Public Interest Registry takes the lead in advocating policies that support and strengthen the .ORG community. Currently, PIR is concentrating on the following issues; for PIR's policy positions, please follow the link for each issue:
- Internet Security & DNSSEC
- Domain Tasting and the Add Grace Period
- Spam and Phishing
- New gTLDs (Generic Top-Level Domains)
- Internationalized Domain Names (IDNs)
- GNSO Improvements
- Uniform Dispute Resolution Policy (UDRP)
WHOIS - Balancing the Interests of Privacy and the Need to Know
WHOIS is an Internet service that allows anyone to obtain registration and contact information about domain name holders (registrants) in all generic top-level domains (TLDs). Although there are certain limitations on commercial use of the information, there are no effective means for protection of personal privacy. PIR holds this information for .ORG as other registries hold it for other generic TLDs. And like all generic TLDs, PIR currently is required to make this information available through the WHOIS service in accordance with its agreement with ICANN.
Originally, WHOIS data were made publicly available to give network operators a way to contact each other. As the Internet and the number of domain name holders have grown, however, this justification for making WHOIS data publicly available no longer applies. PIR and its Advisory Council, therefore, are actively participating in proceedings to advocate for appropriate changes to the WHOIS contract requirements.
For an example of PIR's advocacy efforts on this issue, see our "Policy Positions" page.
A highlight of the June 2008 ICANN meeting in Paris was the ICANN Board's approval of the .ORG proposal to implement Domain Name Security Extensions (DNSSEC). PIR believes the implementation of DNSSEC will significantly advance the security and stability of the Domain Name System. The protection of Internet users and registrants has always been a priority for PIR. The implementation of DNSSEC furthers this goal. Malicious attackers are constantly attempting to misdirect users to criminal websites that will steal a user's identity. As the Internet grows with the introduction of new gTLDs, there exists a greater potential for these attacks. The authorization of .ORG's implementation of DNSSEC is an important first step in providing additional security layers to Internet communications.
The .ORG registry is beginning the development of a plan that will adequately prepare DNSSEC for adoption within the internet infrastructure community. We are now in the first phase of our DNSSEC development, and as such have not scheduled a specific launch date. As the first gTLD to be authorized to implement DNSSEC, .ORG continues its tradition of protecting users and establishing best practices for Internet policy.
As part of the program to advance security, Public Interest Registry is also supporting proposals to take a further important technical step - signing the root. If the root is signed (by means of an encrypted software key), then the authenticity of communications using DNSSEC can be confirmed through the encryption system.
The Add Grace Period (AGP) is a classic example of a good idea that had unintended consequences. The AGP allows the registration of a domain name to be cancelled within five days of the registration date without payment of the registration fee. The intent of the AGP was to allow correction of innocent errors, or credit problems. Unfortunately, the AGP quickly became the subject of abuse by users who registered hundreds of thousands of names per day for the purpose of testing their commercial value - domain tasting. In addition, the wholesale registration of names led to a further abuse, the capture of previously registered names that have attained some popularity, followed by the misuse of these names to steer unsuspecting users to pornographic and other anti-social sites. The use of computerized programs to pick up deleted names and immediately re-register them has also deprived the average user of a level playing field in having a choice of available names.
.ORG responded to this abuse by pioneering an "Excess Deletion Fee" (EDF) - a charge on registrants whose deletions exceeded 90% of their registrations during a given period. The .ORG fee dramatically reduced the incidence of tasting in the .ORG domain.
The ICANN Board took two steps that will very likely bring tasting to an end. ICANN will now collect its transaction fee on all transactions, even if cancelled within five days, if the number of deletions exceeds ten percent of the total registrations for a period. In addition, nearly all registries will be required to implement a fee similar to the .ORG EDF.
Public Interest Registry is taking steps to protect its registrants from spam - unwanted commercial email messages, phishing , and fraudulent messages that are part of identity theft schemes.
In March, 2008 at the ICANN meeting in New Delhi, India, PIR initiated the formation of the Registry Internet Safety Group (RISG). The impetus behind its formation was the recognition that collaboration across the industry would be the most effective way to combat phishing and malware threats, rather than individual and reactive efforts by any one single player.
The primary purpose of RISG is to facilitate dialogue, affect change, and promulgate best practices to address Internet identity theft including "phishing" and all of its related forms, and malware distribution. RISG seeks to decrease occurrences of phishing and malware distribution, in all of its forms, by developing best practice suggestions for registries and registrars. RISG members are also attempting to create methods to share data among member companies that will enhance the understanding of phishing and malware and further the mission of RISG to eliminate them.
Since its first meeting in India, RISG members have actively been discussing data sharing cooperation to identify perpetrators of online identity theft. RISG members are also examining registry best practices for anti-phishing solutions. Members have created a discussion WIKI and have been actively identifying scenarios under which shared data might contribute to the better identification of internet security threats. Several types of data have been identified that could assist with resolving scenarios that are both curative (resolving known threats) and preventative (unknown threats). PIR counsel has been working with EU registry attorneys to identify data sharing strategies that might be compatible with EU privacy laws. Additionally, members are considering, with input from APWG (see below), best practice strategies for anti-phishing solutions at the registry level.
.ORG is also working with the AntiPhishing Working Group (APWG), the National Cyber-Forensic and Training Alliance (NCFTA) and law enforcement authorities to develop data sharing and anti-phishing recommendations for RISG. The APWG has been supportive of RISG as a complimentary organization, and APWG has already contributed to RISG anti-phishing discussions. Similarly, law enforcement has been very supportive. PIR has been asked to speak to a major international law enforcement group about the RISG initiative.
In what has been called the most significant expansion of the Internet in 40 years, the ICANN Board at its Paris meeting in June, 2008 approved major new gTLD expansion. The board reserved a decision on the actual implementation plan for new gTLDs. However, it is clear this decision will have a major impact on the future of the Internet. It remains to be seen whether the new gTLDs will enable growth and increased utility of the Internet or, conversely, lead to user confusion.
Many observers believe that major corporations will seek individual gTLDs for their brands. There may be applicants for "vanity" top level domains, although the cost of application may limit these. Domains for political, religious and cultural institutions may also be sought. It remains to be determined how ICANN will handle contested issues in allocation of new gTLDs, including alleged violation of intellectual property rights, string confusion (possible consumer confusion resulting from similarities between one domain's string of letters and another's), and comparative evaluation of applicants for the same string.
One major issue that remains unresolved is whether registrars will be able to apply to own and manage new registries. Currently, registries are limited in ownership of registrars, but not vice versa. Registries are concerned about anti-competitive effects if registrars own registries. A registrar-registry combination might neglect incumbent gTLDs while devoting resources to its own registry. There is also a concern that some new registries will attempt quickly to monetize new gTLDs with little regard for IP rights or long term registry success.
Internationalized Domain Names (IDNs): Internet Addresses in Multiple Languages and Scripts
Internationalized Domain Names (IDNs) are domain names expressed in characters other than Roman letters (the ASCII character set that is now used universally). At the Paris ICANN meeting in June 2008, the ICANN Board took action to allow IDNs into the root.
ICANN is currently focusing on technical IDN issues and is treating all IDNs, including ccTLD and gTLD, together. The status and timeline for domain names in the form of new scripts on both sides of the dot, known as IDN.IDN gTLDs, is essentially the same as for new gTLDs. ICANN has yet to set a timetable for IDN gTLD launches.
There is a "fast track" that is intended to enable every ccTLD to have at least one separate IDN.IDN version of its domain in the script of its choice, e.g., an IDN.IDN version of .CN (China) using the Chinese characters for the country's name as the top level, i.e., at the right of the dot in the domain name. The Government Advisory Committee of ICANN (GAC) is the strongest supporter of the fast track as a means of promoting nationalist/cultural identity. The GAC is pushing for special treatment of ccTLDs.
The ccNSO Council has proposed an Issues Report, and possibly a PDP, to consider:
- Whether the ICANN bylaws relating to the ccNSO also apply to the new IDN ccTLDs, and, if not, should they?
- Whether there should be a PDP to develop policy for the selection and delegation of IDN ccTLDs associated with the ISO 3166-1 two-letter codes that are currently the only ccTLD domains.
ICANN operates on the basis of an ideal; it defines its mission as "developing policy appropriate to [ICANN's] mission through bottom-up, consensus-based processes". In practice, this has been only a pious hope, especially with respect to some controversial subjects, such as, for example, WHOIS policy. Despite years of dialogue, there has not been consensus on a policy that respects the privacy of personal data of individual domain name registrants while simultaneously satisfying the needs of law enforcement agencies and brand name owners that are concerned about infringement of their intellectual property rights. Given the policy stalemate, ICANN has recently commenced efforts to create a structure that will encourage building consensus rather than voting blocs.
In September, 2006, the London School of Economics published a study, commissioned by ICANN, of the GNSO. The study was highly critical of many aspects of the GNSO, including the representativeness of constituencies, dominance by a small core of people, and an arduous process of reaching consensus with an over reliance on voting and a legislative approach. These criticisms are well illustrated by the nearly seven years spent on unsuccessful attempts to find a WHOIS consensus.
At its Paris meeting in June 2008, the ICANN Board approved a major resolution with regard to the structure of the Generic Name Supporting Organization (GNSO) that will attempt to restore it to its original function of building consensus on policy issues. A proposed compromise leading towards a bicameral structure for the GNSO Council appears to be a positive development.
The UDRP is an arbitration/mediation procedure that is used to resolve issues related to alleged trademark infringement and bad-faith registration of domain names.
ICANN is considering adopting a special procedure for dealing with domain names alleged to infringe the rights of intergovernmental organizations. The proposed procedure (known as WIPO2) would make binding arbitration mandatory for these cases and would deprive national courts of jurisdiction. The GNSO Council failed to pass a motion to support the proposal, and the ICANN Board has taken no action for over a year.
See PIR's position on UDRP on our Policy Positions page.