Domain Names |
Sponsored by |
A discussion is presently underway about the Uniform Rapid Suspension System (URS) (and in Phase 2 next year of the Uniform Domain Name Resolution Policy (UDRP)), whether it is performing as intended. The URS is less than five years old, and there are not an overwhelming number of decisions. Since 2013, rights holders have filed less than one thousand complaints (with three providers, the Forum being the most active), which translates into less than 170 decisions annually...
If we traveled back in time, we would discover that unauthorized squatting on someone else's property is an ancient tort, but in cyberspace, it dates from the mid-1990s. Its emergence brought together governments and intellectual property stakeholders to demand a rights protection mechanism devised to deal with this new form of squatting. In 1999 the World Intellectual Property Organization (WIPO) completed its work on a proposal for an online rights protection mechanism which ICANN crafted into the Uniform Domain Name Dispute Resolution Policy (UDRP).
The Internet Corporation for Assigned Names and Numbers (ICANN) launched the Uniform Rapid Suspension System (URS) (2013) in anticipation of the marketing of new gTLDs that became available from November 2013. It is one of four new rights protection mechanisms (RPMs) designed to combat cybersquatting. It is not intended for legacy gTLDs, and for new TLDs, it is planned only for that class of dispute colloquially referred to as a "slam dunk."
Late last week, ICANN published the guidance from the Article 29 Working Party (WP29) that we have been waiting for. Predictably, WP29 took a privacy maximalist approach to the question of how Europe's General Data Protection Regulation (GDPR) applies to WHOIS, a tool widely used by cybersecurity professionals, businesses, intellectual property owners, consumer protection agencies and others to facilitate a safer and more secure internet.
Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in. As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system.
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system. The 7th ROW will be held in Vancouver, Canada on Thursday, May 17th 2018 in the afternoon, at the end of the GDD Industry Summit, in the same venue.
The integrity of any legal system depends on the quality of mind of those appointed to administer it. There are expectations that the one judging the facts and applying the law knows what the facts are and what law to apply. Panels appointed to adjudicate disputes under the Uniform Domain Name Dispute Resolution Policy (UDRP) are not held to any lower standard than the judges of courts of competent jurisdiction.
We've talked about the conflicts between our ICANN contract and privacy law in the past. Not once, not twice, but multiple times. We refused to sign the 2013 Registrar Accreditation Agreement (RAA) with ICANN until we'd received a data retention waiver. That decision probably cost us money, but if we have to choose between operating legally or illegally our path is clear.
Today is Holocaust Remembrance Day. Today we remember that the Nazis rounded up Jews, Roma, political dissidents, and other "undesirables" using the best data and technology of the day and sent them off to concentration camps. We don't normally deal with this type of political reality in ICANN, but now is the time to do so. In 1995, the recently formed European Union passed the EU Data Protection Directive.
I think we are all hoping that when ICANN meets with the DPAs (Digital Protection Authorities) a clear path forward will be illuminated. We are all hoping that the DPAs will provide definitive guidance regarding ICANN's interim model and that some special allowance will be made so that registrars and registries are provided with additional time to implement a GDPR-compliant WHOIS solution.