard to really get at the data, and that's what this PDP team is trying to do is kind of get at the data right now to understand really how effective. So they're reaching out to the Trademark Clearinghouse. They're reaching out to registries. They're reaching out to registrars to understand like if they have any kind of data or statistics on how effective this mechanism was.

But the thought is that trademark holders would really like to see this extended beyond 90 days, this sort of interaction with the Trademark Clearinghouse database and these claim services, and also potentially extended beyond to strings that are not exactly matching, but similar, so that there could be warnings on those too. So there's a pretty interesting debate going on there relating to that. But it's certainly something that is getting everybody's attention. I would say this is a PDP to really closely watch at this point, because I think there's going to be some interesting kind of decisions that come out from here.

So the next steps for this team is they're doing some additional work around the Sunrise Registrations and Trademark claims, as I've mentioned. They're aiming to complete Phase 1 by Q1/Q2 of 2018. They don't yet have a projected date for completion of Phase 2. That's pretty far out. But the sense is that they don't need to complete both phases to feel like they've done the work necessary to get to Round 2, just so you know. So that's kind of the general sense in the community is that it's important that Phase 1 gets done, but not both phases to get to the next round. So we'll see how that sorts out.

So I've done a lot of talking right now. My colleague, Ben Anderson, certainly has tons of insights to share as well. So why don't I step back for a second and, Ben, let you take the floor and kind of go through the next few PDPs.

Ben: Perfect. Thanks, Gretchen, and hi, everyone. So the IGO and INGO access to curative rights protection PDP, which is an absolute mouthful and, to be honest, is one of those PDPs that I think everyone continues to scratch their heads over. This is looking at what protections can be afforded to INGOs, such as the Red Cross. For the most part, in all of the new TLDs that have launched, the registries have reserved those names and prevented anyone else from registering them. So there is already really a mechanism in place for most participating registries that would prevent a registration. But this is also looking not just at the big INGOs but smaller ones, as well.

What this working group has come to the conclusion of is that they recommend no change to UDLP or URS. So that's the Uniform Rapid Suspension Process or the ability to dispute registered names. So they think that the UDLP and URS work perfectly well for protecting those rights as they stand.

But in respect to the GAC advice concerning access to those curative rights processes, they are now suggesting the IGOs and INGOs get access to UDLP and URS at no or nominal cost. I think everyone within the community is in agreement that those headline INGOs require some kind of protection. But I think the debate is now ongoing as to how far that goes and to what level.

So this is one that, as you can see, has dragged on for four years. We're hoping that the final report that gets sent to the GNSO Council will includes some sensible ideas. We've seen some of those so far. And hopefully, this will then become policy. As we all know, the PDP process is to create policy that then the GNSO, the Generic Name Supporting Organization, can put into place. So we expect this to be, hopefully, concluded by the next ICANN in Abu Dhabi.

There's also some other highlights, and Gretchen's covered the closed generics discussion and the GAC early warning stuff, as well as the IDN variant. But one interesting thing that we have here is the name collisions framework.

As some of you may be aware, TLDs such as .home or .corp were not allowed to be delegated because they posed, and I say this in inverted commas, "a significant threat to human life." It wasn't as drastic as that. But certain TLDs or extensions are used internally by commercial and noncommercial organizations to help resolve networks. It was found TLDs such as .home, if they were to be delegated, would cause significant harm to networks across the world.

So what everyone's now looking at is creating a framework that allows applicants to understand where their TLDs would sit in three different categories. If they were at a low risk to name collision, then they should just proceed through the process. If there's an aggravated risk, then it's likely we would have this controlled interruption phase, and that's a phase where after the TLD is delegated for 90 days, all queries are routed back to an internal IP address. That would help IT teams and network engineers understand that there's a risk within their network. Then the high risk strings would automatically be rejected. So that's a move away from the reactionary process in the previous round to a more predictable way of seeing what will happen when you apply for a string after that point.

Now, moving on to maybe the most contentious PDP I think anyone has ever seen, so much so that the ICANN ombudsman have had to step in to review the behavior of some of those involved. So he's taking quite a dim view of the way that people have been discussing this actual topic. What it is, is looking at what we need to do to replace the WHOIS. Now, we all know WHOIS is the way you can see who has registered a domain, and it's run both by registries and registrars, depending on the TLD in question.

So this PDP is looking at the next generation of WHOIS, and what it's being called is a Registration Directory Service. Now, this is to create policies that allow access to that data. Now, this links closely to lots of other things going on within ICANN circles at the moment, especially the Privacy/Proxy Service and a thing that we'll touch on later, which is GDPR. And that doesn't just affect the domain industry, but affects every single business that has customers within the European Union.

But on one side, we have — well there are many different sides within this — but we have registries. We have registrars. We have those attempting to fight abuse within domains. We have privacy rights. Representatives. We have law enforcement representatives. As you can imagine, all of those views are, in some cases, directly opposite of each other. So it's causing a great amount of friction within this group.

Now, they are currently at Phase 1, which is looking at policy recommendations. But having reviewed the current discussions going on in that group, I find it highly unlikely that we will get to a point where we will see policy approval or even policy recommendations come out of this process for a very long time.

It's likely that this may be impacted further by the GDPR issue and whether or not ICANN is seen as a data controller and whether or not the information displayed in that WHOIS is in breach of European privacy laws and, in fact, privacy laws from any other country. So there are other forces at play. At the moment, it's very difficult to see which way this is heading.

There is a work plan for this group, and it's a very, very jumbled up thing. There's lots of different elements that need to be taken into consideration. I would suggest anyone that is interested in viewing what happens within this group to sign up to the list, you can do as an observer, or even participate. But the impact that this will have on brands, and especially those that look to enforce their rights, especially through some kind of brand protection product, it may be that access to the WHOIS details or the registration details of a domain name would be gated or even closed for the purposes of finding out who owns a domain and who is operating it.

As we said, a lot of these things are interlinked. This is the next thing, the Privacy/Proxy Implementation Review Team. Now, once the policy recommendation has been made in a PDP process and the Generic Name Supporting Organization accepts that, they then ask for an IRT, an Implementation Review Team, to look at the policy that's being suggested and work out how to implement that within the framework of the contracts and the contracted house party and see how ICANN can then put that into place. But this Privacy/Proxy IRT is ongoing, and it's looking at the accreditation of privacy/proxy service providers.

Now, for those that aren't familiar with the privacy or proxy service, a privacy service allows you to mask both your telephone number and email address with something other than your own to prevent that from being collected by people scraping WHOIS data. A proxy service is where someone will hold the domain name for you, and their information will mask yours on the WHOIS data.

Now, one part that is currently being discussed within this IRT is: Who can be accredited, become a privacy/proxy service provider? Registries and registrars are the simple people to be able to discuss how they can do this and what kind of products they can put in place. So the discussion now is looking at whether or not law firms, who are outside of the ICANN untracked environment, whether or not they can provide such a service or even third-party service providers.

So this is an interesting IRT, and we're looking forward to seeing what happens in the future. But it will definitely mean that where there are registries or registrars that are providing this service and masking registrant information without any kind of formal mechanism to reveal that data where there are law enforcement issues or brand counterfeiting issues, what will happen here is there will be a policy and a contract in place, which we will all be able to refer to if we find a domain name or a set of domains that are protected under a proxy service that are being used in an illegal way.

Gretchen: Great. I tell you with this, the privacy and the proxy work that's being done here, Ben, I think that this is something that's been going on for a long time, the policy process and now the Implementation Review Team. This could really be a very big win for brand owners. For a very long time, there's been this kind of frustration of getting behind these privacy and proxy registrations, but also frustration with working with how to reach the ultimate registrant, because it's unclear when you send an email to one of those proxy services or whatever information is in the WHOIS if it's really getting to the real registrant of the name. So I know a lot of people have been looking forward to this one for a long time.

Ben: Absolutely. I think once we see this implemented, it will remove quite a few of the hurdles that brand owners who are trying to enforce their rights face when reviewing domain names that are holding content that is infringing.

Gretchen: All righty. I think, also, this is a really good example of how long it can take. The policy process for that was about two years, as I recall. There was lots of discussions leading up to that, but it was something that was put into the 2013 Registrar Accreditation Agreement as a placeholder, saying that ICANN would be working on this. Then the policy process kind of followed after that, and now we're going through an implementation review process. So I think it also highlights that as much as we look at the internet where we feel like things happen so quickly, I think this is a good example of things behind the scenes that often takes many years to get to sort of that thing that seems to happen overnight.

Ben: Yeah. I know we talk about the interlinking of all of these current PDPs or IRTs. At the moment, I think it's important also to understand the GDPR will probably have an impact on the way that privacy and proxy is provided, especially where the WHOIS exists, as it does right now, pending the work from the Next Generation Registry Directory Services PDP, because it seems to be, at the moment, the only way the registrars or registries could meet with the obligations under GDPR is to mask EU citizen data with proxy registration information. So if that happens prior to this IRT finishing, the chat around the halls in Jburg was that many retail registrars, to ensure they remain compliant with the privacy laws within their own country as well as the EU where they're dealing with the EU citizens, the only option they would have, if ICANN doesn't get involved, is just to switch on proxy for every single domain. That would put us in a . . . I think there would be chaos for quite some time. So I think it's important that this is finished first.

Gretchen: Yeah. That would be a huge disaster, and I think that's even an understatement. So yeah, it's something that we'll continue to watch really closely. Like you said, there's just this convergence on a lot of these issues right now. I think we say that every time on one of these ICANN webinars, but it's just amazing how interlocking a lot of these things are.

So that's been sort of like a real deep dive into some of the policy work that really dominated this policy forum that ICANN had. But there's certainly some other stuff going on and kind of interwoven into these different discussions. So we wanted to make sure to touch on some other key kind of important insights from the meeting.

I know I'm just waiting in the Q&A to get a question about Round2. So we're going to try to pre-empt that. So Round 2, what would be your assessment, Ben, of sort of the mood around when Round 2 is coming and sort of what you're thinking right now?

Ben: Okay. So and I know we have different views on this.

Gretchen: This is our point/counterpoint part of the program, right?

Ben: Yeah, completely. I think, as you showed before on the timeline for the subsequent round work, they're quite far out. Actually, the review of the Rights Protection Mechanisms, that working group as well, I felt that, I had the impression they were a lot further than they were. I know you and I both were in that session, and it felt a bit disappointing that maybe they weren't as far as we thought they were, especially with just like the general understanding of what the Trademark Clearinghouse does. So if we were to follow that kind of timeline, all of that work has to happen before the next opening, Round 2, whatever it may be, in whichever format it is, can happen.

I think you're right. There will be another round just to make sure that all the processes are correct and nothing's dropped. But I think the balance to this and something we covered last time is that there are budgetary issues within ICANN at the moment. There is a need to generate more cash for it to continue to do what it's doing or scale back on what it's doing.

Also, there's a momentum building of people that didn't apply in the previous round who want ICANN to open. I think the pressures will come from different areas to the Board level, where they will push for a quicker opening. I know a lot of people have said, "There's nothing actually wrong with the Applicant Guidebook." Even members of the GAC have said that, which is praise indeed really.

My feeling, and I don't want anyone to get too excited, if you're thinking about applying, my feeling is and the chat around the water cooler is that there will be a shift in thinking and maybe a pressing need to open and override some of the work that's being done at the moment. I know some people are getting ready for this. So I feel that we are likely to see indication of opening at the end of next year.

Gretchen: Okay. Ben has planted his flag in the sand. I agree with most of what you said there. I think where I feel like the wind is blowing is you're right. There's people who are saying, "Hey, the Guide Book is great just the way it is now. We've gone through kind of all the pain and got to the right place as a result of Round1. So we really don't need to change anything. If we really don't need to change anything, we can fast forward on to the next round."

But I do think that these working groups, these PDPs have identified things that do need to change or where there's a strong desire to change. I think there's some of them that may not, just because I think they may not have the numbers behind them. But I do think that there's things that will kind of break out from these different work groups, that will then will have to go through an implementation process and language writing in the Guide Book, that I think is going to extend us to the end of 2019.

So I think you and I are kind of a year apart. I do agree that budget pressure is sort of the wild card. But I do think, in the end, we're going to see it press out to the end of 2019. So we'll continue with our divergent views here. I guess at one point one of us will be able to claim victory. What we'll do maybe in one of these webinars, we'll start doing a little survey and see which one of us has more folks on our side. But we'll look at doing that maybe next time.

All right. So let's also talk about the GDPR and the impact on the domain industry and policy work. So first of all, we've thrown this acronym around a few times already, GDPR. Just so everybody understand what that is, that's the Global Data Protection Regulation. There's a lot of divergent or disparate I should say data protection laws in Europe, and this GDPR is really an attempt to kind of unify them. It's scheduled to go into effect next May. So we're less than a year away.

I think we mentioned during the last webinar that this is starting to rear its ugly head in the domain world. Obviously, WHOIS is one of those things where there's information. A lot of our corporate customers, it's really just corporate information. It's not personal information. But for individual registrants, it is personal information. So there's this real kind of stress going on about, okay, how does the GDPR really impact how the domain world works?

ICANN requires these data fields and this data in the WHOIS currently. I think you mentioned it earlier, Ben, is what ICANN is asking all the registrars and registries to do under their contracts with ICANN going to put them in violation of this GDPR and this lingering question about whether or not ICANN sees itself as a data controller I think is "the question" that has to get answered.

But I think there's also some other stuff we were kind of seeing. It's affecting also the ability for Verisign to get an updated accreditation agreement. So do you want to maybe talk about that for a few minutes?

Ben: Sure. Definitely. So as we said, the GDPR is a single set of data protection rules for all countries in the EU. But even if you don't operate or originate from the EU, if you have customers within the EU, you need to adhere to these rules as well. What this gives rights to or the individuals have the following rights. They have the right to be informed. They have the right of access, the right of rectification in Eurasia, to restrict processing the data portability, and the right to object to the use of their data. I think that's probably all of it.

Gretchen: I think that covers it.

Ben: Yeah. Now, there are 60 plus potential data elements within the contracts and policies within the ICANN universe that contracted parties have to collect. The contracted parties are the registries, the registrars, and the data escrow providers. Now, that means that all of that data is subject to these rules. Now, the registrars are required to submit it to the registries under the contract that they have, the registry/registrar agreement. The registries are contracted to display that under the registry accreditation agreement, sorry, the registry agreement. There's one extra A in there.

So what all that means is that we're all required to display this data under the contracts. As a sidetrack to that, and we touched on this last time, there's two different types of WHOIS. There's a thick WHOIS, and that's where the registry holds real authoritative data and displays it to the world. There's a thin registry, and this is specifically for the TLDs com, net, and jobs, two of which being some of the largest or the largest TLDs in the world.

The registry Verisign doesn't actually display that information. It just holds a certain amount of information, and then the registrars are required to display it. That works through a technical process within the WHOIS setup.

Now, Verisign are required to move over to a thick registry system where they're holding the data. But they're not prepared to do that right now until GDPR is sorted. In order to do that, they needed to issue a new contract between themselves and the registrars. Now, the registrars and the registrar stakeholder group has a say in whether or not that contract is approved to be used for all registrars. The registrars, unfortunately, are not in a position to approve it, because at the moment ICANN is still not accepting or is in a position to say that they are the data controller and provide either waivers or indemnification against the contracted parties for any breach of this GDPR policy.

So, as you can see, it's really, really intermingled, and I'm sorry if I kind of meandered through that. But there's so many dependencies within this. It really is now incumbent on ICANN to put a flag in the sand and say, "This is what we are, and this is what we recommend to our contracted parties."

What was slightly concerning was that the ICANN CEO didn't even know who their privacy officer was. He knew they had one, but he wasn't sure who it was.

Gretchen: He knew they had one, but he didn't know the name. Yeah, that was scary.

Ben: It's slightly scary. But we may see some movement at the next meeting. But I think most of the contracted parties are now planning some kind of inaction with ICANN. And as I said, that's going to impact our customers, because it's likely that all information on who entered the name will be masked. So if you are monitoring for infringements or abuse, this may mean that you don't really have the ability to contact that person and warn them. It may push you towards the dispute method, if you can't identify exactly who the owner of a domain is.

Gretchen: Yeah. I think, Ben, that's exactly the point I wanted to get to is that I know this is complex and there's a lot of what I call inside baseball kind of going on in this GDPR discussion with the contracted parties and ICANN, etc. But I think the thing that I want to make sure our participants here today know and our clients know is that we're less than a year from this becoming effective. So there's going to need to be some quick decisions made by all the people in the food chain. So if you are doing a lot of monitoring and really relying on the WHOIS for enforcement actions, I would say that there is a chance there can be a disruption to that in the near future. So again, this is something that definitely you need to keep in the sort of front burner as something to watch, because this could impact your sort of enforcement and monitoring practices.

Anu: Yeah. Thank you. So thanks again, Gretchen and Ben. That is all the time we have today. If we didn't get to your question, we will contact you with a response after the webinar. Thank you to everyone who joined us. We hope to see you next time.