The voluntary Public Interest Commitments (PIC) have a long and sad history at ICANN. They were a process never created or evaluated by the Multistakeholder process, thrown together for one purpose and allowed to morph into a mechanism for an almost unlimited number of un-reviewed other purposes. Disputes are delegated to a resolution process which itself was never evaluated for a) its appropriateness to the task at hand, b) its inability to throw out inappropriate claims or ridiculous private commitments, and c) and was entirely unvetted for the human rights, free expression, privacy and related issues that might come its way.

Private (voluntary) PICs and the associated PIC dispute resolution process (PICDRP) is not even a half-baked idea; it’s an unbaked idea. Although private PICs have been called “voluntary nonsense” and “voluntary garbage” (see below), they are still included in new gTLD registry agreements, and clearly being embraced and encouraged by Ethos Capital and PIR as part of their .ORG contract. The leaders and advisors of Ethos and PIR—Fadi Chehadé, Allen Grogan and Jon Nevett—urge us to “trust them” and use private PIC commitments and processes as the basis of all protections for .ORG registrants (and the .ORG community that relies on them). I’m sorry, but there is little to trust in the PIC process.

Based on the history of the private PICs, it strains credibility to believe that we would entrust the protection of the cradle of noncommercial speech online—.ORG domain names—to the mess of policies and procedures these individuals helped to create in 2013 and 2014. In this piece, I lay out the deeply concerning history of private PICs and the PICDRP. I also submit that private PICs are not the best way to protect the .ORG registrants and community, but the most self-serving way for PIR and Ethos to move forward—there are clearer, stronger, and more straightforward ways to protect .ORG registrants and members of the .ORG community. If this transaction is to move forward, it is these options we need to incorporate. I describe them at the end.

(Note: I write this piece as part of the group that founded ICANN and a member of ICANN multistakeholder teams that drafted well-defined & well-scoped rules for domain name dispute processes for the Uniform Dispute Resolution Policy (UDRP) and Uniform Rapid Suspension system (URS); I am co-chair of the working group now reviewing these dispute processes. I am a former director of policy for the Public Interest Registry who found working with .ORG registrants and .ORG community to be an honor and privilege every day; it is the only gTLD I know where registrants regularly risk their lives, and those of their families, to share information about dictatorships and corruption, misuse and fraud, and to fight for freedom, news, education and information. Although unusual for a blog piece, I use endnotes to document my sources.)

Here are key factors of concern:

1. PICs were never created by the ICANN Multistakeholder process.

If you go back to the New gTLD Applicant Guidebook—the rules of the road for applying for New gTLDs—there is no mention of “public interest commitments” and no Specification 11 in the “base registry agreement”—the common contract written by ICANN Org (another term for ICANN Staff) for new gTLD applicants to sign once approved and ready to be “delegated” a top-level domain. [1]

Drafted by ICANN Org, this base registry agreement had some review by the ICANN Community, including by a committee of the Registries Stakeholder Group on which I served. Some edits and tweaks were accepted, but mostly, ICANN Legal knew exactly what it wanted in these contracts and drafted accordingly. [2]

2. An Outpouring of Concerns from the Internet Community and ICANN’s Government Advisory Committee led to a new section of the contract—“Mandatory Public Interest Commitments” (Mandatory PICs).

Upon review of the new gTLD applications in 2012, a hue and cry quickly arose in two categories. The first was that gTLD categories that some thought were limited and “regulated” were open to all—.BROKERS, .DOCTOR, .ENGINEER. The second was that gTLDs that many thought should be open - or at least open to all in a given industry or business—were proposed to be locked and closed, e.g., generic terms such as .BABY, .CLOUD, .SEARCH, .BOOK, .MOBILE, .BEAUTY.

On November 20, 2012, governments in ICANN’s Government Advisory Committee (GAC) issued 242 new gTLD “Early Warnings” on these and other issues. [3] Ultimately, the GAC consolidated its “advice” in the famous GAC Beijing Communique, April 11, 2013. The GAC advised ICANN to create procedures to protect two categories of new gTLD strings. The first was “Category 1: Consumer Protection, Sensitive Strings, and Regulated Markets” in which the GAC expressed concern on dozens of new gTLD applications, including .GREEN, .FITNESS and .CHARITY. The second was “Category 2: Restricted Registration Policies” which included “Exclusive Access” gTLDs and expressed concern about applicants “proposing to provide exclusive registry access” (only to themselves) for generic words of business and industry, including .BLOG, .APP and .CARS. [4]

On July 8, 2013, ICANN’s Board, after hearing persuasive concerns from the ICANN community, opened up a proceeding to better understand the anticompetitive risks posed by “closed generics.” The proceeding drew businesses and associations to ICANN from across the world, including the Booksellers Association of Bizkaia and Spain, Swedish Booksellers Association, Asia Cloud Computing Association, Consumer Watchdog and many more. [5]

Acting on concerns heard from governments, booksellers, emerging cloud providers, and others, ICANN created a new section of the Base Registry Agreement—“Mandatory PICs,” a few new contractual terms to be embedded in a new appendix titled “Specification 11.” All new gTLD registries would now need to sign their contracts with the new terms of the “Mandatory PICs,” including agreements to enforce banking and other certifications prior to allowing domain name registration in a highly-regulated gTLD, and banning Closed Generics, that is not limiting to a “single person or entity” (e.g., the applicant) exclusive access to domain name registrations in gTLD strings which describe “a general class of goods, services, groups…”. [6]

3. But a funny thing happened on the way to Mandatory PICs. ICANN CEO Fadi Chehadé and his Chief Contract Officer Allen Grogan allowed private PICs—a dumping ground for anything a New gTLD Registry might want to throw into its contract

For reasons no one seems to understand, ICANN CEO Fadi Chehadé and his Chief Contract Officer Allen Grogan (who joined ICANN in May 2013) not only requested that specific new gTLD applicants sign on to the Mandatory PICs of the new Specification 11, but allowed any applicant registry to add any other terms it wanted. But there were no guidelines for review, no conditions or limitations for what might be submitted, no definitions of scope and acceptability. It turned out that whatever registrants threw in, ICANN accepted into the contract. [7]

The new terms, put into the new Specification 11, “below the line” of the Mandatory PICs, were called “voluntary” or “private” public interest commitments, but this was a misnomer. Many of these private PICs (discussed below) were one-sided, self-serving, unfair and imbalanced for the registry applicants; many of them exposed registrants to a loss of domain names for reasons far short of due process or legal decisions.

Becky Burr, then and still an ICANN Board member, speaking in her personal capacity at an event at American University Washington College of Law in February 2019, ICANN and New gTLDs, stated about the private PIC process: “I hope we never see any like that [again]”, “the process by which that happened was appalling,” “and most registries and registrars were appalled by that process as well.” “A subset of… registry applicants came in and made ... commitments that were like, literally, everything in the kitchen sink.” [8]

But no one in ICANN Org seemed to care—and under the oversight of Fadi and Allen, the registry agreements with private PICs were duly signed. [9]

4. Many Private PICs damaged the rights of registrants, allowed new gTLDs registries to engage in content regulation, and gave registries unilateral power to remove domain names based on allegations far short of legal findings.

Fadi and Allen did nothing about the “kitchen sink” that went into the private PICs, or that many terms eliminated traditional rights for future registrants of these domain names. Until these new gTLD agreements (and for years after), Verisign and the Public Interest Registry did not engage actively in content monitoring or takedown of domain names in .com, .org and .net (Verisign is still contractually barred from doing so).

Certainly, malware and botnets (dangers to Internet infrastructure) were investigated and, if appropriate, taken down, but these legacy registries did not unilaterally investigate and remove alleged illegal content. They defended due process and responded to court orders of infringement—leaving to a judicial body the weighing of arguments including copyright infringement versus fair use, whether advertisers may name competitors in their ads (legal in some countries not in others), and whether law enforcement requests for takedowns should be performed.

But Donuts had no such qualms. Co-founder, General Counsel and then EVP of Donuts, Jon Nevett inserted the same private PICs into virtually all of Donuts and its subsidiaries’ applications. This gave Donuts nearly unlimited control over domain names and the unilateral right to strip them away from registrants. Under the terms of the Donuts private PICs and across the 200+ gTLDs which it would ultimately register or purchase, the terms include:

“Registry Operator reserves the right, at its sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status as it determines necessary for any of the following reasons” which were wide-ranging and included:

“... to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process” and

“... infringement of any copyright or trademark.” [10]

Unlike the domain name dispute provisions developed through ICANN’s Multistakeholder process, the UDRP and URS, there was a) no required notice to the registrants of allegations against their content and domain names, b) no clear opportunity for registrant response, c) no clear standards for evaluation, grant and dismissal, and d) no court or independent third party dispute resolution provider hearing both sides.
Although ICANN, by its own structure, precedents and new bylaws, does not engage in content regulation, Donuts stripped future registrants of virtually all of their due process rights in new gTLDs across its portfolio.

5. Donuts also monetized the PICs.

At the same time, Donuts and Jon monetized private PICs by selling broad trademark rights to trademark owners—including proposals rejected by ICANN’s Multistakeholder community.

One, a “block list,” requested by Intellectual Property Constituency leaders asked ICANN to block certain trademarks from registration across all new gTLDs. While the ICANN Community accepted many of the intellectual property community’s requests, this one was rejected by the multistakeholder process. The reasoning was that the basic redundancy of words and names is protected by language and trademark law, and no one has exclusive rights to common words and names.

While McDonald’s Corporation and Time Warner may use common last names such as McDonald or words such as “people,” “money,” and “fortune” for fast food and magazines, these names and words can be used by others in a) their noncommercial sense and b) non-infringing commercial ways. Across the wide array of new gTLDs, there are many legal opportunities for redundant uses of words.

But Jon and Donuts, through the private PICs, created the Domains Protected Marks List (DPML) and sold the expanded protection (rejected by ICANN’s ICANN Multistakeholder process) to trademark owners across 200+ new gTLDs. [11]

But not to worry, Jon made PICs voluntary, so they could be revoked unilaterally at any time:

“Registry Operator, in its sole discretion and upon written notice to ICANN, may elect at that time to discontinue any of such public interest commitments in the case of a substantial and compelling business need.” [12]

6. ICANN, under Fadi and Allen, then created a completely upside-down process: a “dispute resolution procedure” to protect the PICs, but not to allow challenges to those that were one-sided, self-serving, unfair and imbalanced.

Certainly, the Mandatory PICs needed enforcement. If General Motors were to be the registry of .AUTOMOBILE and refuses to sell domain names to Ford or Toyota that is a problem that a cheap, rapid and low-overhead arbitration, along the lines of the well-proven UDRP, might rapidly resolve.

But in December 2013, Fadi and Allen allowed an arbitration procedure to be applied to the private PICs that was fundamentally flawed because the dispute process had no mandate to review the content of a private PIC, to moderate or limit private PICs, or to remove their abusive elements. The only thing the Public Interest Commitment Dispute Resolution Procedure (PICDRP) would handle was non-compliance with a PIC. [13]

Thus, under Fadi and Allen, in an utterly strange twist, ICANN:

• Did not allow Registrants to challenge private PICs as outside ICANN’s “no content” scope;
• Did not allow Registrants to challenge the unreasonableness or one-sidedness of private PICs or their lack of due process; and
• Did not require registries to tell a registrant even why a domain name was being taken down.

PICDRP exists only as mechanism to see how far already-privileged parties can go in enforcing their private privileges. Unlike UDRP or URS, it does not even have a third-party forum that vouches for and oversees its processes—such as WIPO or The Forum.

Further, not a single panelist lists human rights as an area of expertise, and only one lists privacy or free speech. That may come as no surprise because these types of issues are ill-suited for arbitration and certainly not an arbitration process where the only rules are what the registry drafted in its own (or a few stakeholders’) self-interest. [14] No ICANN Multistakeholder Process reviewed the PICDRP for its scope, guidelines, rules, limits or ability to handle the wide array of free speech, privacy and other fundamental rights issues that might arise.

(Note: In every other dispute mechanism designed by the ICANN Community, the rules were carefully considered, fairness carefully weighed, notice provided, response periods included, and forums carefully chosen and (currently) being reviewed.

But no ICANN multistakeholder process created clear rules for the PICDRP, reviewed PICDRP policies and procedures, or checked the background of PICDRP panelists for the range of free speech, due process, jurisdiction, government rights, competition and privacy laws (as a sample) that might arise given the arbitrariness and wide-ranging nature of the private PICs.

ICANN does not know how the PICDRP will handle the natural strains and stresses of overseeing key questions of content online—and how it will protect active (and exposed) users seeking to reveal problems with the very governments, law enforcement agencies, and corporations who would be using the private PICs to demand private “takedowns” of their domain names and their content and communication attached.)

7. Now the creators and users of Voluntary PICs process ask us to “trust them” with .ORG registrants and the .ORG Community.

Overall, Fadi and Allen created private PICs and the PICDRP process in the tornado of activity of the new gTLD roll-out. They allowed the devastation of any boundaries of protection for future new gTLD registrants. No one cared about registrants.

These very men, albeit in different hats, now ask us to trust that they will protect some of the most important registrants, some of the most vulnerable organizations, some of the most sensitive, powerful, community and country-changing speech on the Internet.

But what they did, private PICs, the worst process ever to take place in ICANN, destroyed the faith that many of us had in the ICANN process. No one needs to spend years negotiating “fair and balanced processes” across multistakeholder groups when they can be undermined in a matter of moments by private PICs thrown into a contract unilaterally, which no one has the ability to remove—no matter how unfair.

Now Fadi, Allen, Jon, Ethos and PIR come to the ICANN Community and tell us that their PICs will be fair and that the PICDRP process will be good enough. People far brighter than I are critiquing the proposed .ORG private PICs and many of these critiques show them to be just as one-sided, self-serving and limiting of registrant rights as other private PICs. It makes sense; there’s a history.

8. Ethos and PIR could give us real structural changes and real rights and protections for .ORG registrants and the .ORG community.

Ethos and PIR could present real, substantive structural changes that allow the .ORG registrants and community a real vested, voting and veto interest in .ORG on significant issues (see Professor Benjamin Leff’s piece here in CircleID, posted 2/27,). They could build their commitments into the Articles of Incorporation with clear, detailed public benefit LLC statements (as a part of our obligations).

They could revert to the old .ORG contract (of eight months ago) with its clear contractual commitments to ICANN of limited price increases and no content removal.

They could embody all of their obligations and promises in a clear Addendum to their registry agreement—one which ICANN Org has real responsibilities to monitor and protect.

But no, Allen, Fadi and Jon want us to “trust them” and want to give .ORG registrants (present and future) the barest scraps from the .ORG table of rights and privileges with a few PICs, limited in scope and only weakly enforceable through a PICDRP, untested and unscoped for this purpose.

No, I’m afraid this new, private .ORG PIC process is appalling too.

9. Voluntary PICs would be a horrible thing in which to entrust the cradle of nonprofit organizations and the podium of noncommercial speech.

For over 30 years, speakers have used .ORG to speak truth to power with little fear of takedown (note: NSI, Verisign, ISOC & PIR until this summer, were all bound by “do not regulate content” rules and customs for.ORG domain names). Dot Org has been the gTLD where groups flocked to decry corruption, reveal the dangers of dictatorship, show abuse of private and public forums and, yes, seek the overthrow of tyranny—sometimes at the risk of their own freedom or that of their families, but not at the risk of their domain names.

The public accessed .ORG domain names to learn about their rights, to find groups to provide them protections, to register to vote, and to read about corruption in their countries—often bypassing state-controlled media which provided no insight.

Many who worked for and volunteered with .ORG over three decades dedicated themselves to the task of protecting this cradle of free speech. In protecting this special gTLD, we want full protection, not scraps from a discredited system of voluntary PICs that serve only those who write them.

* * *

SPECIFICATION 11 AND ENDNOTES

Specification 11

PUBLIC INTEREST COMMITMENTS

1. Registry Operator will use only ICANN accredited registrars that are party to the Registrar Accreditation Agreement approved by the ICANN Board of Directors on 27 June 2013 in registering domain names. A list of such registrars shall be maintained by ICANN on ICANN’s website.

2. Registry Operator will operate the registry for the TLD in compliance with all commitments, statements of intent and business plans stated in the following sections of Registry Operator’s application to ICANN for the TLD, which commitments, statements of intent and business plans are hereby incorporated by reference into this Agreement. Registry Operator’s obligations pursuant to this paragraph shall be enforceable by ICANN and through the Public Interest Commitment Dispute Resolution Process established by ICANN (posted at http://www.icann.org/en/resources/registries/picdrp), which may be revised in immaterial respects by ICANN from time to time (the “PICDRP”). Registry Operator shall comply with the PICDRP. Registry Operator agrees to implement and adhere to any remedies ICANN imposes (which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement) following a determination by any PICDRP panel and to be bound by any such determination

[Registry Operator to insert specific application sections here, if applicable]

3. Registry Operator agrees to perform the following specific public interest commitments, which commitments shall be enforceable by ICANN and through the Public Interest Commitment Dispute Resolution Process established by ICANN (posted at http://www.icann.org/en/resources/registries/picdrp), which may be revised in immaterial respects by ICANN from time to time (the “PICDRP.”). Registry Operator shall comply with the PICDRP. Registry Operator agrees to implement and adhere to any remedies ICANN imposes (which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement) following a determination by any PICDRP panel and to be bound by any such determination.

a. Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.

b. Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.

c. Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.

d. Registry Operator of a “Generic String” TLD may not impose eligibility criteria for registering names in the TLD that limit registrations exclusively to a single person or entity and/or that person’s or entity’s “Affiliates” (as defined in Section 2.9(c) of the Registry Agreement). “Generic String” means a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.

Endnotes

[1] 2012, New gTLD Applicant Guidebook, See Module 5, Base Agreement & Specifications, https://newgtlds.icann.org/en/applicants/agb.

[2] Personal experience; I worked to convene the Registries Stakeholders Committee which reviewed the draft base registry agreement.

[3] GAC Early Warnings, https://gac.icann.org/activity/gac-early-warnings

[4] GAC Beijing Communique, 11 April 2013, https://gac.icann.org/contentMigrated/icann46-beijing-communique

[5] https://www.icann.org/en/system/files/files/report-comments-closed-generic-08jul13-en.pdf

[6] Specification 11, Public Interest Commitments, pp. 98-99, https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-redline-31jul17-en.pdf

[7] https://newgtlds.icann.org/en/announcements-and-media/announcement-06mar13-en

[8] Panel 2, https://www.wcl.american.edu/impact/initiatives-programs/pijip/events/icann-and-the-new-top-level-domains/

[9] See e.g., .LAND, https://www.icann.org/sites/default/files/tlds/land/land-agmt-html-redline-10sep13-en.htm

[10] See e.g., .LAND contract, Specification 11, 4(d), https://www.icann.org/sites/default/files/tlds/land/land-agmt-html-redline-10sep13-en.htm

[11] See e.g., .LAND, above, Specification 11, 4(c).

[12] See e.g., .LAND, above, Specification 11, end of private PIC.

[13] Revised PICDRP (review the “redline” to see the 2013 version), https://www.icann.org/resources/pages/picdrp-2014-01-09-en

[14] See e.g, Matthew J. Stanford, Diminution Doctrine: Arbitration’s First Amendment Problem, 52 UC Davis Law Review Online 73 (2018).