sure, as you prefer

https://docs.google.com/spreadsheets/d/1wke2krmhV2tNPNhvIOskAlLVraWp-88mqzScCtj01fw/edit#gid=809273920

How is it that we are hearing a proposal at this time. It is out of order

Point of order please to the Chair

?

david, you are fading in and out pretty regularly

me too

@Brian - there was also an individual proposal covering this and we didn't review (I think) but held it over to be dealt with this oerarching Q

I mean…. The question clearly begs for a proposal to make the URS a consensus policy (as well as potentially other new gTLD RPMs)

@Susan: That is staff’s understanding.

Susan is correct -- there is the overarching Q and also the specific Q on whether URS should become CP

I'm very confused - there is already a proposal to make the URS a consensus policy, so it's not new

There is an extensive discussion in our public comment summary of our work.

(of URS Indiv #31)

Analysis summary of proposal 31 is on pages 25-26: https://docs.google.com/document/d/1Pnqor6rHjvowH66GPQG9XI23n8H2mgkbf39-jA4KlFc/edit#

@Susan we are supposed to be reviewing public comments....

Thanks Maxim

@Zak, thanks, I thought you were arguing this was a new proposal, which I don't think it is. But sounds like that wasn't your concern

there is no value in Claims - Sunrise is literally decades over

for pre 2012 TLDs, all other TLDs are going to be new gTLDs with RPMs

Most of the new gTLDs apply to the opening of a gTLD and could not apply to a legacy; the only possible ones for Consensus Policy are URS and TM-PDDRP

@Phil - TM Claims could also apply, if applied on an ongoing basis

@Griffin, it had to be announced prior to the General Availability - so it is more than 20 years late

for that

Great summary

old hand, I wrote in the chat

@Griffin--yes in theory, but we have no broad support for going beyond 90 days on claims

I wasn’t commenting on support, I was just responding to your statement about which new gTLD rpms could in theory apply to legacy gTLDs in some capacity

Jason +100

understood

Thanks @Mary. And .AERO RA is up to renewal soon.

If almost all registries already operate the URS either as new gTLDs or legacies who have voluntarily adopted it, what it the problem with having remaining legacy gTLDs adopt the URS as well?

Especially where one of those registries is advocating in favor of it?

Where does ulitmate authority lie? With ICANN.org or the community?

I don’t find the rationale from the comments against adoption of URS as a consensus policy particularly persuasive

@Paul, it depends on whether the binding obligation on Contracted Parties comes from their contract (i.e. is included in the RA as a result of bilateral negotiations between ICANN org and the registry operator) or via Consensus Policy (i.e. out of a GNSO PDP that’s adopted by the Board). For the 2012 new gTLDs, it was a contractual obligation in the standard RA.

Double muted?

Thanks Mary and for the legacy TLDs like .info and .org?

we should also be looking at the comments on Indiv Prop 31, rather than these comments in isolation

@Paul, as mentioned: of the legacy gTLDs that have renewed their RAs, only .com and .net do NOT have the URS included in their contract with ICANN. There are three remaining legacy gTLDs that have not yet renewed their contracts and, as such, are not currently obligated to implement the URS (.aero, .name, .post).

Agree Susan

My family loves donuts - our shelter-in-place treat.

So if its not a consensus policy will URS be reomved from those TLDs?

No

(@ Paul T)

So GDD effectively front-runs this working group and the multistakeholder model?

RPMs are a floor not a ceiling, so nothing has ever prevented individual registries from voluntarily taking on additional ones

Julie is sharing :)

Where is the ICANN mandate then? Given the multistakeholder model hasn't approved and the public comment didn’t approve?

So the question is, will the WG be given a full, robust opportunity to discuss this, or is the perceived lack of support from public comment binding?

Most of the comments on overarching Q2 against adoption of URS as a consensus policy simply say that it was intended specifically for new gTLDs and so therefore it should not become a consensus policy applicable to legacy gTLDs…but this rationale is not particularly useful

@Paul, Consensus Policies can only be changed, superseded or dropped via the GNSO policy process. However, for contracts such as the Registry Agreement, proposed amendments and renewals are posted for public comments prior to them taking legal effect.

@Paul, given the spread in the donut, I don’t think the donut offers any position, much less a binding one.

I think comments arguing it shouldn’t be applied to legacy TLDs based on the lack of utilization are also not persuasive, bc as we all know, the vast majority of registrations, and therefore vast majority of abuse where the URS would be a tool for addressing same, is still occurring in legacy gTLDs and not new gTLDs

Did we bypass any other overarching questions?

@Paul M: The WG has discussed all of the other overarching questions

We cant not have this discussion.

@Paul M when I reviewed the calls from 1 and 3 (IIRC), in effect, yes, we "bypassed" them (though we did have a conversation)

@Mary Weren’t those public comments were overwhelmingly against?

@Mary Weren’t those public comments overwhelmingly against?

There is no majority in the donut. At best, a plurality.

@PaulT, I don’t have specific information on the nature of the comments regarding all the legacy renewals, since there were quite a few renewals over the years.

I was talking about the .org and .info comment periods May 2019?

@PaulT, we don’t have the comments on hand to check; but I don’t believe the comments on renewals addressed the question of URS as Consensus Policy, which is the issue this WG is trying to determine.

i am aware on NO internal Verisign discussions about adopting URS as contract - we want URS adopted by this group but I have no idea what plans are otherwise

But the question isn't whether or not the URS be a voluntarily contractual provision. The question is should it be a Consensus Policy. The WG could have asked the first question, but it didn't.

Procedurally, it is inappropriate for the ICANN organization to impose these mechanisms on .org, a legacy TLD that dates from the earliest days of the domain name system. Such a move must come, if at all, from the ICANN community after an evidence-based discussion. ICANN staff have presented no evidence of any need for Trademark Claims and URS in the .org TLD.” – EFF and DNRC from the staff report

The UDRP applies to all gTLDs, old and new…. Not sure what Zak’s point is re URS vs. UDRP application to legacies

Clear and convincing cases can’t happen in legacy gTLDs?

Zak is now waxing on the utility of the URS generally rather than the actual question before us

What evidence does Zak have for his projection that thousands of harassing URS cases would come forward if applied to .COM and .NET?

Zak is doing what I think needs to be done - substantive comments on whether or not to adopt the URS as Consensus Policy. Glad we have moved off the topic of whether or not we should discuss the question. It appears we finally are.

@Zak: The fix for that is procedural - to enforce the standards - not to dump the mechanism.

I wonder if it is going to potentially be something applicable only to new registrations or all?

@Paul: Asking this specific question is in the charter, so of course we're discussing it.

@Maxim - an important question. New registrations? New renewals? Or, retroactive to all?

Hi Cyntia, my sense is that this WG had the opportunity to try to make the URS more robust, under enforceable contract, and chose not to do so.

@Rebecca: That's just factually incorrect. It wasn't made consesus policy is because it was out of scope at the time.

@Cyntia - for the first 50 minutes it wasn't at all clear that we would get to the substance. Kudos to Phil for moving us off discussion on whether or not we will discuss and moving us into the actual substantive discussion.

@Paul, it is going to affect operations and assets management

so this thing is important too

I'm not on any side of any aisle. :-) I'm sure I have colleagues who quite like the URS. I just don't.

I think we kinda know now what URS is going to look like

Cyntia, I'm talking about this WG's discussion where we ended up without consensus about whether the URS did its job, and were able to agree to at most it might.

@Nat: That's not at the discussion in the sub-teams I participated in.

@ Rebecca: Thanks. I disagree on your perception of the where we landed here.

Wasn't only the first 90 days originally?

also what happens when 10years registration stuck in URS - totally useless domain ?

Proposals to improve the efficacy of URS were rejected

And I completely disagree with assertions that URS is not fit for purpose for legacy gTLDs… as I noted earlier in chat, the bulk of activity for which URS would be well-fit for purpose is taking place in legacy gTLDs rather than new gTLDs - such as phishing and pharming

@Maxim: As I understand the current position, the domain would revert to the origial registrant. I'm not aware that we had consensus to transfer of the domain under the URS

I Totally agree Greg

And there is no evidence that the URS would be used for some kind of concerted widespread harassment of registrants

@Cyntia, at the end of the suspension the domain name goes back into general circulation and is available for registration by anyone.

Totally agree Greg, How can ICANN claim any legitimacy as a multistakeholder governance model it if deals with the bigger issues privately with their contracted parties?

@Zak: The question was what happens iif the registration is for 10 years.

Then it is a zombie domain name for 10 years... :)

@Cyntia, I think it drops at the end of the 10 years. Goes back into the pool of registrable domain names

@Zak & @Maxim: Who would register an obviously abusive registration for 10 years?

apple.horse? Cyntia

I think 10-year long registrations are quite rare in general, but don’t have statistics on that

@Kathy: But what happens after year 1 & the extension of year 2? A complaint of brand owners is what happens to the domains after that.

That’s not the rule

it is more about stuck and frozen state

@Cyntia, nothing prevents that (in case where the domain was registered for 10 years)

BUt don't the URS rules only provide for suspension for 1 year, & possible extension of suspension for 1 more year? The domain never goes into the registration of hte successful brand owner, so when the suspension is lifted, the domain will be in the hands of hte original registrant.

No, suspension for remaining duration of registration period, but possible extension of 1 additional year

Then the registration expires

It isn’t automatically retained by the initial registrant, as far as I understand

I am having a hard time following Nat’s comments

Look what happened with price caps being removed by ICANN staff for legacy gTLDs like .org and the Californian AG had to help the ICANN board with the right approach

The timelines in the New gTLDs are not likely to produce RDNH.

90 days too?

phishing is a trademark issue when the phishing relies on use of a trademark

Which is common practice

URS is still only for trademark reasons.

@Griffin: Thanks for the clarification for me.. That makes less sense to me than my misunderstanding of the suspension period.

Personal view -- the overarching Q is whether any RPM should be CP and subject to URS and under what transition rule. So it is not correct to say that application of URS to remaining legacy gTLDs that have not adopted it would apply to all existing registrations. BC for example has supported for only new registrations post-adoption. So scope of application as a CP is an open question, if we wish to address it

How does the position on a different individual proposal apply here?

@griffin RA 3.18 ? doesn't require infringment and most phlising domains do not infringe statistically

only TM was considered

and more quickly than a URS

URS is more about freezing , not about taking down or transferring

But it does result in termination of ownership rights

RA 3.18 does the job Cyntia

You don’t want the solution to be worse than the problem.

Paul…. Not sure I understand your reference to RA 3.18?

Do you mean RAA 3.18?

Agreed Paul and Cyntia on need for a better tool to take down abusive sites

3.18(1) “…Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”

Richard Roberts at the University of Md is doing really fascinating work on what domain names are associated with phishing/similar spoofing and it is surprising how much is simply not in the second level TLD and thus untouched by URS/UDRP

@Paul T - yes you are quoting from the RAA not the RA

I think it would be a great service for ICANN to bring him & his team in to the discussion

I am familiar with 3.18 of the RAA

The URS is for obviously abusive registrations. How is this the Bogey Man?

Sorry, what should be looked at more holistically?

So, is that a consensus: That we need a better tool to take down clearly abusive domains and recidivist registrations, but the URS is not sufficient and therefore should not be applied under consensus -- instead, a new PDP should be formed to consider that "better tool"?

The cries for a better tool, having gone through 4 years of discussions in this WG, I find incredibly disingenuous

We had the opportunity to do that by adopting meaningful improvements to the URS and those were soundly rejected by those now apparently decrying the lack of a better tool

@Rebecca -- has Roberts published anything on this?

The UDRP was also intended for “Clear cut cybersquatting” yet an unbalanced administration and mission creep led it to be repurposed as a tool to seize inherently valuable domain names.

@Rebecca: I glad Mr.Roberts work is intersting. That doesn't address the problem we're working on. Obviously abusive domain registrations.

@Nat - not sure there is any valid support for that proposition

He has a few papers--he sent me one that's under review, I think, and was very willing to consider doing more w/ICANN. I've been trying to figure out best way to bring his empirical work in

It doesn't obviously support any "side" here but is really useful in data

@Griffin - as someone who has had to defend over 20 unjustified UDRP complaints, I can speak to that personally

Cyntia, if you claim the problem is phishing then it matters whether the remedy can actually address it

@Nat -- Not sure how URS has been repurposed in that way since the result is Suspension and not transfer, and the prior owner is able to re-register after termination.

@Nat: The UDRP has had the same (3) standards since it's inception. I agree there've been a few bad decisions & we need to do more active monitoring. A few improper decisions doesn't invalidate the model nor transfer to this mechanism, tho.

@greg - the WG would do well to consider the impact on the registrants of 130 million .com domain names who will bear the impact of the policy decisions ICANN adopts.

A rapid suspension remedy for cases of phishing and pharming, and spread of malware (all of which often use a trademark or facsimile in the domain name as a vector to accomplish these forms of abuse) would actually be helpful; to my earlier point, many such activities still rely on legacy gTLDs

https://www.cs.umd.edu/~ricro/research/publications/ccs19_te.pdf for long term reading/consideration

@Rebecca -- URS can be used to address phishing -- and the fact that there may be other non-second level domain name means of phishing does not negate the fact that a tremendous amount of phishing does rely on second level typosquat domains.

@Rebecca - thanks for posting the article! Interesting! Looking forward to a good read.

@Nat, the impact for many, many registrants will be positive, since it provides an avenue for dealing with fake domains resembling their registrations.

Empirically the URS isn't used much to address phishing--our data collection coded for any mention of phishing and it was rare

Bc most of it still occurs in legacy gTLDs

@Cyntia - the three criteria often collapse into one - whether the panelist considers the registration and use is bad faith. Confusing similarity is so broadly viewed as to be largely meaningless. Legitimate interest is usual conditional on bad faith. So you are left with a panelist’s subjective views as to what is bad faith.

That doesn't mean .com would be the same but that is kind of the point--there is no reason to think URS is fit to do .com

Well the people who actually work daily to combat phishing and similar harms are telling you that the URS could be a useful tool for addressing it if extended to legacy gTLDs

Panelists find bad faith for all sorts of reasons that are not “clear cybersquatting” and have ordered the transfer of inherently valuable domain names that are not even targeting the complainant.

There is also no reason to think URS is not fit to do .com, as a gTLD.

Bc the UDRP standard is not clear cybersquatting

@Nat -- Would adopting a precedential system of URS decisions address your concerns about inconsistency and subjectivity?

@Rebecca: It's not just my claim. Phishing is an issue. However, our working group has a limited purview.

However the co-chairs go on this, at least we were able to talk through it substantively. I'm glad about that.

Next call: Thursday, 27 August 2020 at 17:00 UTC for 90 minutes.

@Michael - I think there are numerous steps that could be adopted to make the URS more reliable.

@Nat - where were you over teh past few years as we discussed that?

The fact is, we found no significant evidence that the URS was applied improperly

I agree thre can be guardrails & improvements - we've been talking about that for 4 years. We've made some recommendations, which is why I believe teis mechanism could be useful in other tLDs

Zak was engaging on behalf of the ICA. I would hope that Phase 2 would be run more efficiently.

We can all agree on your latter point Nat

Thanks Brian, Phil, Kathy, staff and all.

Thanks all.

@Griffin - Agreed

Thanks Brian. Challenging call. Well done.

thanks all

+1