Skip to main content
Resources

Minutes | Regular Meeting of the ICANN Board

A Regular Meeting of the ICANN Board of Directors was held on 26 April 2015 at 15:00 local time in Los Angeles, California.

Steve Crocker, Chair, promptly called the meeting to order.

The following Directors participated in all or part of the meeting in person: Rinalia Abdul Rahim, Cherine Chalaby, Fadi Chehadé (President and CEO), Chris Disspain, Wolfgang Kleinwächter, Markus Kummer, Bruno Lanvin, Erika Mann, Gonzalo Navarro, Ray Plzak, George Sadowsky, Mike Silber, Bruce Tonkin (Vice Chair), and Kuo-Wei Wu. In addition, Asha Hemrajani attended via telephone.

The following Board Liaisons participated in all or part of the meeting: Ram Mohan (SSAC Liaison), Thomas Schneider (GAC Liaison),

Jonne Soininen (IETF Liaison, and Suzanne Woolf (RSSAC Liaison).

Secretary: John Jeffrey (General Counsel and Secretary).

The following ICANN Executives and Staff participated in all or part of the meeting: Akram Atallah (President - Global Domains Division), Susanna Bennett (Chief Operating Officer), Michelle Bright (Board Support Content Manager), Xavier Calvez (Chief Financial Officer), David Conrad (Chief Technology Officer), Sally Costerton (Sr. Advisor to the President – Global Stakeholder Engagement), Samantha Eisner (Associate General Counsel), Teresa Elias (Manager, Board Support Operations/Admin), Dan Halloran (Deputy General Counsel), Rob Hoggarth (Senior Director, Policy and Community Engagement), Tarek Kamel (Sr. Advisor To The President - Gov. Engagement), Vinciane Koenigsfeld (Board Support Content Manager), Denise Michel (VP, Strategic Initiatives & Advisor to President), Wendy Profit (Board Support Specialist), Amy Stathos (Deputy General Counsel), and Theresa Swinehart (Sr. Advisor to the President on Strategy).

  1. Consent Agenda:
    1. Approval of Board Meeting Minutes
    2. Delegation of the .հայ ("hye") domain representing Armenia in Armenian script to the Internet Society of Armenia
    3. Redelegation of the .BN domain representing Brunei Darussalam to Brunei Darussalam Network Information Centre Sdn Bhd (BNNIC)
    4. Delegation of سودان. ("Sudan") representing Sudan in Arabic script to Sudan Internet Society
    5. Appointment of Annual Independent Auditors
    6. Next Steps for the EWG Final Report on Next Generation Registration Directory Services
  2. Main Agenda:
    1. Approval of Minutes
    2. Consideration of Independent Review Panel's Final Declaration in Booking.com v. ICANN
    3. Reserve Fund Release – USG IANA Stewardship Transition Costs
    4. IT Services Contracting
    5. SO/AC FY16 Additional Budget Requests for FY16
    6. ICANN Five-Year Operating Plan
    7. Structural Improvements Committee Chair
    8. Funding Digital Services platforms and code-base review
    9. Investment management – Adjustments to the account structure
    10. AOB

 

  1. Consent Agenda:

    The Chair introduced the items on the consent agenda and called for a vote. The Board then took the following action:

    Resolved, the following resolution in this Consent Agenda is approved:

    1. Approval of Board Meeting Minutes

      Resolved (2015.04.26.01), the Board approves the minutes of the 12 February 2015 Meeting of the ICANN Board.

    2. Delegation of the .հայ ("hye") domain representing Armenia in Armenian script to the Internet Society of Armenia

      Resolved (2015.04.26.02), as part of the exercise of its responsibilities under the IANA Functions Contract, ICANN has reviewed and evaluated the request to delegate the .հայ IDN country-code top-level domain to Internet Society. The documentation demonstrates that the proper procedures were followed in evaluating the request.

      Resolved (2015.04.26.03), the Board directs that pursuant to Article III, Section 5.2 of the ICANN Bylaws, that certain portions of the rationale not appropriate for public distribution within the resolutions, preliminary report or minutes at this time due to contractual obligations shall be withheld until public release is allowed pursuant to those contractual obligations.

      Rationale for Resolutions 2015.04.26.02 – 2015.04.26.03

      Why the Board is addressing the issue now?

      In accordance with the IANA Functions Contract, the ICANN staff has evaluated a request for ccTLD delegation, and is presenting its report to the Board for review. This review by the Board is intended to ensure that ICANN staff has followed the proper procedures.

      What is the proposal being considered?

      The proposal is to approve a request to the IANA Department to assign the sponsoring organization (also known as the manager or trustee) of the .հայ country-code top-level domains to Internet Society of Armenia.

      Which stakeholders or others were consulted?

      In the course of evaluating a delegation application, ICANN staff consults with the applicant and other interested parties. As part of the application process, the applicant needs to describe consultations that were performed within the country concerning the ccTLD, and their applicability to their local Internet community.

      What concerns or issues were raised by the community?

      Staff are not aware of any significant issues or concerns raised by the community in relation to this request.

      What significant materials did the Board review?

      The Board reviewed the following IANA staff evaluations:

      • The domain is eligible for continued delegation, as .հայ is the approved internationalized domain name string for Armenia;
      • The relevant government has been consulted and does not object;
      • The proposed sponsoring organization and its contacts agree to their responsibilities for managing this domain;
      • The proposal has demonstrated appropriate local Internet community consultation and support;
      • The proposal does not contravene any known laws or regulations;
      • The proposal ensures the domain is managed locally in the country, and is bound under local law;
      • The proposed sponsoring organization has confirmed they will manage the domain in a fair and equitable manner;
      • The proposed sponsoring organization has demonstrated appropriate operational and technical skills and plans to operate the domain;
      • The proposed technical configuration meets the IANA department's various technical conformance requirements;
      • No specific risks or concerns relating to Internet stability have been identified; and
      • Staff have provided a recommendation that this request be implemented based on the factors considered.

      These evaluations are responsive to the appropriate criteria and policy frameworks, such as "Domain Name System Structure and Delegation" (RFC 1591) and "GAC Principles and Guidelines for the Delegation and Administration of Country Code Top Level Domains".

      As part of the process established by the IANA Functions Contract, the "Delegation Report" will be published at http://www.iana.org/reports.

      What factors the Board found to be significant?

      The Board did not identify any specific factors of concern with this request.

      Are there positive or negative community impacts?

      The timely approval of country-code domain name managers that meet the various public interest criteria is positive toward ICANN's overall mission, the local communities to which country- code top-level domains are designated to serve, and responsive to ICANN's obligations under the IANA Functions Contract.

      Are there financial impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

      The administration of country-code delegations in the DNS root zone is part of the IANA functions, and the delegation action should not cause any significant variance on pre-planned expenditure. It is not the role of ICANN to assess the financial impact of the internal operations of country-code top-level domains within a country.

      Are there any security, stability or resiliency issues relating to the DNS?

      ICANN does not believe this request poses any notable risks to security, stability, or resiliency. This is an Organizational Administrative Function not requiring public comment.

    3. Redelegation of the .BN domain representing Brunei Darussalam to Brunei Darussalam Network Information Centre Sdn Bhd (BNNIC)

      Resolved (2015.04.26.04), as part of the exercise of its responsibilities under the IANA Functions Contract, ICANN has reviewed and evaluated the request to redelegate the .BN country-code top-level domain to Brunei Darussalam Network Information Centre Sdn Bhd (BNNIC). The documentation demonstrates that the proper procedures were followed in evaluating the request.

      Resolved (2015.04.26.05), the Board directs that pursuant to Article III, Section 5.2 of the ICANN Bylaws, that certain portions of the rationale not appropriate for public distribution within the resolutions, preliminary report or minutes at this time due to contractual obligations shall be withheld until public release is allowed pursuant to those contractual obligations.

      Rationale for Resolutions 2015.04.26.04 – 2015.04.26.05

      Why the Board is addressing the issue now?

      In accordance with the IANA Functions Contract, the ICANN staff has evaluated a request for ccTLD redelegation and is presenting its report to the Board for review. This review by the Board is intended to ensure that ICANN staff has followed the proper procedures.

      What is the proposal being considered?

      The proposal is to approve a request to the IANA department to change the sponsoring organization (also known as the manager or trustee) of the .BN country-code top-level domain to Brunei Darussalam Network Information Centre Sdn Bhd (BNNIC).

      Which stakeholders or others were consulted?

      In the course of evaluating a delegation application, ICANN staff consults with the applicant and other interested parties. As part of the application process, the applicant needs to describe consultations that were performed within the country concerning the ccTLD, and their applicability to their local Internet community.

      What concerns or issues were raised by the community?

      Staff are not aware of any significant issues or concerns raised by the community in relation to this request.

      What significant materials did the Board review?

      The Board reviewed the following IANA staff evaluations:

      • The domain is eligible for continued delegation, as it is an assigned alpha-2 code that is listed in the ISO 3166-1 standard for the country of Brunei Darussalam;
      • The request is consented by the existing sponsoring organization, Telekom Brunei Berhad;
      • The relevant government has been consulted and does not object;
      • The proposed sponsoring organization and its contacts agree to their responsibilities for managing this domain;
      • The proposal has demonstrated appropriate local Internet community consultation and support;
      • The proposal does not contravene any known laws or regulations;
      • The proposal ensures the domain is managed locally in the country, and is bound under local law;
      • The proposed sponsoring organization has confirmed they will manage the domain in a fair and equitable manner;
      • The proposed sponsoring organization has demonstrated appropriate operational and technical skills and plans to operate the domain;
      • The proposed technical configuration meets the IANA department's various technical conformance requirements;
      • No specific risks or concerns relating to Internet stability have been identified; and
      • Staff has provided a recommendation that this request be implemented based on the factors considered.

      What factors the Board found to be significant?

      The Board did not identify any specific factors of concern with this request.

      Are there positive or negative community impacts?

      The timely approval of country-code domain name managers that meet the various public interest criteria is positive toward ICANN's overall mission, the local communities to which country-code top-level domains are designated to serve, and responsive to ICANN's obligations under the IANA Functions Contract.

      Are there financial impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

      The administration of country-code delegations in the DNS root zone is part of the IANA functions, and the redelegation action should not cause any significant variance on pre-planned expenditure. It is not the role of ICANN to assess the financial impact of the internal operations of country-code top-level domains within a country.

      Are there any security, stability or resiliency issues relating to the DNS?

      ICANN does not believe this request poses any notable risks to security, stability or resiliency.

      This is an Organizational Administrative Function not requiring public comment.

    4. Delegation of سودان. ("Sudan") representing Sudan in Arabic script to Sudan Internet Society

      Resolved (2015.04.26.06), as part of the exercise of its responsibilities under the IANA Functions Contract, ICANN has reviewed and evaluated the request to delegate the سودان country-code top-level domain to Sudan Internet Society. The documentation demonstrates that the proper procedures were followed in evaluating the request.

      Resolved (2015.04.26.07), the Board directs that pursuant to Article III, Section 5.2 of the ICANN Bylaws, that certain portions of the rationale not appropriate for public distribution within the resolutions, preliminary report or minutes at this time due to contractual obligations, shall be withheld until public release is allowed pursuant to those contractual obligations.

      Rationale for Resolutions 2015.04.26.06 – 2015.04.26.07

      Why the Board is addressing the issue now?

      In accordance with the IANA Functions Contract, the ICANN staff has evaluated a request for ccTLD delegation and is presenting its report to the Board for review. This review by the Board is intended to ensure that ICANN staff has followed the proper procedures.

      What is the proposal being considered?

      The proposal is to approve a request to the IANA department to create the country-code top-level domain and assign the role of sponsoring organization (also known as the manager or trustee) to Sudan Internet Society.

      Which stakeholders or others were consulted?

      In the course of evaluating a delegation application, ICANN staff consults with the applicant and other interested parties. As part of the application process, the applicant needs to describe consultations that were performed within the country concerning the ccTLD, and their applicability to their local Internet community.

      What concerns or issues were raised by the community?

      Staff are not aware of any significant issues or concerns raised by the community in relation to this request.

      What significant materials did the Board review?

      The Board reviewed the following IANA staff evaluations:

      • The domain is eligible for delegation, as it is a string that has been approved by the IDN ccTLD Fast Track process, and represents a country that is listed in the ISO 3166-1 standard;
      • The relevant government has been consulted and does not object;
      • The proposed sponsoring organization and its contacts agree to their responsibilities for managing this domain;
      • The proposal has demonstrated appropriate local Internet community consultation and support;
      • The proposal does not contravene any known laws or regulations;
      • The proposal ensures the domain is managed locally in the country, and is bound under local law;
      • The proposed sponsoring organization has confirmed they will manage the domain in a fair and equitable manner;
      • The proposed sponsoring organization has demonstrated appropriate operational and technical skills and plans to operate the domain;
      • The proposed technical configuration meets the IANA department's various technical conformance requirements;
      • No specific risks or concerns relating to Internet stability have been identified; and
      • Staff have provided a recommendation that this request be implemented based on the factors considered.

      These evaluations are responsive to the appropriate criteria and policy frameworks, such as "Domain Name System Structure and Delegation" (RFC 1591) and "GAC Principles and Guidelines for the Delegation and Administration of Country Code Top Level Domains".

      As part of the process established by the IANA Functions Contract, the "Delegation and Redelegation Report" will be published at http://www.iana.org/reports.

      What factors the Board found to be significant?

      The Board did not identify any specific factors of concern with this request.

      These evaluations are responsive to the appropriate criteria and policy frameworks, such as "Domain Name System Structure and Delegation" (RFC 1591) and "GAC Principles and Guidelines for the Delegation and Administration of Country Code Top Level Domains".

      As part of the process established by the IANA Functions Contract, the "Delegation and Redelegation Report" will be published at http://www.iana.org/reports.

      What factors the Board found to be significant?

      The Board did not identify any specific factors of concern with this request.

      Are there financial impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

      The administration of country-code delegations in the DNS root zone is part of the IANA functions, and the delegation action should not cause any significant variance on pre-planned expenditure. It is not the role of ICANN to assess the financial impact of the internal operations of country-code top-level domains within a country.

      Are there any security, stability or resiliency issues relating to the DNS?

      ICANN does not believe this request poses any notable risks to security, stability or resiliency. This is an Organizational Administrative Function not requiring public comment.

    5. Appointment of Annual Independent Auditors

      Whereas, Article XVI of the ICANN Bylaws (http://www.icann.org/general/bylaws.htm) requires that after the end of the fiscal year, the books of ICANN must be audited by certified public accountants, which shall be appointed by the Board.

      Whereas, the Board Audit Committee has discussed the engagement of the independent auditor for the fiscal year ending 30 June 2015, and has recommended that the Board authorize the President and CEO, or his designee(s), to take all steps necessary to engage BDO LLP and BDO member firms.

      Resolved (2015.04.26.08), the Board authorizes the President and CEO, or his designee(s), to take all steps necessary to engage BDO LLP and BDO member firms as the auditors for the financial statements for the fiscal year ending 30 June 2015.

      Rationale for Resolution 2015.04.26.08

      The audit firm BDO LLP and BDO member firms were engaged for the annual independent audit of the fiscal year end 30 June 2014 as a result of an extensive RFP process. Based on the report from staff and the Audit Committee's evaluation of the work performed, the committee has unanimously recommended that the Board authorize the President and CEO, or his designee(s), to take all steps necessary to engage BDO LLP and BDO member firms as ICANN's annual independent auditor for the fiscal year ended 30 June 2015 for any annual independent audit requirements in any jurisdiction.

      The engagement of an independent auditor is in fulfillment of ICANN's obligations to undertake an audit of ICANN's financial statements. This furthers ICANN's accountability to its Bylaws and processes, and the results of the independent auditors work will be publicly available. There is a fiscal impact to the engagement that has already been budgeted. There is no impact on the security or the stability of the DNS as a result of this appointment.

      This is an Organizational Administrative Function not requiring public comment.

    6. Next Steps for the EWG Final Report on Next Generation Registration Directory Services

      Whereas, in 2012, the Board adopted a two-pronged approach to address the recommendations of the WHOIS Review Team, calling for ICANN to (i) continue to fully enforce existing consensus policy and contractual conditions relating to WHOIS, and (ii) create an expert working group to determine the fundamental purpose and objectives of collecting, maintaining and providing access to gTLD registration data, to serve as a foundation for a Board-initiated GNSO policy development process (PDP).

      Whereas, in 2014, the Expert Working Group on Next Generation Registration Directory Services (EWG) delivered its Final Report [PDF, 5.12 MB] to the Board with its recommended model and principles to serve as the foundation for the GNSO PDP.

      Whereas, an informal group of Board members and GNSO Councilors collaborated and developed a proposed framework [PDF, 612 KB] to provide guidance to the GNSO PDP for the examination of the EWG's recommended models and principles for the next generation registration directory services to replace WHOIS.

      Resolved (2015.04.26.09), the Board thanks the EWG for the significant effort and work exerted that produced the proposed model for a next generation registration directory services as reflected in its Final Report [PDF, 5.12 MB].

      Resolved (2015.04.26.10), the Board reaffirms its request for a Board-initiated GNSO policy development process to define the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, using the recommendations in the Final Report [PDF, 5.12 MB] as an input to, and, if appropriate, as the foundation for a new gTLD policy;

      Resolved (2015.04.26.11), the Board directs that a new Preliminary Issue Report that follows this framework [PDF, 612 KB] be prepared and delivered to the GNSO;

      Resolved (2015.04.26.12), the Board commits to forming a group of Board members that will (i) liaise with the GNSO on the policy development process to examine the EWG's recommended model and propose policies to support the creation of the next generation registration directory services, and (ii) oversee the implementation of the remaining projects arising from the Action Plan [PDF, 119 KB] adopted by the Board in response to the WHOIS Review Team's recommendations. The Board directs the Board Governance Committee to begin the process for identifying a recommendation of a slate of Board members to do this work.

      Rationale for Resolutions 2015.04.26.09-2015.04.26.12

      Why the Board is addressing the issue?

      This resolution continues the Board's attention to the implementation of the Action Plan [PDF, 119 KB] adopted by the Board in response to the WHOIS Review Team's recommendations [PDF, 5.12 MB]. The resolution adopted today adopts a framework [PDF, 612 KB] to conduct a board-initiated GNSO policy development process to refine the purpose of collecting, maintaining and providing access to gTLD registration data, and consider safeguards for protecting data, using the recommendations of the Expert Working Group's Final Report [PDF, 5.12 MB] as an input to, if appropriate, to serve as the foundation for a new gTLD policy.

      What is the proposal being considered?

      Under the Affirmation of Commitments (AoC), ICANN is committed to enforcing its existing policy relating to WHOIS (subject to applicable laws), which "requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information…." The AoC obligates ICANN to organize no less frequently than every three years a community review of WHOIS policy and its implementation to assess the extent to which WHOIS policy is effective and its implementation meets the legitimate needs of law enforcement and promotes consumer trust. Under this timeline, the second WHOIS Review Team is to be convened in late 2015.

      In 2012, in response to the recommendations of the first WHOIS Review Team, the Board adopted a two-prong approach that simultaneously directed ICANN to (1) implement improvements to the current WHOIS system based on the Action Plan [PDF, 119 KB] that was based on the recommendations of the WHOIS Review Team, and (2) launch a new effort, achieved through the creation of the Expert Working Group, to focus on the purpose and provision of gTLD directory services, to serve as the foundation of a Board-initiated GNSO policy development process (PDP).

      The Expert Working Group's Final Report [PDF, 5.12 MB] contains a proposed model and detailed principles to serve as the foundation for a PDP to support the creation of the next generation registration directory services to replace WHOIS.  This Final Report [PDF, 5.12 MB] contains over 160 pages of complex principles and recommendations to be considered in the GNSO PDP. In order to effectively manage the PDP on such a large scale, an informal group of Board members and GNSO councilors collaborated to develop the framework [PDF, 612 KB] approved today.

      What factors did the Board find to be significant?

      The complex nature of the EWG's recommendations, along with the contentiousness nature of the WHOIS issue in the ICANN community over the last ten+ years, calls for a very structured approach to conducting a policy development process of this magnitude. The framework [PDF, 612 KB] provides guidance to the GNSO on how to best structure the resulting PDP(s) for success – that is, it proposes a process which leads to new policies defining the purpose of gTLD registration data and improving accuracy, privacy, and access to that data.

      This framework [PDF, 612 KB] creates a 3-phased approach to conducting the PDP, with Phase 1 focusing on definition of the policy requirements, Phase 2 focusing on the functional design elements of the policy, and Phase 3 focusing on implementation of the policies and providing guidance during an expected transition period during which the legacy WHOIS system and the next generation registration directory services may coexist and both operational at the same time.  The Board believes that following the framework [PDF, 612 KB] will ensure that the PDP will properly address the many significant issues and interdependencies that require consideration in order to support the creation of the next generation registration directory services.

      The Board recognizes that additional resources may be needed for the conduct of this unique policy development process. The Board commits to reviewing the GNSO's proposed plan and schedule, as well as Staff's assessment of the resources required to implement this proposed plan, and to supporting appropriate resourcing for the conduct of this PDP.

      In addition, the Board believes that the importance of the WHOIS issue, along with the breadth and scope of the many WHOIS activities currently under way, support the need for a designated group of Board members dedicated to overseeing the entire WHOIS Program, including working with the community on the GNSO PDP, and any future transition to a next generation registration directory services that may emerge following the GNSO PDP.  Community members participating in the informal Board-GNSO Council effort to develop the framework for the PDP also requested the Board's continued involvement in this effort.

      What significant materials did the Board review?

      The Board reviewed the EWG Final Report [PDF, 5.12 MB], the framework [PDF, 612 KB] developed through the informal collaboration between the Board and the GNSO Council, and the Briefing Papers submitted by Staff.

      Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, or budget)?

      The initiation of focused work on WHOIS and the creation of policies to support the next generation of registration directory services are expected to have an impact on financial resources as the research and work progresses. Due to the expected complexity of this PDP, there is a potential that this PDP may have higher resource needs than other PDPs, though the full extent of those resource needs are not fully understood, particularly as to the scope of those resources in comparison to the resources proposed for allocation within the upcoming fiscal year for this effort. The Board commits to reviewing staff's assessment of resources for the conduct of this PDP (after there is a plan and schedule developed) with a view towards providing appropriate resourcing for the conduct of this PDP.

      Are there any security, stability or resiliency issues relating to the DNS?

      This action is not expected to have an immediate impact on the security, stability or resiliency of the DNS, though the outcomes of this work may result in positive impacts.

      Is public comment required prior to Board action?

      As this is a continuation of prior Board actions, public comment is not necessary prior to adoption.  A public comment period will be commenced, as required by the ICANN Bylaws, once the Preliminary Issue Report is published by Staff, thereby allowing the framework [PDF, 612 KB] approved today to be adjusted as appropriate prior to delivery of the Final Issue Report to the GNSO.

    All members of the Board present voted in favor of Resolutions 2015.04.26.01, 2015.04.26.02, 2015.04.26.03, 2015.04.26.04, 2015.04.26.05, 2015.04.26.06, 2015.04.26.07, 2015.04.26.08, 2015.04.26.09, 2015.04.26.10, 2015.04.26.11, and 2015.04.26.12. The Resolutions carried.

  2. Main Agenda:

    1. Approval of Minutes

      The Chair introduced the agenda item. George Sadowsky requested an edit to the minutes, which was accepted as an amendment.

      Ray Plzak moved and Mike Silber seconded the following and the Board took the following action:

      Resolved (2012.04.26.13), the Board approves the minutes of the 11 February 2015 Meeting of the ICANN Board.

      All members of the Board present voted in favor of Resolution 2015.04.26.13. The Resolution carried.

    2. Consideration of Independent Review Panel's Final Declaration in Booking.com v. ICANN

      The Chair introduced the agenda item. George Sadowsky noted that given that abstained from the initial consideration by the NGPC of the .hotels/.hoteis reconsideration request, he will be abstaining on this agenda item.

      Ray Plzak moved and Erika Mann seconded the following and the Board took the following action:

      Whereas, on 3 March 2015, an Independent Review Panel ("Panel") issued an advisory Final Declaration in the Independent Review proceeding ("IRP") filed by Booking.com (the "Final Declaration").

      Whereas, Booking.com specifically challenged the determination of the String Similarity Panel ("SSP") to place .hotels and .hoteis in contention and the refusal of the Board to revise that determination, as well as the conduct of the Board in adopting and implementing the entire string similarity review process.

      Whereas, the Panel denied Booking.com's IRP request because the Panel determined that "Booking.com failed to identify any instance of Board action or inaction or ICANN staff or a third party (such as the ICC, acting as SSP), that could be considered to be inconsistent with ICANN's Articles of Incorporation or Bylaws or with the policies and procedures established in the Guidebook." (https://www.icann.org/en/system/files/files/final-declaration-03mar15-en.pdf.) [PDF, 4.76 MB]

      Whereas, while ruling in ICANN's favor, the Panel expressed sympathy for Booking.com insofar as the IRP Panel suggests that there could be future improvements to the transparency of processes developed within the New gTLD Program, and the Board appreciates the IRP Panel comments with respect to ways in which the New gTLD Program processes might improve in future rounds.

      Whereas, in accordance with Article IV, section 3.21 of ICANN's Bylaws, the Board has considered the Panel's Final Declaration.

      Resolved (2015.04.26.14), the Board accepts the following findings of the Independent Review Panel's Final Declaration that: (1) Booking.com has failed to identify any instance of Board action or inaction, or any action or inaction of ICANN staff or any third party (such as the ICC, acting as SSP), that could be considered to be inconsistent with ICANN's Articles of Incorporation or Bylaws or with the policies and procedures established in the Guidebook, including the challenged actions of the Board (or any staff or third party) in relation to what Booking.com calls the implementation and supervision of the string similarity review process generally, as well as the challenged actions of the Board (or any staff or third party) in relation to the string similarity review of resulting in the placement of .hotels and .hoteis in contention; (2) the string similarity review performed in the case of .hotels was not inconsistent with ICANN's Articles of Incorporation or Bylaws or with the policies and procedures established in the Guidebook; (3) the time to challenge the Board's adoption and implementation of specific elements of the New gTLD Program, including the string similarity review process has long since passed; and (4) each party shall bear its own IRP costs.

      Resolved (2015.04.26.15), the Board directs the President and CEO, or his designee(s), to move forward with processing of the .hotels/.hoteis contention set.

      Resolved (2015.04.26.16), the Board directs the President and CEO, or his designee(s), to ensure that the ongoing reviews of the New gTLD Program take into consideration the following issues raised by the Panel in the Final Declaration regarding transparency and fairness:

      • "The Guidebook provides no means for applicants to provide evidence or make submissions to the SSP (or any other ICANN body) and to be fully "heard" on the substantive question of the similarity of their applied-for gTLD strings to others."
      • "[T]he process as it exists does [not] provide for gTLD applicants to benefit from the sort of procedural mechanisms - for example, to inform the SSP's review, to receive reasoned determinations from the SSP, or to appeal the merits of those determinations."

      Fourteen members of the Board voted in favor of Resolutions 2015.04.26.14, 2015.04.26.15, and 2015.04.26.16. George Sadowsky abstained. The Resolutions carried.

      Rationale for Resolutions 2015.04.26.14-2015.04.26.16

      Booking.com filed a request for an Independent Review Proceeding (IRP) challenging the ICANN Board's handling of Booking.com's application for .hotels, including the determination of the String Similarity Panel (SSP) to place .hotels and .hoteis in contention and the refusal of the Board to revise that determination. Booking.com also challenged the conduct of the Board in the setting up, implementation, and supervision and review of the entire string similarity review process. On 3 March 2015, the IRP Panel (Panel), comprised of three Panelists, issued its Final Declaration. After consideration and discussion, pursuant to Article IV, Section 3.21 of the ICANN Bylaws, the Board adopts the findings of the Panel, which are summarized below, and can be found in full at https://www.icann.org/en/system/files/files/final-declaration-03mar15-en.pdf [PDF, 4.76 MB].

      The Panel found that it was charged with "objectively" determining, whether or not the Board's actions are in fact consistent with the Articles, Bylaws, and Guidebook, thereby requiring that the Board's conduct be appraised independently, and without any presumption of correctness. The Panel agreed with ICANN that in determining the consistency of the Board action with the Articles, Bylaws, and Guidebook, the Panel is neither asked to, nor allowed to, substitute its judgment for that of the Board.

      Using the applicable standard of review, the Panel found that objectively there was not an inconsistency with the Articles, Bylaws and Guidebook, noting that "the established process was followed in all respects" concerning the process followed by the String Similarity Panel and the BGC's [Board Governance Committee] handling of Booking.com's reconsideration request." (Final Declaration, https://www.icann.org/en/system/files/files/final-declaration-03mar15-en.pdf [PDF, 4.76 MB], at p. 41.)

      Specifically, the Panel concluded:

      144. Booking.com has failed to identify any instance of Board action or inaction, including any action or inaction of ICANN staff or a third party (such as ICC, acting as the SSP) that could be considered to be inconsistent with ICANN's Articles of Incorporation or Bylaws or with the policies and procedures established in the Guidebook. This includes the challenged actions of the Board (or any staff or third party) in relation to what Booking.com calls the implementation and supervision of the string similarity review process generally, as well as the challenged actions of the Board (or any staff or third party) in relation to the string similarity review of .hotels in particular.

      145. More particularly, the Panel finds that the string similarity review performed in the case of .hotels was not inconsistent with the Articles or Bylaws or with what Booking.com refers to as the "applicable rules" as set out in the Guidebook.

      146. To the extent that the Board's adoption and implementation of specific elements of the new gTLD Program and Guidebook, including the string similarity review process, could potentially be said to be inconsistent with the principles of transparency or fairness that underlie ICANN's Articles and Incorporation and Bylaws (which the Panel does not say is the case), the time to challenge such action has long since passed.

      (Id. at pp. 42-43.) Accordingly, the Panel declared ICANN to be the prevailing party. (See id. at ¶ 152, p. 43.)

      The Panel acknowledged certain legitimate concerns regarding the string similarity review process raised by Booking.com, which concerns the Panel noted were shared by some members of the NGPC. Most notably, the IRP Panel noted that while the String Similarity Review Process, as it exists does not allow for some procedural appeal mechanism, "[a]s to whether they should be, it is not our place to express an opinion, though we note that such additional mechanisms surely would be consistent with the principles of transparency and fairness." (Id. at ¶ 128, p. 37.)

      The Board appreciates the IRP Panel comments with respect to ways in which the New gTLD Program processes might improve in future rounds. ICANN will take the lessons learned from this IRP and apply it towards its ongoing assessments of the ways in which it can improve upon its commitments to accountability and transparency. In particular, the Board will include the following concerns expressed by the Panel in its review of the New gTLD Program for the next round:

      • "The Guidebook provides no means for applicants to provide evidence or make submissions to the SSP (or any other ICANN body) and to be fully "heard" on the substantive question of the similarity of their applied-for gTLD strings to others."
      • "[T]he process as it exists does [n]ot provide for gTLD applicants to benefit from the sort of procedural mechanisms - for example, to inform the SSP's review, to receive reasoned determinations from the SSP, or to appeal the merits of those determinations.

      This action will have no financial impact on the organization and no direct impact on the security, stability or resiliency of the domain name system.

      This is an Organizational Administrative function that does not require public comment

    3. Reserve Fund Release – USG IANA Stewardship Transition Costs

      Cherine Chalaby introduced the agenda item. Ray Plzak inquired as to what controls will be placed on the funds that are being released. Xavier Calvez, Chief Financial Officer, noted that since the resolution is requesting approval to release from the reserve fund expenditures that have already been spent, it is the normal control of approving expenses that have been incurred that are in place (i.e. verifying that the work was effectively done, that invoices have been paid, and that only actual expenses that have gone through that process is suggested to be taken out of the reserve fund). Xavier further confirmed because these expenditures have already been incurred, if the resolution were not approved, it would create a budget deficit at the end of the year.

      Bruce Tonkin inquired as to what the level of reserve fund actually should be. Cherine noted that the level of the reserve fund has not yet been set and that ICANN is in the process of setting that level.

      Ray Plzak asked what kind of controls will be in place for the funds being released. Xavier stated that the funds are being released to cover expenditures that have already been spent. Thus, the normal controls associated with approving expenses that have been incurred were implemented, including, verifying that the work has been completed, verifying that the invoices have been paid, and that only the actual expenses is suggested to be withdrawn from the reserve fund.

      Various Board members requested a more detailed explanation be provided in the rationale, with an itemization of the expenditures incurred, and to which resources the expenditures were allocated.

      Cherine moved and George Sadowsky seconded the following with the above noted amendment and the Board took the following action:

      Whereas, the Board approved the FY15 Operating Plan and Budget, which includes an amount of US$7 million for costs to be incurred related to the USG IANA Stewardship Transition initiative, which was expected to be funded by the Reserve Fund.

      Whereas, ICANN is incurring ongoing costs to support the work of the ICANN Community in relation to the USG IANA Stewardship Transition initiative.

      Whereas, the Board Finance Committee has recommended that the Board approve the release of funds from the Reserve Fund to cover costs incurred in FY15 related to the USG IANA Stewardship Transition initiative in an amount not to exceed US$7 million, and the Board agrees.

      Resolved (2015.04.26.17), the Board authorizes the President and CEO, or his designee(s), to withdraw funds from the Reserve Fund to cover costs incurred in FY15 related to the USG IANA Stewardship Transition initiative in an amount not to exceed US$7 million.

      All members of the Board present voted in favor of Resolution 2015.04.26.17. The Resolution carried.

      Rationale for Resolution 2015.04.26.17

      The USG IANA Stewardship Transition initiative is a major initiative to which the ICANN Community as a whole is dedicating a significant amount of time and resources. ICANN's supporting the Community in its work towards a successful completion of the project (including both the USG IANA Stewardship transition proposal development and accountability work) is critical for ICANN.

      Considering the exceptional nature and the significant amount of costs anticipated to be incurred, the funding of this project could not be provided through the ICANN annual operating revenue. Accordingly, when the Board approved the FY15 Operating Plan and Budget, it included the anticipated funding of the project costs (US$7 million) through a corresponding withdrawal from the Reserve Fund.

      The withdrawals from the Reserve Fund for the FY15 costs associated with the USG Transition Initiative will be done twice, once for the actual costs incurred from 1 July 2014 – 31 December 2014, and once for the actual costs incurred from 1 January 2015 – 30 June 2015. The first withdrawal will be for US$1,454,287, representing US$471,438 in personnel costs, US$548,247 in travel and meeting costs, US$352,164 in professional services, and US$82,439 in administrative costs.

      As costs are incurred during FY15 for this project, ICANN is proceeding with the planned withdrawals of funds from the Reserve Fund to cover the actual costs incurred in FY15 related to USG IANA Stewardship Transition initiative, up to the amount of US$7 million included in the Board approved FY15 Operating Plan and Budget.

      This is an Organizational Administrative Function that does not require public comment at this stage. In particular, the anticipated costs of US$7 million was included in the FY15 Operating Plan and Budget that was subject to public comment before it was approved by the Board.

    4. IT Services Contracting

      Cherine Chalaby introduced the agenda item. This resolution stems from efforts to coordinate operationally and financially to consolidate the sourcing of IT services from multiple different vendors to one preferred vendor. This would improve efficiency, quality and costs. Historically, ICANN contracted with multiple vendors for its development projects. ICANN staff underwent an extensive request for proposal process involving 28 potential service providers, which led, after multiple reviews, demonstrations and interviews to the identification of one preferred candidate, Zensar. The BFC reviewed the proposal and requested that the contracting term be limited at three years, subject to review upon the expiration of the term.

      Cherine moved and Mike Silber seconded the following and the Board took the following action:

      Whereas, ICANN sources IT services from multiple different vendors and wish to consolidate the sourcing of such services to improve efficiency, quality and costs.

      Whereas, ICANN staff has undergone an extensive request for proposal process involving 28 potential service providers, which led, after multiple reviews, demonstrations and interviews to the identification of one preferred candidate, Zensar.

      Whereas, ICANN staff has undergone further due diligence of Zensar by organizing pilot projects for approximately four months to determine the effective ability to obtain timely quality services from Zensar, which have proven highly conclusive.

      Whereas, ICANN staff considers that Zensar has demonstrated the ability to provide ongoing services and project development support durably.

      Resolved (2015.04.26.18), the Board authorizes the President and CEO, or his designee(s), to take all actions necessary to contract with, make payments to, and carry out any additional necessary actions with Zensar for a period of up to three years, involving expenses of up to [amount redacted for negotiation purposes].

      Resolved (2015.04.26.19), specific items within this resolution shall remain confidential for negotiation purposes pursuant to Article III, section 5.2 of the ICANN Bylaws until the President and CEO determines that the confidential information may be released.

      All members of the Board present voted in favor of Resolutions 2015.04.26.18 and 2015.04.26.19. The Resolutions carried.

      Rationale for Resolutions 2015.04.26.18 – 2015.04.26.19

      ICANN has been using the services of multiple vendors for its IT related needs, either for ongoing activities or for development projects. The management of multiple vendors is inefficient and generally leads to a higher cost for the value of services received.

      ICANN staff has investigated alternative solutions to obtain the IT services that it requires, and the solution of obtaining several services on a long-term basis from a single external vendor with a knowledgeable and competent pool of resources is the preferred approach.

      ICANN staff has therefore conducted an extensive request for proposal (RFP) process by defining the list of potential services it requires, obtaining proposals from 28 different vendors, conducting in-depth reviews, selecting a shortlist of five capable firms, interviewing each of the five firms, identifying two shortlisted candidates, and conducting deep-dive analyses of the two organizations to ultimately select Zensar as the preferred candidate. ICANN staff then conducted several pilot projects with Zensar to establish through live services and projects the ability of the company to put in place the adequate resources to provide timely quality services.

      This extensive selection and testing process has provided a high confidence that Zensar is a capable partner for a durable period and ICANN Staff has recommended to engage the services of Zensar for a period of three years, up to [amount redacted for negotiation purposes].

      This is an Organizational Administrative Function that does not require public comment.

    5. SO/AC FY16 Additional Budget Requests for FY16

      Cherine Chalaby introduced the agenda item. This resolution relates to special requests for funding from the Supporting Organizations and Advisory Committees (SOs/ACs). These requests are typically submitted by the SOs/ACs every year earlier that the final approval of the budget to enable the SOs/ACs to kick off the projects associated with the requests as soon as the new financial year begins. The requests have been reviewed and approved through a very rigorous process. The BFC received fifty-three applications and approved forty eight applications. The BFC carefully reviewed the five applications that were denied to ensure that no one was rejected without good cause.

      Asha Hemrajani noted the importance of transparency in what was approved, what was not approved and that there was good reason for not approving those limited few requests. Xavier noted that the entire list of requests with the rationale as to each decision will be published with the resolution. A link to the list will also be included in the rationale.

      The Board engaged in a discussion regarding whether this mechanism for special funding requests is being utilized properly and whether there are requests that should be a line item in the budget as part of the general process, rather than submitted as a special request. Chris Disspain noted the same requests are repeated every year rather than one one-off requests. Ray Plazak added that if the same requests are being repeated every year, then it should become a budget item, rather than a special request. The Finance Committee will be conducting an analysis to evaluate how the fund is being used and to ensure that it is being utilized properly.

      Cherine moved and Chris Disspain seconded the following and the Board took the following action:

      Whereas, prior discussions between community members and ICANN staff members identified the need for an earlier decision on the funding of additional budget requests from ICANN's Supporting Organizations (SO) and Advisory Committees (AC).

      Whereas, the staff created an SO/AC additional budget requests process, to collect, review and submit for Board approval funding requests from the SOs and ACs.

      Whereas, in accordance with the process, requests were submitted by the ICANN Community by the set deadline, and were reviewed by a panel of staff members representing the Policy, Stakeholder Engagement and Finance departments.

      Whereas, the staff panel recommended the approval of requests representing $657,300 for approval.

      Whereas the Board Finance Committee, reviewed the process followed and the staff's proposal, and has recommended that the Board approve staff's recommendation.

      Resolved (2015.04.26.20), the Board approves committing $657,300 during Fiscal Year 2016 to cover the costs associated with the adopted SO/AC additional budget requests.

      All members of the Board present voted in favor of Resolution 2015.04.26.20. The Resolution carried.

      Rationale for Resolution 2015.04.26.20

      Approving commitments within the FY2016 budget in advance is a reasonable accommodation within the established budget approval process and timeline in order to facilitate the work of the ICANN community and of the ICANN staff, and does not create additional expenses. The amount of the committed expenses resulting from this resolution is considered sufficiently small to not require that funding resources are specifically identified and approved by the Board. Information on the process for consideration of additional budget requests from ICANN's Supporting Organizations (SO) and Advisory Committees (AC) is available here. The list of FY2016 requests received and the disposition of the requests is available here [DOCX, 145 KB].

      There is no anticipated impact from this decision on the security, stability and resiliency of the domain name system as a result of this decision.

      The approval process is an Organizational Administrative process that has already been subject to significant input from the community.

    6. ICANN Five-Year Operating Plan

      Fadi Chehadé introduced the agenda item. The Five Year Operating Plan (the Plan) has been developed through ongoing consultation with the community and is now ready for Board consideration. The Plan was posted for public comment. Susanna Bennett, Chief Operating Officer, provided a high level review of the comments received from the community. Comments received were supportive of the Plan, particularly, the integrated structure of the planning process, the alignment of the elements between the Five Year Strategic Plan and the Five-Year Operating Plan, and the five year financial model. Significant comments were received related to key performance indicators (KPIs), calling for more clarity, specificity and relevance. Staff took note of the comments and dialogue with the community during ICANN 52, and worked with management to modify the KPIs to address the areas of concerns. Staff also considered other community input and refined the Plan to address the concerns raised. The next update to the Plan will be in FY17.

      Ray Plzak commended Fadi and ICANN staff on the Plan.

      Fadi moved and Mike Silber seconded the following and the Board took the following action:

      Whereas, the ICANN Five-Year Operating Plan provides: (i) a five-year planning calendar; (ii) strategic goals with corresponding key performance indicators; (iii) dependencies; (iv) a five-year phasing; (v) a list of portfolios; and (vi) a five-year financial model.

      Whereas, together with the ICANN Five-Year Strategic Plan, the ICANN Five-Year Operating Plan will serve as a foundation for the annual operating plans and budgets.

      Whereas, the ICANN Five-Year Operating Plan for FY16-FY20 is the result of an extensive, collaborative, bottom-up, multistakeholder and multilingual process using the Board adopted Five-Year Strategic Plan FY16-FY20 as its foundation.

      Whereas, the ICANN Five-Year Operating Plan will be maintained and updated on an annual basis per ICANN's planning process.

      Resolved (2015.04.26.21), the Board herby adopts the ICANN Five-Year Operating Plan for FY2016 – FY2020.

      All members of the Board present voted in favor of Resolution 2015.04.26.21. The Resolution carried.

      Rationale for Resolution 2015.04.26.21

      As a new element of ICANN's planning process, the ICANN Five-Year Operating Plan for FY16-FY20 complements the Five-Year Strategic Plan, will guide ICANN's activities for the next five years, and will inform ICANN's annual operating plans and budgets.

      With the focus to provide the public with more insight and advance ICANN's accountability and transparency, the Five-Year Operating Plan sets forth details for each Strategic Objective and Goal – portfolios of ICANN activities, key operational success factors (outcomes), key performance indicators (measurements), key dependencies, and phasing over the five years (at the Goal level); and is completed by a five-year financial model, which describes the principles and approach to ensure financial accountability and sustainability in achieving the ICANN mission.

      The ICANN Five-Year Operating Plan for FY16-FY20 is the result of a collaborative and bottom-up multistakeholder process, which included extensive public input. Public comments were sought from 11 November 2014 to 4 January 2015. Also, the Community discussions at ICANN 52, Singapore, involving ICANN's Supporting Organizations, Stakeholder Groups, Constituencies, and Advisory Committees, have further refined the ICANN Five-Year Operating Plan for FY16-FY20.

      Adopting the ICANN Five-Year Operating Plan will be advantageous to all stakeholders and the entire ICANN community. This decision itself will have no specific fiscal impact that is not, or will not be, anticipated through the annual Operating Plan and Budgets going forward for the next five years. Further, this action will have no direct impact on the security and stability of the domain name system.

      This is an Organization Administrative Function that has already been subject to lengthy public comment, as note above.

    7. Structural Improvements Committee Chair

      Chris Disspain introduced the agenda item. The resolution seeks the immediate appointment of Rinalia Abdul Rahim, a current member of the Board and member of the Structural Improvements Committee (SIC), as Chair of the SIC. Ray Plzak's, the current SIC Chair, term on the Board expires at the conclusion of the Annual General Meeting in October 2015, and he doe not intend to seek another term.

      Ray noted the importance of a smooth transition and that this resolution is aimed towards enabling a smooth transition.

      Chris moved and Wolfgang Kleinwächter seconded the following and the Board took the following action:

      Whereas, Ray Plzak is a member of the Board and current Chair of the Structural Improvements Committee (SIC).

      Whereas, Mr. Plzak's current term on the Board expires at the conclusion of the Annual General Meeting in October 2015, and Mr. Plzak is not seeking another term.

      Whereas, Rinalia Abdul Rahim is a current member of the Board and member of the SIC.

      Whereas, to facilitate the smooth transition of leadership of the SIC at the expiration of Mr. Plzak's term, the BGC recommended that the Board immediately appoint Rinalia Abdul Rahim as the Chair of the SIC and retain Ray as a member of the SIC.

      Resolved (2015.04.26.22), the Board appoints Rinalia Abdul Rahim as the Chair of the Structural Improvements Committee (SIC) and retains Ray Plzak a member of the SIC effective immediately.

      All members of the Board present voted in favor of Resolution 2015.04.26.22. The Resolution carried.

      Rationale for Resolution 2015.04.26.22

      The Board is committed to facilitating a smooth transition in the leadership of the Structural Improvements Committee (SIC) when Ray Plzak's term on the Board expires at the conclusion of the Annual General Meeting in October 2015. In light of the upcoming expiration of his term on the Board, Mr. Plzak suggested that he step down now in order to provide for a transition period to a new SIC Chair while he is still on the Board. As the Board Governance Committee (BGC) is tasked with recommending committee assignments, the BGC discussed Mr. Plzak's proposal and has recommended that the Board appoint Rinalia Abdul Rahim as the new SIC Chair effectively immediately.

      The Board agrees with Mr. Plzak and the BGC that it is appropriate to appoint Ms. Abdul Rahim as the Chair of the SIC, effectively immediately, and retain Mr. Plzak as a member of the SIC until the end of his term.

      This action will have no financial impact on the organization and no direct impact on the security, stability, or resiliency of the domain name system.

      This is an Organizational Administrative function that does not require public comment.

    8. Funding Digital Services platforms and code-base review

      Mike Silber introduced the agenda item. The Risk Committee and Chief Innovation and Information Officer recommend that there is an immediate need to assess the software code-base managed by ICANN staff that has not already been assessed. This resolution authorizes all necessary contracting and disbursements to obtain a comprehensive review and security vulnerability assessment of all software platforms in use at ICANN for delivering digital services, including contracting with external service providers, acquiring needful tools, expenditure disbursement and undertaking remediation measures as appropriate.

      The Board also discussed and it made clear that while the majority of the funds will be spent on obtaining comprehensive review and assessment, some resources may be allocated to remediation efforts as appropriate.

      Ray Plzak commented that it appears that the resolution is delegating items to the CEO which are already under the authority of the CEO. Ray suggested that the phrase "authorize to enable" rather than "delegate" may be more appropriate. The Chair agreed.

      Ram Mohan commented that while the resolution is not necessary because the CEO has enough authority to undertake the charge at issue, the resolution is appropriate as part of ICANN's commitment to transparency to disclose the efforts that are being taken to harden our systems.

      Asha Hemrajani inquired whether the resolution imposes an obligation to share the results of the assessment and the actions that will be taken in response to the findings of the assessment with the community. The Chair noted that there is a disclosure plan in place whereby the appropriate level of information will be disclosed to the community in the spirit of transparency without compromising any confidential information that may not be appropriate for public disclosure.

      Cherine Chalaby agreed with Ray and Ram. However, he also noted that the BFC is seeking Board approval for this resolution because the aggregate amount at issue is over the $500,000 limit.

      Bruce Tonkin agreed that this resolution is appropriate for Board consideration because the amount is over the $500,000. Bruce also noted that it is important that the CEO to keep the Board informed of the expenditures.

      Mike Silber and Cherine Chalaby seconded the following and the Board took the following action:

      Whereas, staff has compiled a complete list of all digital services offered by ICANN to its served communities.

      Whereas, ICANN offers a total of 85 such digital services, some 50 of which are services that have been partially or wholly developed by ICANN staff, or under ICANN staff supervision, leaving a code-base for maintenance under ICANN staff control.

      Whereas, the Board Risk Committee has reviewed preliminary findings as presented by the Chief Innovation and Information Officer (CIIO) during ICANN52 in Singapore.

      Whereas, the Board Risk Committee has reviewed the CIIO's short- and longer-term treatment of IT security matters on 17 April 2015 and agrees with the CIIO's recommendations that there is an immediate need to assess the software code-base managed by ICANN staff that has not already been assessed.

      Whereas, the individual assessments may not individually reach the threshold of US$500,000 requiring Board approval, however because collectively they may reach that threshold, the Board Risk Committee further referred this matter to the Board Finance Committee.

      Whereas, the Board Finance Committee has recommended that the Board delegate to the President and CEO, or his designee(s), the authority to perform all necessary contracting and disbursements to address the immediate need of assessing the software code-base managed by ICANN staff.

      Whereas, there are sufficient funds in the FY15 contingency fund to cover the costs of this project.

      Resolved (2015.04.26.23), the Board authorizes the President and CEO, or his designee(s), to perform all necessary contracting and disbursements to obtain a comprehensive review and security vulnerability assessment of all software platforms in use at ICANN for delivering digital services, including contracting with external service providers, acquiring needful tools, expenditure disbursement and undertaking remediation measures as appropriate.

      Resolved (2015.04.26.24), the Board directs the President and CEO, or his designee(s), to provide regular updates to the Board Risk Committee on the progress of the long-term plan to ensure systems design and systems architecture are integrated into standard ICANN processes, and that security considerations occupy an essential role in corporate decision making.

      All members of the Board present voted in favor of Resolutions 2015.04.26.23 and 2015.04.26.24. The Resolutions carried.

      Rationale for Resolutions 2015.04.26.23-2015.04.26.24

      As part of ICANN's digital services health-check, during the first quarter of FY152014, ICANN's IT organization initiated an RFP process to select a suitable external third-party with a reputation and the needful skills to assess all the services and the underlying technologies ICANN has deployed. Following the RFP process, ICANN selected and engaged the services of a globally-recognized leader in undertaking such assignments.

      The selected contractor performed a thorough analysis of the ICANN portfolio of digital services. ICANN staff decided to leverage the SANS Institute 20-factor Critical Security Controls framework (see http://www.sans.org/critical-security-controls/controls. The contractor produced a report during the first quarter of FY15 to identify those framework-factors that met or exceeded the "Green" standard, while also identifying those framework-factors that could use further attention.

      The report particularly highlighted one factor – Application Software Security – for deeper analysis.

      Concurrently, staff inventoried all the digital services it offers the ICANN community. That number stands at 85 today. Staff catalogued the number of software platforms (development environment plus database or content management system), which have been leveraged to develop these services over the last 15+ years. Staff also determined that ICANN delivers digital services leveraging 10+ software platforms for the benefit of its served communities.

      Following the SANS Institute framework-based assessment, ICANN IT staff initiated a 16-projects portfolio, focused on improving ICANN's defences in those IT infrastructure areas meriting further attention.

      Staff analysed the nature of data captured, manipulated, stored and delivered by these services. The analyses looked at data integrity, data sensitivity and data privacy, among other factors. The result of this analysis showed a concentration of high-sensitivity data in services that serve ICANN's Contracted Parties community.

      Staff retained the services of a deep-specialty firm with expertise in the software package and platform utilized by ICANN to specifically assess digital services deployed for the benefit of the New gTLD program. This specialty firm produced a report in late February of 2015, identifying areas that merited further attention.

      Staff has determined that all other (~10) software platforms merit similar assessments. In attempting to estimate the costs of this project, staff approached three large firms with extensive ranges of skill sets and knowledge on numerous software platforms. Staff then also made cost inquiries at smaller, niche or subject matter expert firms that have concentrated expertise on just one or a few software platforms. The estimates received from the larger firms were significantly higher than those from the niche firms, even though both size firms have relatively equal expertise on any given software platform for which the niche firms have concentrated expertise. Accordingly, staff appropriately determined to recommend using numerous, smaller niche firms, rather than one larger firm for this project. This will have the added benefit of allowing multiple assessments to be performed in parallel.

      The Board reviewed staff's recommendation for assessing potential software-driven vulnerabilities in the code-base of services leveraging these platforms, and the determination that the proposal met the standard for such assessments. The process for selection of subject matter expert firms for such assessments does not call for public consultation, as the assessment of the code-base is the primary consideration and the expenditure with any given vendor is not expected to reach the level requiring a public bidding process as set out in ICANN's Procurement Guidelines (see https://www.icann.org/en/system/files/files/procurement-guidelines-21feb10-en.pdf [PDF, 1.03 MB]). However, the collective amount anticipated to be spent in this effort across firms is anticipated to be above the contracting and disbursement limit for which ICANN management alone can approve.

      It should be noted that this project is just the first step in a comprehensive approach. ICANN acknowledges that we have experienced some security issues, resulting from various causes in the recent past, and the Board and staff are committed to taking the steps necessary to help ensure such issues, or any other issues, do not arise in the future. To that end, the Board has directed the President and CEO, or his designee(s), to dedicate additional attention and resources to all IT facilitates to ensure that they achieve and/or maintain the level of security that is appropriate and warranted given ICANN's mandate and to report periodically back to the Board on continued progress.

      There will be a financial impact on ICANN in engaging in such an assessment but it is already covered in the budget under the contingency fund.

      This is an Organizational Administrative function that does not require public comment.

    9. Investment management – Adjustments to the account structure

      Cherine Chalaby introduced the agenda item. The Board-approved New gTLD Investment Policy includes a provision requiring that once the remaining funds under management reach $150 million, only two investment managers should be used. The current level of remaining new gTLD funds is US$171 million (as of 31 March 2015), and therefore is approaching the US$150 million threshold. Separately, net auction proceeds gathered through the last resort auctions within the New gTLD Program of US$59 million have been collected over the past eight months and kept in a separate bank account. These funds need to be invested until the mechanism for disposition of the auction funds is determined.

      This resolutions seeks Board authorization (1) to consolidate the remaining new gTLD funds into two investment managers, as required by the of the New gTLD Investment Policy; and (2) request that the third investment manager (i.e., the investment manager that will no longer have New gTLD application funds under management) create a new investment account, dedicated to managing auction proceeds received through the New gTLD Program.

      Cherine moved and Mike Silber seconded the following and the Board took the following action:

      Whereas, the Board approved in previous years the new gTLD Investment Policy and the creation of three different investment accounts to hold and manage the funds resulting from new gTLD application fees collected.

      Whereas, the new gTLD Investment Policy requires that, when the aggregate amount of remaining new gTLD funds reaches $150 million, those remaining funds be managed by two investment firms instead of three.

      Whereas, the new gTLD remaining funds amount to US$171 million as of 31 March 2015.

      Whereas, auction proceeds have been collected for a total (net of auction costs) of approximately US$59 million.

      Resolved (2015.04.26.25), the Board authorizes the President and CEO, or his designee(s), to take all actions necessary to consolidate the new gTLD remaining funds with two of the three existing investment managers.

      Resolved (2015.04.26.26), the Board authorizes the President and CEO, or his designee(s), to take all actions necessary to invest the proceeds generated through the last resort auctions in the New gTLD Program in a segregated investment management account.

      All members of the Board present voted in favor of Resolutions 2015.04.26.25 and 2015.04.26.26. The Resolutions carried.

      Rationale for Resolutions 2015.04.26.25-2015.04.26.26

      By the end of June 2012, and pursuant to the New gTLD Investment Policy (available at https://www.icann.org/resources/pages/investment-policy-new-gtld-2013-01-07-en), the application fees received in the first application round in the New gTLD Program have been invested in investment accounts at three different investment firms. The Board-approved New gTLD Investment Policy includes a provision requiring that once the remaining funds under management reach $150 million, only two investment managers should be used. The current level of remaining new gTLD funds is US$171 million (as of 31 March 2015), and therefore is approaching the US$150 million threshold.

      Separately, net auction proceeds gathered through the last resort auctions within the New gTLD Program of US$59 million have been collected over the past eight months and kept in a separate bank account. These funds need to be invested until the mechanism for disposition of the auction funds is determined.

      As a result, the Board Finance Committee has approved a staff recommendation that that: (1) the remaining new gTLD funds are consolidated into two investment managers, as required by the of the New gTLD Investment Policy; and (2) the third investment manager (i.e., the investment manager that will no longer have New gTLD application funds under management) will be requested to create a new investment account, dedicated to managing auction proceeds received through the New gTLD Program.

      This decision is in line with prior Board actions on the management of application fees collected within the New gTLD Program. This decision has no impact on the security, stability and resiliency of the Internet DNS.

      This is an Organizational Administrative Function that does not require public comment at this stage.

    10. AOB

      No resolutions taken.

    The Chair then called the meeting to a close.

Published on 26 June 2015

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."