ICANN 67:

Insights from the Virtual Meeting


Join us as we take a look back on the ICANN 67 Virtual Meeting. We’ll share highlights of important industry policy developments that will affect your online domain name, brand protection, and cyber security strategies in 2020 and beyond.

Expert Gretchen Olive, CSC director of Policy and Global Domain Name Services, will bring webinar participants up to speed on:

  • The status of both phases of ICANN’s Expedited Policy Development Process (EPDP) concerning availability and access to WHOIS
  • The current community discussions and work related to domain name system abuse
  • Ongoing policy work to enable the launch of the second round of the New gTLD Program
  • And much more

Transcript:

Disclaimer: Please be advised that this recorded webinar has been edited from its original format, which may have included a product demo. To set up a live demo or to request more information, please complete the form to the right. Or if you are currently not on CSC Global, there is a link to the website in the description of this video. Thank you.

Annie: Hello everyone, and welcome to today's webinar, "ICANN 67: Insights from the Virtual Meeting." My name is Annie Triboletti, and I will be your moderator.

Joining us today is Gretchen Olive. Gretchen is the Director of Policy & Global Domain Name Services for CSC. For nearly 2 decades, Gretchen has helped Global 2000 companies devise global domain name, trademark and online brand protection strategies, and is a leading authority on the Internet Corporation for Assigned Names and Numbers. And with that, let's welcome Gretchen.

Gretchen: Thanks, Annie. And yes, as usual, as you said, we have a lot to cover today. So just a brief look at the agenda, we'll do our usual ICANN overview. Some key policy updates, a lot going on especially with the EPDP, so we'll get through that, Rights Protection Mechanisms PDP, and the Subsequent Procedures PDP. All of those policy development processes have updates.

We'll also talk about the .ORG Registry Acquisition that's been in all the kind of industry blogs and certainly was a big, hot topic of discussion at the ICANN meeting. And then also just review some of the GAC key issues of concern, because it's always important to track those.

So for those of you who are new to our webinar series, and I do see a few new names on our registration list today, I would like to go over this kind of organization chart about ICANN.

You'll hear a lot in any kind of blog or even in this webinar series, you'll hear the reference of the ICANN Community. And a lot of times people are like, "Well, who's that? Who's the ICANN Community?"

Well, the ICANN Community is kind of what exists on this organizational chart. So ICANN itself has staff, a president, and a CEO. There's also a board of directors. And then you see some blue and gray boxes below. These are largely volunteer groups that make up the ICANN community. Each group is sort of, has many different components to it.

The ones that we really focus on are the GNSO as well as in the gray box is the Governmental Advisory Committee. So the GNSO is really made up of what they call the contracted parties and the non-contracted parties. And when you talk about contracted parties, you're talking about people like registries and registrars. When you talk about non-contracted parties, you're talking about groups like Intellectual Property Interest, Business Constituency, those types of groups. So that GNSO, the Generic Names Supporting Organization is really kind of a hotbed for different policy work, and that's a lot what we focus on in this series.

In the gray boxes, there's the darkest gray box, you'll see the Governmental Advisory Committee. This committee is an organization, sort of a group of people. They're usually delegates from a different country like telecom ministries. And they are charged with advising the ICANN Board on different policies that come up through this kind of multi-stakeholder policy process. It's a consensus policy organization. And so as the policies kind of bubble up, the Governmental Advisory Committee is charged with giving the ICANN Board advice. And so they're looking at it from a public policy standpoint, looking at what things might be, either adverse to public policy interests or maybe having not been fully fleshed out.

So those two groups are typically working sometimes at odds. Sometimes they will kind of align. But those are the two groups that we spend a lot of time talking about in this webinar series.

So in terms of how ICANN meetings are kind of scheduled and structured, there are three public meetings per year. They call them ironically Meeting A, Meeting B, and Meeting C. Meeting A usually occurs in the March time frame. It's a six-day format. And it's really intended to be a community forum.

This is very similar to kind of the ICANN meetings that have happened in years past. This new structure is something that really went into effect about a year and a half ago, almost two years ago. But the six-day format community forum is really kind of a full-fledged ICANN meeting and where a lot of policy work gets discussed and talked about.

So one of the interesting things to notice, as we kind of dive into the substantive material here for ICANN 67, is ICANN 67, this is the first time that the entire meeting was remote. Every participant was remote. They've always had kind of remote participation where you could log in to like a web meeting room or call in and listen and even participate in the calls or the discussion at the ICANN meeting. But there's never been a completely virtual meeting, and that was the case this time. For obvious reasons, the coronavirus has certainly caused people not to travel and justifiably so.

So it was interesting to do a lot of this policy discussion, and it was all remote participants. But we did, so that's definitely an accomplishment. It's something that I think we may have to do at least one more time, and hopefully we get better at it.

So let's jump into talk about kind of the first topic, which is the EPDP. So EPDP stands for Expedited Policy Development Process. And this is related to registration data, or a lot of people call it like WHOIS.

The GDPR, which was enacted in May of 2018, really was in direct contrast with ICANN's WHOIS policies. And so this kind of triggered a need to go through sort of an Expedited Policy Development Process for the first time in sort of ICANN's history to try to kind of reconcile the GDPR, the General Data Protection Regulation with ICANN's WHOIS policies.

This has been quite a task. Initially, the policy was supposed to be all done and, you know, policy work at least, not the implementation work, it was supposed to be all done in one year. Well, that hasn't happened, but let's talk about how it has gone and where we are today.

So, with this EPDP, there was a temporary specification that ICANN issued when it did initiate this process, which it thought it was going to take a year to complete. But it issued a temporary specification, sort of significantly redact the WHOIS contact data, not the domain data, meaning not like the name and who the registrar is, and when it was renewed, or when it was registered or when it expires. That's kind of the domain data. We're talking about the contact data, the registrar, admin, technical billing contact information.

And so the temporary specification initially went into place in late May of 2018. It had very significant and continues to have very significant brand protection and kind of security and fraud investigation impact, because this temporary specification has needed to stay in place, because while there was some policy work that was completed by 2019, May of 2019, not all of it.

And as you can see in this slide, really what happened is that the EPDP team needed to divide the work into two phases. Phase 1 was sort of regarding the collection and handling of WHOIS contact data and requests for WHOIS data. And then Phase 2 was about access to that data. So that's kind of how the work was divided. The Phase 1 policy work or for the most part policy work was completed by the deadline in May of 2019.

But with everything in the ICANN world, the policy work is just the beginning. There is a whole lot of implementation work that then needs to be done after a policy is agreed to. So we'll talk a little bit about that in a few minutes.

So where are we on the EPDP Phase 1 status right now? So they did issue a final report, like I said, in time for the deadline. It was actually issued in February 2019. There was a public comment period, and the board approved it. There were a couple of recommendations that they wanted some further work done on.

But an implementation team was kind of spun up to start working through how to implement the policy. This team's goal was to produce a plan to meet what they were calling the policy effective date of February 29, 2020. That has not happened, and I think there's a lot of good reasons for that.

I think the policy recommendations are pretty high level. There's a fair amount of implementation work. There's a fair amount of change here. But it definitely is taking much longer than I think even people who thought that the February 29, 2020 date was pretty ambitious. It's looking like it's actually going to be much beyond that. But again, we'll talk about that in a minute.

So in October, in fact, the Phase 1 implementation review team sent a note to the GNSO Council. We talked about that, the Generic Name Supporting Organization at the top of the webinar, and basically said, you know, we're running late.

And the board heard that message. But the ICANN CEO also sent a letter to the Governmental Advisory Council, the GAC, telling them that the timeline is going to be longer and recommended that the IRT be able to continue its work and to keep everybody informed. This has been a big challenge because the GAC has really been pushing ICANN to get this work done and for very good reason.

The WHOIS is going dark. You know, effectively, they're really being very, very limited access with very unclear guidelines for access of the non-public data has caused very significant challenges regarding kind of brand protection efforts, online fraud, DNS abuse, that type of thing, which is just only increasing, which is compounding the problem.

So what is that work that the EPDP Phase 1 group still needs to do? Why is it that they need this extension? Well, this chart kind of says it all. These are the kind of different tracks of things that need to get done.

So what's I think particularly interesting and also complicating about these different work streams that need to be addressed is that a lot of this work is not just in the lap of the EPDP Phase 1 group. There is some work that needs to be done by the Generic Name Supporting Organization or the Council. And there's also work that needs to be done by ICANN staff. Then that has to kind of come back to this working group, this PDP group, and then they have to give input. So there's a fair amount of substantive work and a fair amount of back and forth that's going to need to happen.

And I'm going to try to illustrate this by looking kind of down that gray work stream, where we're looking at the different studies and things that need to get done. I think that will help everybody understand that we're probably a ways away from having just the Phase 1 policies implemented.

So the gray boxes were about kind of studies that needed to get done. And so one of them is data retention. And that was in recommendation . . . there were 29 recommendations that the EPDP Phase 1 policy group kind of produced. There's 29 recommendations. Recommendation 15.1 was around data retention.

And so, in order for this Phase 1 implementation team to kind of inform the Phase 2 policy group, the EPDP team recommends that ICANN, the organization, as sort of a matter of urgency undertakes a review of all its active processes and procedures around data retention. And that is no small task. So there was a report issued on that in November.

And then if you look at Recommendation 15.4, they also recommend that they look at the different data retention waiver procedures to basically improve efficiency, etc. A lot of those waiver procedures were put in place before the GDPR and then were actually a little further enhanced as we drew closer to the GDPR implementation date. But that also, there's a report on that. That was issued just in this January.

So you can kind of see the very substantive work that needs to get done for every kind of piece of this, and we'll just continue to kind of show a few more.

This is probably one of my favorite ones, because this has been something that I think has just been a huge, huge challenge in kind of the implementation of the GDPR as it relates to WHOIS. So this concept of legal versus natural persons, it comes up in a lot of policy work. But it is so critical and so central to the GDPR, because the GDPR really relates to personal data. And obviously, there are many organizations or companies or legal entities that register domain names.

Unfortunately, the WHOIS policy, the temporary specification at this point does not kind of really distinguish between legal and natural persons. And so that's a big challenge.

So here in Recommendation 17 that was in the initial policy group's recommendations, this EPDP team recommends that basically ICANN undertake a study which looks at several different issues, things like feasibility and costs, things like different industries and organizations that kind of can differentiate between legal and natural persons' privacy risks and other potential risks.

So, you know, this is an issue particularly. It's very, very central, but they need some additional input on this. This is not something that this team can really decide on its own or come up with kind of final recommendations on its own, so that they can get to implementation. They really need input from ICANN on this.

And then potentially the whopper of them all. This is regarding impact to existing policies. For those of you who have been on this webinar series before, and especially the last couple, you've probably heard me talk about this, where a lot of the things that are going to be changed regarding registration data don't only have impact on sort of the displaying and access to WHOIS. It has impact a whole lot of other processes and policies within the ICANN world.

So really there needs to be kind of a very detailed review of that. And so they've kind of broken it up, that review into kind of what they're calling two waves — Wave 1 and Wave 2.

So Wave 1, the report was issued in January and includes kind of a listing and kind of bucketing of the different consensus policies that ICANN currently has in effect.

And then Wave 2 report, which is currently underway, it'll cover sort of the non-policy procedures, things like data escrow and trademark clearing house. So there is a lot . . . this is just identification. This isn't solving those, you know, changing those policy processes or policies themselves.

That would be something that would have to go back to the GNSO, and they would need to spin up different groups to work on that, different PDPs to work on that. So again, you can kind of see how this work is pretty detailed, pretty intense, and pretty time consuming.

I thought it'd be helpful to kind of show you a chart, and the chart that came out of the report of the different policies, and kind of they'd bucketed them into a high impact, medium impact, low impact. But I think, you know, without even diving into the details of this chart, you can really see that, you know, there is a lot of work here that could take other groups potentially a long time.

The hope is that this isn't turned into a 10-year policy development process. But it's not, you know, a year's effort, which was initially contemplated, and I think that's pretty clear at this point.

And lastly, just to kind of show some of the work that needs to be done outside of sort of just ICANN org is regards to Recommendations 19 and 20, data protection agreements that these two recommendations in the EPDP Phase 1 policy team's final report really touched upon, you know, the agreements that are going to be necessary with the contractual parties, as well as with data protection authorities.

So, you know, right now ICANN and a bunch of the contracted parties, that's registries and registrars, are working together to kind of complete this work. They have documented the data processing required under the ICANN agreement and its policies. It's kind of like who does what, where, why.

And then in terms of a next step, we're looking at continuing the discussion really and to get to a draft agreement of recommendation specifics. So there's a ton of work here. I know I keep on belaboring the point, but I think it's just really important that people understand what's kind of going on, the level of work that's required, and that this is what's taking the time.

It's truly, truly unfortunate. I work with and CSC, all my colleagues at CSC work with clients who are really struggling under this kind of dark WHOIS on brand protection, on security and fraud investigations. And we just, we need to get to some certainty soon, but it looks like it's going to take just some more time unfortunately.

So that now brings us to EPDP Phase 2. So Phase 1 implementation and EPDP Phase 2 policy have been running concurrently. These are two separate groups. So Phase 2 officially began in May. So that was when kind of the Phase 1 policy was done. They felt like they could then start working on the Phase 2 work, which is about sort of the mechanics, the access to this non-public data.

And so the EPDP Phase 2 team is really kind of tasked with coming up with, you know, what everybody has been kind of wanting to get to is a standardized access and disclosure model. You'll sometimes see the abbreviation SSAD to refer to that.

They did publish their initial report this February. And actually it's out for public comment, and that public comment period closes, you know, as we're doing this webinar effectively on the 23rd, so just the day before.

But the team has divided its work. So, you know, we talk about all these different work streams and kind of tracks. This EPDP Phase 2 policy team has kind of also divided its work into Priority 1 and Priority 2 topic.

So Priority 1, it really is focused on that standardized access, centralized access data model and kind of all those kind of questions related there too, you know, terms, things like who should be making requests, how do you authenticate them, all those types of things. And I'll show you a little diagram here in a minute.

But then Priority 2, if you will, kind of kicks to the curb a little bit, at least temporarily, things like display of information of affiliated versus accredited parties. So resellers versus, you know, accredited registrars, privacy proxy, legal name, legal versus natural persons. There's a lot of debate around the city field and the need to redact that. You can kind of see all that's there.

But this Phase 1 report, the initial report really only includes the Priority 1 items. So it doesn't include any of the Priority 2. They are working hard to try to make sure that Priority 2 gets into the final, and quite honestly I don't see how it can. But nonetheless, there's just, it's sort of like a, you know, again, it seems like everybody's just pushing, pushing, pushing to the deadline, but there may be some issues that prevent them from hitting it.

So let me . . . here's a nice, kind of, I think, much cleaner visual representation of what is meant by this SSAD model. So in past webinars, again, for those of you who have been joining us, there's been this, you know, historically very messy diagram, quite honestly hard to kind of follow diagram of how this all would work.

But we've come now to this sort of visual representation, which I think is a much cleaner version. This is from one of the presentations at ICANN 67. And what you kind of see, if you start all the way to the left, is that somebody wants to request non-public WHOIS data. So, again, that contact information that's now redacted in the WHOIS for everyone, how if there's a legitimate purpose, if you are trying to assert your trademark rights, your brand protection, take brand protection action, or there's some kind of security or fraud reason for law enforcement or others to kind of get to that non-public data, unfortunately the temporary specification kind of says, yeah, you can do it if you have legitimate purpose. And that's not really in detail really fully fleshed out.

So we are kind of left in a little bit of limbo right now, where there are parties making requests directly to registries and registrars, trying to get that data. There's no standardization on how to make those requests or the policies that any of those groups are following.

Those groups, the registries and registrars are somewhat challenged because sometimes people are asserting some very kind of different legal rights and showing different evidence related to those legal rights. And some of their staff, they're not attorneys in fact that are kind of processing these things. So it's created quite a problem, and quite honestly many of the parties that are being contacted are favoring sort of non-disclosure over disclosure for fear of being sued under the GDPR.

So this model, if you again look to the left, you have a requester. There's going to be an authorization kind of authority, if you will, an accreditation authority that will then kind of check on the identity of this requester. There's been some discussions about maybe having kind of like pre-validated identities or people who can, would kind of automatically get through this step. There's some discussions still remaining on that.

But essentially, if we get to the point where yes, the requester is accredited to make the request, the request would then go in basically to ICANN or someone they could delegate to review the request, and this is sort of a centralized gateway, if you will, where the request gets reviewed. And if it meets all the requirements, then it could either go down a manual process, which is kind of to the if you kind of look down, it can go through a manual process, whereby the contracted party, whether it be the registry, the registrar, then provides that information to the requester. Or it can go through an automated process where the contracted party's system would provide that information to the requester.

This last part I think has been one of the hardest parts of this, is that, who provides the data to the requester? There's been a lot of concerns about is it really necessary for it to go back through the ICANN? Doesn't that expose the sort of potentially personal data to additional people, additional systems, things like that? But this seems to have finally I think worked its way out where there's a recommendation that this come through the contracted party.

So this is in that initial report that was issued in February, that public comment is closing on here, March 23rd. There will then be a staff report that will summarize the public comments, and then those public comments will be taken into consideration before a final report is due.

So that's something, you know, certainly we've been reading through and participating and following this process here. But it's really when that staff report comes out that I think we're going to have a very good idea of where things are going. And we'll definitely, you know, either be blogging or sending out a briefing document out on sort of what it looks like things are going to look like under this SSAD model. But definitely, we're getting to a point where we're going to have a little bit more clarity on the model. There's still a lot to still figure out though.

So in terms of next steps for this EPDP Phase 2 group, you can kind of see there's, you know, that gray portion is kind of the time that has already elapsed, and the sort of the whiter version of the timeline is sort of the time between this past ICANN meeting and the next ICANN meeting.

You can see there's multiple streams of work going on here, very condensed. So it's . . . they're trying to run to the finish. The ICANN fiscal year ends at the end of June, and there's some concern this group was supposed to take a year to complete its work. It's coming up on that year. There's some concern that their funding may run out from ICANN. So that's why they are kind of really trying to push it to the end here.

It'll be interesting to see if they make it. I know that many in the community feel that it's better to get this right than to do it fast. We still want something done with some expediency. But I think if they needed a couple extra months to complete their work and do it with quality, I do think that the funding will be extended. So we'll have to watch that.

All right. I think now take a deep breath, EPDP is over. I know that's a lot. Let's now switch gears to the rights protection mechanisms policy development process. No less weighty of a topic, it's just we're a little further along here, but still much work to do. But just to remind everybody, these next two policy development processes really were sort of on the back of the implementation, kind of yeah the implementation of round one of the new gTLD program.

So when ICANN kind of got through delegation of most of the TLDs, one of the things they had promised the Governmental Advisory Committee very early on, round one of the new gTLD program is that they would take time to kind of like stop, reflect on round one, think about what went right, what went wrong, take corrective action before implementing round two.

Now, there's been some pressure to get to round two. But ICANN has kind of held to their word to the GAC, that, you know, policy work needs to get done before that can happen. Now, I won't say that they've been so clear that implementation of the policy work has to be completed before round two, but I do expect, that kind of comes up. I do expect that there will be a fair amount of policy work that gets implemented.

I would say most of the policy work will get implemented before we see round two. But round two, the date is still in question. My estimation is it is a good two years off at the least.

But let's dig into where they are right now, two PDPs. One is related to rights protection mechanisms. And then the second, you'll see is regarding subsequent procedures.

So let's tackle rights protection mechanisms. This PDP is being conducted in two phases. That sounds familiar. Phase 1 covers all the rights protection mechanisms that were launched as part of the new gTLD program in 2012. And then Phase 2 is a review of the UDRP, Uniform Dispute Resolution Policy. And that's really been a rights protection mechanism that's been in place in the gTLD space, the generic top-level domain space since 1999, and quite honestly has served the community very well. But they want to do kind of a relook at it in light of these new gTLDs and see if there's anything there that needs to be tweaked. So that will be Phase 2.

All right, so in terms of where the RPM PDP is, they've recently revisited the initial review of the Uniform Rapid Suspension system, the URS. That's kind of that, I'll call it that short-form administrative process. You know, it's not quite a UDRP, but it enables a complaintant to have the name taken down out of the DNS, and it would kind of stay in abeyance for at least the remainder of his registration period. But the complaintant doesn't recover the domain name. So that's why it's sort of a lighter version, if you will, of UDRP.

But back in December, so after ICANN 66, kind of the team that was tasked, the sub-team that was tasked on recommendations, they completed their work there. Then in mid-December through January, they put together some more specific support levels for kind of some individual proposals, tried to clean some things up.

Let's just say there's just a lot going on in this RPM, and I think there's been a little bit . . . I think, in some ways it got too complicated, but then too vague at the same time. So anyway, they've come to the conclusion that they need more time. And so in late January, you know, they basically completed their review, and this was through the ICANN 67 meeting.

They completed their review of the draft, initial report and comments. Sorry, then they published the report for public comment. That's open through April 27th, and that's available on the ICANN website. Then they expect that they're going to need May through September to review those comments. And then somewhere in the mid-September to mid-October, they think they can get to publishing the final report. They need more time. It's the bottom line. And there are reasons for that, and we'll review that in just a second.

So, while when we reviewed the EPDP, we saw just like the quantity and intensity of the substantive work that needed to get done. I think this RPM has kind of suffered from some different challenges in terms that's going requires an extension of deadline.

And so just at a high level, like I mentioned, the charter questions, they're broad, they're unclear, hard to kind of come up with a specific answer and recommendation for.

There's a very diverse group on this RPM also, and they're all digging their heels in.

Data quality is an issue. There's limited scope of data. So really trying to kind of find the learnings from that data and kind of balance the policy interest has been a struggle.

Issues, just when you think they're to bed, they come back up again. And then also just time management. I think it's hard. I mean, in fairness, these working groups are really intense. These folks meet at least weekly, several times a week often, and lots of communications in between, lots of documents, drafting. There's just . . . you know, and often this is work they're doing in addition to their other jobs.

So, you know, they're working as volunteers as part of these groups, and it's really hard to manage all the demands and the time, and especially when there's sort of like this re-litigation going on and trying to kind of focus everybody. It's been a real challenge with this working group really throughout. And I think they're getting there, but they're inching there slowly at this point. So, you know, more work to do and more time needed.

So let's now turn to the new gTLD Subsequent Procedures PDP. I know that's kind of a cryptic title for that one. And what you should do is just think about this one as so there was the Applicant Guidebook. It was sort of the policies and procedures and processes for Round 1 of the new gTLD program, everything from, you know, who can apply to how do you apply, and then how does the application get processed.

So all those procedures, this PDP was really about looking at things that, you know, upon reflection probably needed, kind of needed to be looked at. And so they broke it into five work tracks. Again, a common theme within the ICANN PDP process to kind of break things down into what they either call phases or work streams or work tracks.

But Work Track 1 was about the overall process, support, and outreach. Work Track 2 was about the legal, regulatory, and contractual obligations. Work Track 3, the string contention, and objection and disputes, which I think a lot of challenges there. Work Track 4, the internationalized domain names and the technical and operational issues. And then Work Track 5, geographic names, so geo names often is what it's called. So a lot really being looked at across this PDP.

So where are they? So I think before there was an expectation there would be another limited public comment period for this PDP. But the expectation for all the recommendations to be available really significantly impacts the timeline. So they've also asked for a project change request to the GNSO Council.

The list of topics identified is extensive, as I mentioned. And, you know, they're trying to develop these final recommendations, but there's still some of those very challenging topics that still have some pending deliberations, again, not only within the work group, but with the outside ICANN Community. So things like closed generics, you'll see in a minute that's a topic of concern for the GAC, predictability framework, string contention, and resolution.

So there's still some pretty meaty topics that need some additional work. There's also some digging in here. And there's also, I think, a recognition or sort of a realization, if you will, at this point, that this team may complete its work, and there may be a few topics where the work group aren't able to come to consensus. And that's challenging in the ICANN world, because it is a consensus policy organization. So there's a lot of unknowns when they can't come to consensus.

So what are we talking about in terms of timing? I think, you know, this is assuming that they get more time, that the work change is approved. But they're going to try hard to really get this done before the end of this year. If I were a betting person, I'm going to say it's going to slide into Q1 of 2021, but we're going to have to see.

You know, this work group has done a tremendous amount of work, again, volunteers spending an enormous amount of time. So it's really not meant to be a knock on them. It's just this process is grueling, and it takes time, it takes collaboration, it takes cooperation. And these issues are not often ones that can be merely debated from within. They need to get outside inputs. So, you know, more work here needed as well, but we'll continue to follow it for you.

All right. Now, with all those PDPs behind us, let's turn our attention to another hot topic. This actually took . . . they dedicated the whole first public forum to the Org Registry Acquisition. So let me just bring some folks up to speed if you haven't been following this closely.

So in November, an equity firm, Ethos Capital announced the acquisition of Public Interest Registry, which is the .org registry, for $1.13 billion. Now, I think what really got folks about this was a number of things, but one kind of interesting fact is that one of the partners at Ethos Capital was the former CEO and president of ICANN, Fadi Chehadé. So that raised some eyebrows.

And then you had many in the ICANN Community really concerned about price escalation. So, you know, the .org TLD is one where it's used very widely by non-profits, non-governmental organizations, so NGOs, you know, folks and organizations that typically don't have a lot of cash. And while there is no like strict eligibility criteria that that's the only kind of companies or individuals that should be using the org TLD, it just has been since kind of the beginning.

And so earlier last year, as .org was going through it's very typical contract renewal with ICANN, the registries contracts come up for renewal, and they get reviewed, some of the legacy gTLD contracts, so com, net, org, I think those info, biz, those ones that existed before the new gTLD program. Those TLDs have been having any kind of price caps kind of removed from them. .com is still there, but they have a lot more wiggle room than they used to.

But some of these other smaller TLDs that obviously have many millions less names and market power than .com, they have been having their price caps kind of removed because the new gTLD contracts for those new registries didn't have price caps, because ICANN kind of came to the conclusion that they should not be getting involved in issues around price, that they're not a regulator, that they're a policy organization, and therefore they should get out of that business.

Well, this has caused the combination of this acquisition, plus sort of this change in the price caps within the org contract, given the non-profit and NGO community very significant pause about this acquisition. They're very concerned about significant price escalation and how it may cause kind of hardship for them in terms of having a web presence.

So ICANN has been sort of pressured by the community to not approve the transfer of PIR, which is Public Interest Registry to Ethos Capital. Those calls have predominantly come from non-profits, NGOs, internet users, that type of thing. And ICANN has kind of like dipped its toe in, dipped its toe out, dipped its toe in, dipped its toe out. Well, right now, they're basically being asked, you know, don't approve this transfer.

They have decided that the transaction is on hold for right now. And they were supposed to make a decision earlier, but quite honestly, with the coronavirus and delays and challenges related to that, they've been able to push out a decision to April 20th.

In the interim, the Governmental Advisory Committee as well as the United States Senate have expressed serious concerns around this, you know, again, the price issue, issues around transparency. The Public Interest Registry actually used to be owned by the Internet Society. So it's called the ISOC.

And this was sort of, you know, also kind of a public benefit corporation. It was one where actually the proceeds for .org was helping fund a lot of their activities. And so this has given a lot of people great pause. The transparency around this has given people a lot of concern. The price issues has given concerns. What public interest commitments, the public interest commitments that Ethos has proposed are concerning.

So there's a lot of people kind of bearing down on ICANN right now around this transaction. All I can say is what a mess, what a mess. But it is something that's a hot topic right now, so I want to make sure to get you up to speed on that. We'll certainly see things unfold over the next few weeks, and it'll be interesting to see what happens.

And finally, no ICANN summary webinar would be complete if we didn't talk about sort of the GAC communiqué. So again, for those of you who've joined us on this webinar series before, at the end of every ICANN meeting, the GAC issues what they call their communiqué, and this really gives a kind of a recap of their activities during the meeting and then also provides kind of advice to the ICANN Board. This is kind of the formal mechanism they often use to transmit advice to the ICANN Board.

And so it's always important to look at what those issues are that they raise in their communiqué, to kind of track where things are going, and what might not move as fast as one might have thought before, as well as kind of maybe get a heads-up on some oncoming issues.

So the org transition or the org registry transaction is definitely one. You know, as I mentioned, they're very, very concerned about this. Their advice to the ICANN Board is really, you know, here are our concerns, and by the way, make sure you're considering community input very thoughtfully in your decision-making. So that is code for we are watching you. So let's see what happens here.

It's not like the GAC in itself can do anything, but they can . . . you know, when they give the ICANN Board advice, it then gets put into this kind of tracker, and the ICANN Board needs to respond. And it needs to respond with we agree with you, we don't agree with you, or we think this needs to be changed.

The latter two kind of invoke some additional processes, specifically the one we don't agree with you or we are disagreeing with your recommendation. That one requires a very formal bylaws process with the board. So we'll watch this space. It's going to be interesting.

They also have concerns, continue to have concerns around new gTLD subsequent procedures. And quite honestly, the GAC has been very, very vocal throughout the ICANN new gTLD program. And therefore, one of the reasons why ICANN promised the GAC that it would go through these PDPs before going to Round 2. The GAC is following these PDPs closely. They are even engaging in trying to help engage where they can and when they can. It's a tremendous time commitment. But they have been in the last year or so actually trying to engage earlier in the policy process than waiting to the end and then giving advice, which I think has been really constructive and helpful.

But some of the issues around new gTLD subsequent procedures, they're still very concerned about the closed generics issue. And what that is, is there were some companies who, when they applied for a TLD, they didn't just apply for brands, they also applied for what's considered like category words, like books, or music or things like that, and wanted to operate them as closed TLDs just for their benefit.

So that has been an issue that has, you know, had a lot of twists and turns through the new gTLD program and continues to be the case through this policy development process, post Round 1. So still a lot of concerns around closed generics.

Public Interest Commitments are things that registries can and must, I should say not can, must kind of commit to as part of their kind of registry operations. And a lot of the GAC's concerns earlier in the new gTLD program, and even more so today is around DNS abuse. They do not think that there are strong enough public interest commitments by many TLDs, especially ones that are targeted towards highly regulated industries or particular populations.

They are very concerned that these public interest commitments are not strong enough. They're not detailed enough. They're not aggressively enforced. So there's a lot of concerns, and again, a lot of this relates to DNS abuse. So I expect to see a lot more conversation on this in the coming year.

The GAC Early Warning and GAC Advice, they have a process within the new gTLD program currently, where when the list of names was first published from Round 1, the GAC had sort of almost like a, here we call it a first swing at sort of raising concerns about TLDs that were applied for, and they would publish those concerns, and then applicants had a chance to kind of engage with those GAC members that raised concerns or those countries that raised concerns, and/or withdraw and get a kind of an 80% refund.

The GAC Advice that was also part of that, they want that process tightened up. One of the big issues was they didn't have enough time. Definitely there were a lot of applications, they didn't have a lot of time to respond, and then it was a bumpy process after that. They wanted to be clear.

They want more support for applicants, particularly ones from emerging economies, where maybe English is not the first language, in places that technology or the internet are not widely available. They want more support for applicants in those kind of categories to be able to facilitate them coming online and applying for a TLD. Remember, you can only apply for a TLD as an entity. It's not like an individual can apply for a TLD.

And then lastly, community applications, these are applications that are designated to be for members of a certain community. So you saw like . . . I think a good one is like .bank and .insurance, that is for the financial institution community. You saw .realtor. That was for the community of people who are realtors, some things like that.

So you can see they think those applications are important. They think that the price tag and the complexity of the process really don't sway in favor of community applicants, that makes it really, really tough for them, almost puts them at a disadvantage. So there's concerns there, and then the GAC has expressed those concerns throughout as well.

And then in terms of kind of current process, the EPDP, ICANN, they continue to urge ICANN to create and implement a standardized form for people to request non-public data for legitimate purpose during this interim period. I think they've become more understanding that, you know, they've been for a long time kind of pushing and saying, you know, you've got to get the process up and running, you've got to get this EPDP completed and implemented. We've got to get off the temporary specification. This needs to be done now, now, now, now.

I think they've kind of throttled that back a bit. In this last meeting, I think I definitely heard a change in tone and understanding that there's a lot of issues that need to be addressed and should be addressed, and so they want to allow time for that. But they have been urging ICANN all along and are really ramping up the kind of discourse on this, where ICANN they really feel needs to lead here and work to create and implement a standardized form to request that non-public data for legitimate purpose.

We're in this interim period, so that brand protection interest, law enforcement, security investigators, etc. can get what they need, and that it's a defined process that everyone has to follow it, that there's no ambiguity. But all that exists right now, and ICANN continues to assert that it's not their place to kind of put this together, that this needs to come up through the GNSO.

So this is a little bit of a wrestling match, this issue, but this is something that GAC is really starting to get kind of more vocal about. And I expect that, in the next three to six months, this is going to be a topic that is going to be at the fore. So it will be interesting to see where we land.

So, of course, there's a lot more that goes on during an ICANN meeting. But these are some of the key highlights that I think kind of give you the essence in terms of things that you'll want to keep apprised of. So thanks for your time.