Skip to main content
Resources

Minutes | Special Meeting of the ICANN Board

A Special Meeting of the ICANN Board of Directors was held telephonically on 1 March 2019 at 20:00 UTC.

Cherine Chalaby, Chair, promptly called the meeting to order.

In addition to the Chair, the following Directors participated in all or part of the meeting: Becky Burr, Maarten Botterman, Ron da Silva, Sarah Deutsch, Chris Disspain (Vice Chair), Avri Doria, Rafael Lito Ibarra, Danko Jevtovic, Akinori Maemura, Göran Marby (President and CEO), Nigel Roberts, León Sanchez, Matthew Shears, and Tripti Sinha.

The following Director sent their apologies: Khaled Koubaa.

The following Board Liaisons participated in all or part of the meeting: Manal Ismail (GAC Liaison) and Merike Kaeo (SSAC Liaison.

The following Board Liaisons sent their apologies:  Harald Alverstrand (IETF Liaison) and Kaveh Ranjbar (RSSAC Liaison).

Secretary: John Jeffrey (General Counsel and Secretary).

The following ICANN Executives and Staff participated in all or part of the meeting: Xavier Calvez (SVP, Chief Financial Officer), David Conrad (SVP, Chief Technical Officer), Sally Newell Cohen (SVP, Global Communications), Samantha Eisner (Deputy General Counsel), Negar Farzinnia (Director, MSSI Technical Reviews & Review Implementation), Larisa Gurnick (VP, Multistakeholder Strategy & Strategic Initiatives), John Jeffrey (General Counsel and Secretary), Tarek Kamel (Sr. Advisor to President & SVP, Government and IGO Engagement), Elizabeth Le (Associate General Counsel), Trang Nguyen (VP, Strategic Operations), David Olive (Senior Vice President, Policy Development Support), Ashwin Rangan (SVP, Engineering & Chief Information Officer), Amy Stathos (Deputy General Counsel), and Theresa Swinehart (Senior Vice President, Multistakeholder Strategy and Strategic Initiatives).

  1. Main Agenda
    1. Competition, Consumer Trust, and Consumer Choice Review Team (CCT) Final Report and Recommendations
    2. AOB
  1. Main Agenda:

    The Chair opened the meeting and introduced the agenda.

    1. Competition, Consumer Trust, and Consumer Choice Review Team (CCT) Final Report and Recommendations

      Chris Disspain, the Vice Chair of the Board, introduced the resolution and read the resolved clauses into the record.  Chris noted for the record that the Board has considered in great detail the report of the review team and has held two informational calls, one earlier this week and one immediately preceding this call, in which the Board discussed at length the recommendations, the scorecard prepared by ICANN org, the briefing materials that were presented for Board consideration.

      The Chair stated for the record that the Board has spent over three and a half hours discussing the scorecard, the recommendations, and the resolutions.

      Chris proposed and Avri Doria seconded. Following discussion, the Chair then called for a vote and the Board took the following action:

      Whereas, ICANN was obligated under the Affirmation of Commitments to “organize a review that will examine the extent to which the introduction or expansion of gTLDs has promoted competition, consumer trust and consumer choice, as well as effectiveness of (a) the application and evaluation process, and (b) safeguards put in place to mitigate issues involved in the introduction or expansion.” A community-led review team – the Competition, Consumer Trust and Consumer Choice Review Team (CCT-RT) – was announced on 23 December 2015 (https://www.icann.org/news/announcement-2-2015-12-23-en) to fulfill that mandate.

      Whereas, on 7 March 2017, the CCT-RT released a Draft Report for public comment (https://www.icann.org/public-comments/cct-rt-draft-report-2017-03-07-en) followed by a second comment proceeding (https://www.icann.org/public-comments/cct-recs-2017-11-27-en) on New Sections to the Draft Report on 27 November 2017.

      Whereas, the CCT-RT submitted a Final Report (https://www.icann.org/en/system/files/files/cct-final-08sep18-en.pdf) containing 35 full consensus recommendations to the ICANN Board for consideration on 8 September 2018.

      Whereas the CCT-RT Final Report is the culmination of nearly three years of work by 15 review team members, representing nearly 3,400 hours of meetings and countless more hours of work 1.

      Whereas, the CCT-RT addressed its recommendations to the ICANN Board, ICANN org, community stakeholders, policy development process working groups, ongoing review teams and future review teams. Some recommendations suggest policy outcomes, which are for the community to develop through its policy-development processes, and not for the Board to direct or dictate.

      Whereas, in 2016 the reviews anticipated under the Affirmation of Commitments were incorporated in large part into the ICANN Bylaws at Section 4.6, and the Board is following the report receipt and consideration process specified therein. As required by section 4.6 of ICANN Bylaws, the CCT-RT Final Report and Recommendations were published for public comment (https://www.icann.org/public-comments/cct-final-recs-2018-10-08-en) on 10 October 2018, to inform Board action on the report. The summary of comments received on the Final Report (https://www.icann.org/en/system/files/files/report-comments-cct-final-recs-01feb19-en.pdf) highlighted a number of divergences of opinion, including key concerns on the final recommendations and lack of community alignment on how resources ought to be allocated.

      Resolved (2019.03.01.01), the Board thanks the members of the CCT-RT for their dedication and nearly three years of work to achieve the CCT-RT Final Report.

      Resolved (2019.03.01.02), the Board takes action on each of the 35 recommendations issued within the Final Report of the Competition, Consumer Trust and Consumer Choice Review Final Report as specified within the scorecard titled "Final CCT Recommendations: Board Action (1 March 2019)" (“Scorecard”). The Board directs ICANN’s President and CEO (or his designee(s)) to take all actions directed to the ICANN org within that Scorecard.

      Resolved (2019.03.01.03), for the six recommendations that are specified as accepted in the Scorecard , the Board directs the ICANN President and CEO, or his designee(s), to develop and submit to the Board a plan for the implementation of the accepted recommendations. This plan should be completed and provided to the community for consideration no later than six months after this Board action. The ICANN President and CEO, or his designee(s), is directed to report back to the Board on the plan and any community input no later than nine (9) months after this Board action.

      Resolved (2019.03.01.04), the Board notes that for the 17 recommendations it placed into pending status (in whole or in part), the Board commits to take further action on these recommendations subsequent to the completion of intermediate steps as identified in the Scorecard. The Board directs the ICANN President and CEO, or his designee(s), to provide to the Board relevant information, as requested in the Scorecard, and advise if additional time is needed within six months from this Board action.

      Resolved (2019.03.01.05), for all recommendations that the Board is passing through to the identified parts of the ICANN community, the Board directs the ICANN President and CEO, or his designee(s), to notify the relevant community groups of the passed-through items.

      Fifteen Directors voted in favor of Resolutions 2019.03.01.01, 2019.03.01.02, 2019.03.01.03, 2019.03.01.04 and 2019.03.01.05.  Khaled Koubaa was unavailable.  The Resolutions carried.

      Rationale for Resolutions 2019.03.01.01 – 2019.03.01.05

      Why is the Board addressing this issue?

      Reviews are important accountability measures that are critical to maintaining a healthy multistakeholder model and to helping ICANN achieve its Mission as detailed in Article 1 of the Bylaws. Reviews also contribute to ensuring that ICANN serves the public interest. This first Competition, Consumer Trust and Consumer Choice Review (CCT), initiated under the Affirmation of Commitments (AoC), is an important aspect of ICANN’s commitment to continuous review and assessment of key areas.

      Although the CCT was initiated and conducted pursuant to the AoC, Section 4.6 of the ICANN Bylaws, enacted in October 2016, provides additional detail on how the ICANN community expects the ICANN Board to receive, consider and respond to recommendations arising out of Specific Reviews (such as the CCT). The ICANN Board is therefore following that receipt and review process within the Bylaws to guide today’s action.

      The Competition, Consumer Trust and Consumer Choice Review Team (CCT-RT) submitted its Final Report and Recommendations to the ICANN Board on 8 September 2018. The Final Report was subsequently published for public comment to inform Board action on the final recommendations.

      Just as under the AoC, the ICANN Board must take action on the CCT Final Report within six months of receipt, by 8 March 2019. For each action taken in relation to the recommendations the Board is providing rationale on the action that it is taking.

      What is the proposal being considered?

      The CCT-RT Final Report is the culmination of nearly three years of work by 15 review team members, representing  nearly 3,400 hours of meetings and countless more hours of work2, reviewing how the expansion of top-level domain names impacted competition, consumer trust and choice. The CCT-RT produced a

      broad-reaching report, nearly 200 pages long, containing 35 recommendations.

      The CCT-RT Final Report was informed by multiple studies, research, and data gathering initiatives. Additionally, the CCT-RT considered input it received via two public comment proceedings, including input from the ICANN Board and ICANN org.  The CCT-RT reached consensus on 35 recommendations, covering such topics as requests for additional data collection; policy issues for reference to the policy development processes; and suggested enhancements relating to reporting and data collection within ICANN org’s Contractual Compliance Department.

      The Board thanks the CCT-RT for its dedication and extensive work throughout the review process. The Board appreciates the CCT-RT’s focus on achieving a data-driven outcome.

      In relation to the recommendations, the Board noted some broad areas and themes that it took into consideration in determining Board action for each recommendation.

      One theme is the need for different and additional data that is highlighted across many of the 35 recommendations. The Board appreciates and understands the concerns raised by the CCT-RT about the need for data to inform future CCT-RT’s work. The Board finds it important that ICANN continues to be appropriately involved with data collection to inform the community and its work. In reviewing the data collection related recommendations, the Board assessed whether the data requested aligns with the intent of the recommendation, whether it is feasible to obtain the data, and whether the data would allow for meaningful analysis to inform future work of the community.

      The second theme relates to recommendations directed to the Board that are not within the Board’s power to do, and recommendations that the Board actually cannot direct the outcome of, such as recommendations to policy development working groups, or relating to contractual terms that are subjected to contractual negotiations.

      Another theme is that there are recommendations that require significant resources to implement. The Board's fiduciary obligations mean that it cannot commit the organization to start work on these recommendations until it understands the full cost and resource impact. In addition to the implementation work on CCT recommendations, the Board must also consider the impact on community resources. Recommendations of the Cross-Community Working Group (CCWG) on Enhancing ICANN Accountability Work Stream 2 (WS2) will move into the implementation phase soon.  Additionally, the Board expects to consider final  recommendations from other specific review teams, starting with RDS-WHOIS2 Review Team, to be followed by recommendations from the second Security, Stability and Resiliency Review Team (SSR2) and the third Accountability and Transparency Review Team (ATRT3).  The ICANN Board needs to understand how the work required to implement the recommendations arising out of all of these efforts can be performed, as well as the work of implementing expected policy recommendations, while still confirming that ICANN org has the resources to perform the other work identified in its Strategic and Operating Plans.

      Having considered the various themes noted above and recognizing that the Board has the obligation and responsibility to balance the work of ICANN in order to preserve the ability for ICANN org to serve its Mission and the public interest, the Board decided on three categories of action. These categories include: accepting recommendations, subject to costing and implementation considerations; passing recommendations  (in whole or in part) to noted community groups for their consideration; and placing recommendations (in whole or in part) in “Pending” status, directing ICANN org  to perform specific actions to enable the Board to take further actions, as detailed in the scorecard “Final CCT Recommendations: Board Action (1 March 2019)” (the “Scorecard”).

      The Board notes that for each recommendation, the CCT-RT proposed a designation of priority, such as whether it considered the recommendation a prerequisite to the next round of New gTLDs, or if a proposed timeframe for implementation could be helpful. The Board considers those proposed designations to be essential inputs to be considered in the development of the proposed implementation plan that ICANN org has been directed to develop.

      Recommendations the Board Accepts

      In total, the Board accepts six (6) recommendations: 1, 17, 21, 22, 30, 31 specified in the Scorecard. Each of these recommendations are consistent with ICANN’s Mission, serve the public interest, and within the Board’s remit. For each of these recommendations, the Board’s acceptance is a first step towards implementation. As part of its fiduciary duty, the Board directs ICANN org to develop and submit to the Board a plan for the implementation of the accepted recommendations. Such plan could reflect as appropriate proposed implementation options and description of the activities proposed to be carried out, an estimated timeline (including consideration of the proposed priority labels as identified by the CCT-RT), resource requirements, funding source, and dependencies, and the option that is recommended. The costing and implementation considerations are needed in order for the Board to fully understand the resource and costing impact before committing to spend ICANN resources. These considerations will also contribute to an understanding of how the resources allocated to any specific recommendations (or suite of recommendations) support ICANN in serving its Mission and the public interest, including what projects or work need to be traded off within ICANN in order to fund the work identified to meet the CCT-RT recommendations.

      The community will be asked to provide inputs on the plan for implementation of the accepted recommendations, and the Board will then consider the plan and any community input. The Board has the obligation and responsibility to balance the work of ICANN in order to preserve the ability for ICANN org to serve its mission and the public interest.

      One of the fundamental premises within the CCT-RT Final Report is the need for more and better data to inform future review team efforts. The Board appreciates and understands the concerns raised by the CCT-RT about the need for data and agrees .that it important for ICANN to continue to refine and evolve its data collection practices. This will benefit not just future review teams, but also is expected to benefit more broadly the ICANN community and its work.

      The need for data collection is supported by a number of contributors to the public comment proceeding on the Final Report. The Business Constituency (BC), Governmental Advisory Committee (GAC), National Association of Boards of Pharmacy (NABP), Intellectual Property Constituency (IPC), and the At-Large Advisory Committee (ALAC) all supported the general theme that better data collection is appropriate and necessary within ICANN. However,  the Non-Commercial Stakeholder Group (NCSG) and Registries Stakeholder Group (RySG) raised concerns regarding the volume of work and resources these requests would entail and suggested that caution should be exercised. The RySG, for instance, specifically called for the Board to weigh “perceived benefit of expensive and time-consuming data gathering exercises against the anticipated cost and synthesis of all the data.”

      In response to recommendation 1, which broadly addresses data collection practices within ICANN and calls for formalizing and promoting ongoing data collection, the Board therefore directs ICANN org to prepare a framework of data elements to be discussed with the community.  This work is to consider a variety of data collection requests within the Final Report, as seen at recommendations 6, 7, 8, 11,13, 16, 20, 23, 24, and 26.  The ICANN org work should consider appropriate timing and prioritization of data collection efforts, and the outcome of this work will inform further Board action on the other data collection recommendations currently placed in “pending status” (recommendations 6, 7, 8, 11, 13, 16, 20, 23, 24, and 26).

      In reviewing recommendation 17, the Board notes that reseller information is already displayed within the publicly available WHOIS, reliant upon all contracted parties complying with ICANN Consensus Policies and contractual obligations to provide such data. To this extent, the recommendation is accepted. The Board notes, however, that the CCT-RT addressed this recommendation to a number of community groups. As such, the Board notes that to the extent there are policy outcomes that impact this work, those will be taken into account when appropriate. The Board understands that there were a variety of comments on this, however, because this is reiterating a requirement that already exists, acceptance is the most appropriate path.

      The community inputs that the Board considered when acting on this recommendation 17 showed that while some community groups are in support of the recommendation, others disagree with it. For example,NCSGbelieves recommendation 17 is “beyond the scope of this Review Team” and noted that “the Whois 2 Review Team is currently finalizing its work; the GNSO Next Generation Registration Directory Service PDP Working Group has been terminated after more than two long years of discussions that led nowhere, and the Expedited Policy Development Process team is already working hard to review and revise the Temporary Specification. Adding another call for a review and study is an undue burden on the ICANN Community. Urges that this recommendation be dropped”.RySGechoed similar concerns and noted that “the CCT-RT needs to define “reseller” before it can suggest that ICANN should track them all. Every private sale of a domain name is a “resale”, so it is important for the community and the Board to understand exactly what it is been asked to approve here. At a minimum this would require a new PDP”. However, IPC noted that while “more information is required for assessment of this recommendation”, in concept, the IPC supports it. ALAC noted general support for this recommendation for the purposes of data collection.

      Regarding recommendation 21: Through its ongoing work, ICANN org has made enhancements toward including additional details in compliance reports on the subject matter of complaints, thereby addressing the following items: “(1) the class/type of abuse”, “(3) the safeguard that is at risk”, “(4) an indication of whether complaints relate to the protection of sensitive health or financial information”, “(5) what type of contractual breach is being complained of” that are enumerated in recommendation 21. ICANN org previously raised concerns to the CCT-RT about possible negative impacts of adding “the gTLD that is target of the abuse” as suggested in the recommendation. Therefore, the Board accepts recommendation 21, noting that items (1), (3), (4) and (5) listed within this recommendation are already part of ICANN org’s Contractual Compliance Department’s reporting process. In connection with item (2) of the recommendation relating to “the gTLD that is target of the abuse”, the Board directs ICANN org to investigate the potential negative impacts of implementing this item on enforcement of compliance, track this effort and propose a mitigation plan in case of any negative effects.

      Regarding recommendation 22: The Board notes that under current contractual agreements, ICANN org may not be able to collect the best practices “implemented to offer reasonable and appropriate security measures commensurate with the offering of services that involve the gathering of sensitive health and financial information”, as suggested in recommendation 22. The RySG in the public comment proceeding on the Final Report notes that registries do not collect sensitive information on websites they do not control. With that caveat in place, the Board accepts recommendation 22, and directs ICANN org to initiate the engagement with relevant stakeholders, as stated in recommendation 22, within ICANN org’s existing budget, role, and work.

      Regarding recommendation 30: The Board notes its understanding that the New gTLD Subsequent Procedures PDP Working Group is considering the topics of outreach and applicant support, and its review is broader than the focus on the Global South presented in recommendation 30. Next steps established for an expansion and improvement of outreach should be in accordance with the New gTLD Subsequent Procedures PDP Working Group’s policy recommendations. The Board accepts recommendation 30 and directs ICANN org to provide the Board with a report on related engagement, noting that if the community wishes to have more resources dedicated to outreach, those resource needs should be addressed in the next budget cycle. As also noted in regards to recommendation 29 (discussed below, in “Pass Through” status), as both recommendations rely upon the same undefined term “Global South”, the Board notes that the New gTLD Subsequent Procedures PDP WG could take on, should they choose to do so, defining the term “Global South” in coordination with ICANN org, its engagement teams, and geographic regions definitions to create a workable definition, or agreeing on another term to describe underserved or underrepresented regions or stakeholders in coordination with ICANN org.

      Regarding recommendation 31: Similar to recommendation 30, the Board notes its understanding that the topic of “pro bono assistance program” is being discussed in the New gTLD Subsequent Procedures PDP Working Group and the expectation is that the Working Group will provide for a high-level program/guidance as part of its policy recommendations. The Board therefore accepts recommendation 31 - which calls for ICANN org to coordinate a pro-bono assistance program for future new gTLD applicants - contingent upon there being a policy recommendation arising out of the New gTLD Subsequent Procedures PDP Working Group that the pro bono assistance program will be in place in subsequent introductions of new gTLDs.

      Recommendations the Board Passes Through to Noted Community Groups for Consideration

      The CCT-RT addressed some of its recommendations to multiple parties in the ICANN community, in addition to ICANN org and/or ICANN Board. This is in recognition of how closely the CCT-RT’s work is tied to ongoing policy development work, such as the New gTLD Subsequent Procedures PDP Working Group’s effort. The CCT-RT also addressed some recommendations to future CCT review teams, in the hopes of informing their future work.

      The Board notes fourteen such recommendations (9, 10, 12, 16, 19, 20, 25, 27, 28, 29, 32, 33, 34, 35) and passes them, in whole or in part, through to the identified community groups for their consideration. In passing these recommendations through, the Board is neither accepting, nor rejecting the recommendations. For each of these recommendations, even if the Board or ICANN org is among the identified groups to which the CCT-RT directed the recommendation, the Board is careful to respect the remit and roles of the different part of the ICANN community and is not directing Board or ICANN org action that would usurp another group’s remit.  Each of these recommendations, either in whole or in part, calls for work or outcomes that are outside of the Board’s remit to direct, and are contingent on community work. The Board is not in a position to direct that the community groups come to any particular outcome, nor is the Board initiating any policy development work. The public comment proceeding on the Final Report indicated agreement and support for recommendations to be referred to community groups; indeed, the RySG, for instance, called for caution on the importance of not pre-supposing the outcome of any policy development process. The Board’s action today supports that community view.

      In the instances where the recommendation is directed at future review teams, the Board notes that under the current Bylaws, the Specific Reviews review teams have the ability to set their charter according to the Bylaws, precluding the Board from dictating their mandate. As such, while the Board could direct ICANN org to pass on a given recommendation to a future review team, the Board could not require that said review team to take on the recommendation as part of their charter.

      When considering the CCT-RT’s recommendations that the Board is passing through, the Board encourages community groups to be mindful of any interdependencies with ongoing work and discussions. For instance, the Board notes recommendation 16 focuses on DNS Security Abuse and makes suggestions for how to address this important issue. Public comments received on the Final Report show that there is a divergence within the community on how to address the abuse issues raised within the recommendations.  The issue of security abuse may not be just an issue for the identified parts of the community, but also an issue that has already been and may continue to be discussed by the Security, Stability Advisory Committee (SSAC) and SSR2. It is also important to note that ICANN org’s Compliance Department already performs audits focused on the DNS infrastructure abuse based on data collected by Domain Abuse Activity Reporting (DAAR).

      There is another area where definitional work could assist in the implementation of the CCT-RT recommendations.  In relation to recommendation 29 (as raised with recommendation 30, above), the New gTLD Subsequent Procedures PDP WG could take on, should they choose to do so, defining the term "Global South" or agreeing on another term to describe underserved or underrepresented regions or stakeholders in coordination with ICANN org.

      As discussed above, the CCT-RT provided priority proposals for each recommendation.  The Board suggests to the referenced community groups that the CCT-RT’s proposed priority levels be taken into account as the groups decide whether, how and when to address the CCT-RT recommendations that are being passed through today.

      Passing recommendations through to community groups is not a directive that the groups identified should formally address any of the issues within those recommendations.  It is within the purview of each group to identify whether work will be taken on and the topics that the group will address. For transparency, however,  it would be helpful to have records or reporting made available to the ICANN community on how the community group considered the items coming out of the CCT-RT.  The Board encourages any level of reporting that the groups are able to provide as the ICANN org and Board track action on the CCT-RT’s recommendations.

      Recommendations (or parts of recommendations) the Board Is Placing in “Pending” Status

      The Board places recommendations 2, 3, 4, 5, 6, 7, 8, 11, 13, 14, 15, 16, 18, 20, 23, 24, 26 (in whole or in part) in a pending status in light of several considerations and concerns enumerated below. Many of these concerns are also echoed by issues raised by the NCSG and RySG via public comments, and range from:

      • Questions about the value of data and how it could be collected in order to benefit the work of future CCT review teams;
      • Questions about the very broad nature of a group of recommendations to collect data and the feasibility and means of collecting such data to make it relevant and useful;
      • Elements of recommendations that are outside of ICANN org’s role (for example: amendments to contractual agreements);
      • Elements of recommendations that require community input for prioritization and cost/benefit analysis;
      • Elements of recommendations where some work and initiatives are already underway, and it is necessary to determine where the gaps are.

      For the group of recommendations that the Board is placing in “pending” status, the Board expects specific actions to take place in order to resolve these recommendations. The expected actions range from: ICANN org conducting analysis and identifying gaps in a particular area of work; to engaging a third party to conduct analysis on data types needed; or  to providing a report on work done to date, as detailed in the Scorecard . The Board directs ICANN org, within six months from this Board action, to provide to the Board with relevant information and advise if additional time is needed.  Relevant information could include an action plan for the activities necessary to provide the Board with information to inform its decision, including any interdependencies, in order to resolve the “pending” status.

      The Board commits to resolve the pending status and take appropriate action on these 17 recommendations (or parts of recommendations) once that additional information is available and ICANN org has addressed the Board’s questions. For all those recommendations that the Board ultimately accepts after the receipt of additional information from ICANN org, those recommendations are also to be subject to the implementation planning process discussed earlier.

      Many of the recommendations placed into “Pending” status relate to the issue of data collection, as the CCT-RT produced a number of recommendations for ICANN to collect additional data. In light of the concerns raised in the public comment proceeding on the Final Report, as well as potential concerns over the volume of data requested in whole, when balanced against the limited resources available (as discussed, for example, by the NCSG and RySG), the Board, in response to recommendation 1 above, has already directed a framework of data elements to be produced for discussion with the community, as an initial step. The Board also notes that there needs to be a thorough evaluation of resource needs required to implement these data collection recommendations, as well as a gap analysis in certain instances to evaluate and narrow down needs. The Board, however, understands, recognizes and concurs with the CCT-RT’s overall identification of a need for additional data to inform ongoing and future community work, as echoed by some contributors (BC, GAC, NABP, IPC, ALAC) to the public comment period on the Final Report.

      Recommendations 6, 7, 8, 11, 13, 16, 20, 23, 24, and 26 are placed into pending status in order to allow ICANN org, through the implementation of recommendation 1, to address data collection issues in a holistic manner.  Instead of seeing each request as a separate item of work, raising concerns such as those articulated by the NCSG and RySG on the volume of work and resources these requests for additional data collection entail, holding of specific action on these recommendations allows for a better understanding of and weighing of the  “perceived benefit[s] of expensive and time-consuming data gathering exercises against the anticipated cost and synthesis of all the data,” as suggested by the RySG. The Board expects the framework produced in implementation of recommendation 1 to consider the items requested in recommendations 6, 7, 8, 11, 13, 16, 20, 23, 24, and 26 as part of that effort. The outcome of the work anticipated in response to recommendation 1 will therefore inform Board action on these other data collection recommendations currently placed in “pending” status.

      Some of these data-collection related recommendations placed in “pending” status also raise other specific considerations beyond those raised as interdependencies with recommendation 1. 

      With respect to recommendation 11, the Board agrees that end-user consumer surveys could provide useful information for future gTLD applicants in terms of behavioral measures of consumer trust that gather both objective and subjective data with a goal toward generating more concrete and actionable information. The Board also recognizes the need of future CCT reviews to have access to such data, and many of the actions that the Board is taking today are geared toward making better data available for the benefit of future review teams, and ultimately the ICANN community. Furthermore, ICANN org has conducted such surveys, which served as input to the CCT review team’s work. Because there has already been past work on these surveys, the Board would like to see a full impact assessment on whether there will be any duplication of work in conducting future surveys. To better understand what types of data are sought through this recommendation, there might be a need for ICANN org to engage with the community, in order to better identify work that is currently underway and where the gaps in data and work might be. Once the scope of such surveys is better defined, the Board directs ICANN org to advise on what the cost of implementation would be.

      With respect to recommendation 18, the Board places the recommendation in “Pending” status until such time that the Board receives the RDS-WHOIS2 Final Report and has an opportunity to consider, with ICANN org, the interdependency with this recommendation. The Registration Directory Service (RDS-WHOIS2) Review Team was not yet formed when the CCT-RT began its work.  The RDS-WHOIS2 convened on 02 June 2017 and started their substantive work on 03 October 2017.  However, the RDS-WHOIS2 work proceeded at a different pace than the CCT-RT, and the RDS-WHOIS2 Review Team has already completed its data analysis and is now preparing for release of its Final Report. The Board notes that from prior drafts of the RDS-WHOIS report that have been made publicly available, the RDS-WHOIS2 team had considered elements such as WHOIS accuracy issues, the WHOIS ARS system, and related compliance reporting, among other elements flagged in the CCT-RT’s recommendation 18. Upon release of the RDS-WHOIS2 Final Report, the Board directs ICANN org to perform a gap analysis of the types of information available to the RDS-WHOIS2 and  the information the CCT-RT recommended to be available to that team, and to provide the Board with inputs on whether additional work is required to address this recommendation 18. This will inform Board’s decision on next steps and whether this recommendation can be adopted to move into costing discussion phase of implementation.

      With regard to recommendation 20, the Board agrees that anti-abuse measures are very important and notes that ICANN org has already implemented initiatives aimed at addressing abuse; namely, DAAR, Identifier Technology Health Indicators, and Spec 11(3)(B). However, recommendation 20 also contains elements that ICANN org cannot unilaterally direct, such as suggested amendments to contractual agreements.  In the public comment proceeding on the Final Report, the RySG describes portions of  the recommendation as inappropriate while the NCSG perceives the recommendation as being about content. As such, the Board directs ICANN org to perform an analysis of the work/initiatives already underway to determine any gaps in work currently in progress and what work recommendation entails. The Board will then review the results of the analysis and determine the best action on this recommendation, insofar as it falls within ICANN’s mandate and within the remit of the Board and the org. For the elements of this recommendation that are outside of ICANN org’s unilateral remit, such as recommending to future CCT review teams they should consider making amendments to contractual agreements in order to require different information on abuse points of contact, or other “follow up measures”, the Board notes the recommendation and directs ICANN org to pass it along as input to the next CCT review for its consideration.  The Board recognizes that it cannot mandate thee work items of a future review team.

      Recommendation 23 calls for data gathering on new gTLDs operating in highly-regulated sectors, including an audit. The Board agrees that gathering data on the operation of gTLDs in the highly-regulated sectors would be useful. However, the Board also notes that the NABP and RySG have expressed that while gathering this data is useful, it should be on a voluntary basis, while the GAC strongly supports and endorses recommendation 23, which recommends an “audit to assess whether restrictions regarding possessing necessary credentials” in highly regulated gTLDs are being enforced. Given ICANN org’s Contractual Compliance Department’s role to monitor contracted parties’ compliance with terms of their contracts, the Board notes that the Contractual Compliance Department is already conducting audits and monitoring /tracking abuse and whether relationships have been established with government bodies. To avoid duplication of work, and to ensure the ICANN org stays within its role, the Board calls for ICANN org to submit a report on its contractual compliance activities to date with respect to GAC Category 1 strings to understand better what the volume and nature of complaints are with respect to the gTLDs operating in the highly-regulated sector, and determine whether the data gathered warrants conducting audits or requesting further information from the contracted parties.

      The community input received on recommendation 24 (regarding compliance with safeguards against cyberbullying or gTLDs with inherent governmental functions) indicates that some commenters are not in support of this recommendation (RySG, NCSG) . The NCSG suggested that “cyberbullying” is about content regulation and outside of ICANN org’s role, while the RySG noted that because the CCT-RT Final Report states that “it is not clear whether failure to comply with these safeguards has generated complaints,” that the RySG is concerned that the CCT-RT’s recommendation is based on a presumption, as the RySG did not see evidence that any such failures had occurred. The Board notes that ICANN org already provides similar reports to those requested through this recommendation. To ensure there is no duplication, the Board requests ICANN org to identify where there is a gap between work currently in progress and what the recommendation entails. Once the gap analysis is completed, ICANN org will share the findings with the community to ensure alignment on next steps and any changes that need to be made, and to confirm that any resulting implementation will remain within ICANN’s Mission and mandate.

      As recommendation 26 (recommending a regular study on costs to protect trademarks in the DNS marketplace) calls for a study that is similar to the 2017 Nielsen survey of INTA members, the Board directs ICANN org to do an in-depth analysis of the value of the requested data, the usefulness of the study, the costs associated with conducting the studies and the interdependencies with other relevant studies. While some contributors to the public comment proceeding on the Final Report support this recommendation (BC, IPC, ALAC), concerns were raised by the NCSG that the recommendation favors one stakeholder group. The Board expects that the inputs provided back to the Board will also take into account the concerns raised in the public comment.

      Recommendations 2, 3, 4, and 5 call for the collection of data that relates to pricing. The RySG, during the public comment period, expressed concerns about this suite of recommendations noting that price information is generally business sensitive. Additionally, the RySG noted that from the way the recommendation, and the associated rationale and details  are formulated in the Final Report, it is not clear to the community who will have access to such data once collected, who will arbitrate access to the data, and to what extent. The RySG also commented in the community feedback that “not only should ICANN not involve itself with pricing studies, using parties’ contracts with ICANN as a mechanism to force its production is terribly inappropriate”.

      Requiring ICANN to collect pricing related data has previously been flagged for the CCT-RT as an issue that raises questions. First, it is not clear that ICANN’s contracts with registries and registrars allow ICANN to compel pricing related data. Second, the challenges in collecting the types of pricing data requested have been flagged by contracted parties. Third, the suggestion that pricing is a proxy for competition is not well supported and raises a concern that ICANN will be asked to take a role in pricing of domain name registrations, which is beyond ICANN’s remit and is more akin to a regulatory role. Fourth, placing ICANN into the role of collecting and maintaining this data itself raises competition and antitrust concerns, as it could facilitate access to or sharing of sensitivity pricing information among competitors. Taken together, along with the limited competition-related value inherent in this information, the collection of pricing data raises significant legal and organizational concerns that impose significant risk on ICANN with very little probatory value. For all these reasons, the Board questions whether the data that is requested will provide insight into the increase in competition of the marketplace, and therefore puts these recommendations in a pending status. That being said, the Board notes the CCT-RT’s concerns with respect to insufficiency of data and recognizes the need for additional data points for subsequent CCT review teams. The Board therefore directs ICANN org to engage an expert to decide what data should be collected in order to provide meaningful information about competition in the DNS market to aid future CCT review teams in their work.

      Recommendations 14, 15 and 16 address DNS Security Abuse.  Public comments on these abuse-related recommendations was divergent.  For example, on recommendation 14 most commenters (BC,GAC,NABP,IPC,ALAC) support the intent of this recommendation to implement anti-abuse measures to mitigate against DNS abuse. There were, however, concerns raised by the NCSG andRySG about the suggestion of amending the Registry Agreements to mandate or incentivize ‘proactive’ anti-abuse measures. Moreover, the absence of a clear, agreed upon definition of abuse, creates challenges, as observed by theNCSG. TheNCSG further suggested that recommendation 14 falls under “content” control and as such is outside of the role of ICANN Board, or ICANN org, though the Board does not agree with this assessment and considers this recommendation within ICANN’s mandate.

      To the RySG’s concern over the use of CCT-RT recommendations to impose new contractual obligations, the Board shared in that concern and noted that concern in prior communications with the CCT-RT.  The Board, as noted in other places within the Scorecard and rationale, concurs that changes to ICANN’s contracts with registries and registrars should flow through the defined contract amendment process or achieved as outcomes of the policy development process. The Board understands the importance of mitigating abuse but also recognizes that neither the Board nor ICANN org has the ability to unilaterally mandate changes in agreements currently in place in order to achieve that mitigation.

      The Board agrees that preventing the DNS Security Abuse is important and notes that the term “abuse” is complex and could benefit from community input. The Board considers that defining “abuse” will help inform negotiating amendments to the contractual agreements. To negotiate “anti-abuse measures”, common understanding of what “abuse” means must first be reached.  As such the Board directs ICANN org to facilitate community efforts to develop a definition of “abuse” to inform further action on this recommendation. The “pending” status of this recommendation is therefore awaiting that definition. ICANN org shall report back to the Board regularly in order to identify when it might be appropriate to move this recommendation out of “pending” status and initiate negotiations.

      Public comment also showed a lack of community alignment on recommendation 15: while some groups (BC,INTA,GAC,NABP,IPC,ALAC) are very supportive of the recommendation, others (NCSG, RySG) strongly oppose the adoption of the recommendation. The Board further notes that the issue of security abuse may not be just an issue for the identified parts of the community, but also an issue that has already been and may continue to be discussed by the SSAC and SSR2. It is also important to note that ICANN org’s Contractual Compliance Department already performs audits focused on the DNS infrastructure abuse based on data collected by DAAR.

      As with recommendation 14, the Board is directing the same cadence of action for recommendation 15, to hold off on the initiation of negotiations pending ICANN org’s facilitation of community efforts towards developing a definition of “abuse”.

      With regard to recommendation 16, the Board notes that ICANN org’s Contractual Compliance Department already performs audits focused on the DNS infrastructure abuse based on data collected by DAAR. The Board notes that ICANN org launched a full registry audit in November 2018 to assess registry operators’ compliance with their obligations related to DNS abuse. Data about the findings, good practices and observations will be shared.

      The Board places two elements of recommendation 16 in “Pending” status and directs ICANN org to conduct a gap analysis of the study suggested by the CCT-RT compared to existing collection effort to inform usefulness of the study, and to inform whether establishing future ongoing data collection would be meaningful. The two elements are as follows: 1) “Further study the relationship between specific registry operators, registrars, and DNS Security Abuse by commissioning ongoing data collection, including but not limited to, ICANN Domain Abuse Activity Reporting (DAAR) initiatives,” and 2) “For transparency purposes, this information should be regularly published, ideally quarterly and no less than annually, in order to be able to identify registries and registrars that need to come under greater scrutiny, investigation, and potential enforcement action by ICANN organization.” The Board passes the element of this recommendation stating: “Upon identifying abuse phenomena, ICANN should put in place an action plan to respond to such studies, remedy problems identified” to the noted community groups for consideration, as how ICANN can respond to and remedy abuse is an appropriate area for policy inputs.

      Which stakeholders or others were consulted?

      As required by ICANN Bylaws, the CCT-RT held a public comment period on its Draft Report in March 2017 (https://www.icann.org/public-comments/cct-rt-draft-report-2017-03-07-en), followed by a supplemental public comment proceeding on New Sections to its Draft Report in November 2017 (https://www.icann.org/public-comments/cct-recs-2017-11-27-en). A total of 41 comments were submitted on the earlier iterations of the report. ICANN org provided initial input regarding feasibility of the Draft Recommendations in May 2017 (https://mm.icann.org/pipermail/comments-cct-rt-draft-report-07mar17/attachments/20170520/06db1b61/ICANNInputsonCCTRTRecs-19May2017.pdf) and in January 2018 (https://mm.icann.org/pipermail/comments-cct-recs-27nov17/attachments/20180126/b9ad18cc/CCT-NewRecs-Input-26jan18-0001.pdf), during the first and second public comment periods. Additionally, the ICANN Board provided feedback to the CCT-RT in April 2018 (https://www.icann.org/en/system/files/correspondence/chalaby-to-cct-20apr18-en.pdf). The CCT-RT summarized its approach to how public comments and inputs received were considered in Appendix D of its Final Report (https://www.icann.org/en/system/files/files/cct-final-08sep18-en.pdf).

      ICANN Bylaws call for the Final Report to be posted for public comment (https://www.icann.org/public-comments/cct-final-recs-2018-10-08-en) to inform Board action on the CCT-RT Final Recommendations. The public comment proceeding on the Final Report was opened on 8 October 2018, closed on 11 December 2018, and yielded a total of nine community contributions, which were carefully considered during the assessment of Final Recommendations.

      The summary of input received on the CCT Final Report public comment proceeding (https://www.icann.org/en/system/files/files/report-comments-cct-final-recs-01feb19-en.pdf) highlighted that the community was of divergent opinion on the report. Notably, while two respondents (BC, ALAC) generally support recommendations, one contributor (John Poole) considers the CCT-RT addressed its mandate incorrectly and two others (NCSG, RySG) raised significant concerns regarding content of the report and recommendations (e.g. “unwarranted data gathering recommendations”, recommendations leading to mission creep, recommendation that are too broad etc.). The report also demonstrated a lack of community alignment on how resources should be allocated. Some commenters (NCSG, RySG) noted that a number of inputs to prior comment periods are still valid or were not addressed to their satisfaction by the CCT-RT.

      Are there fiscal impacts or ramifications on ICANN (strategic plan, operating plan, budget); the community; and/or the public?

      The implementation of the CCT-RT recommendations that the Board has accepted pursuant to the Scorecard will have a considerable budgetary impact on the organization. As articulated above, the Board’s acceptance is a first step towards implementation. A full resource and costing impact analysis will now be conducted before committing to spend ICANN resources. Community feedback will be sought on the costing and resource information provided, which will give the Board the opportunity to both consider those community inputs and to identify if there are any recommendation(s) for which the Board would be violating its fiduciary responsibility to the corporation if such recommendations were allowed to proceed. The Board retains the obligation and responsibility to balance the work of ICANN in order to preserve the ability for ICANN org to serve its Mission and the public interest. It is possible that some of ICANN's financial resources will need to be reallocated, as appropriate.

      In connection with recommendations that the Board is passing through to the noted community groups for consideration and potential action, there could be additional fiscal impact or ramifications depending on the outcome of the community groups' consideration. For example, there could be a need for additional support from ICANN org.

      Furthermore, there will be significant resources needed to perform the work directed on the recommendations that are marked as “pending”, in order to prepare those for further Board action.  Depending on the future actions identified, for any recommendations that are accepted they will be subject to the same implementation exercise described above.

      Are there positive or negative community impacts?

      Should community groups to whom recommendations are addressed decide to take on the CCT-RT topics, there would be an impact on community workload. This, in addition to other ongoing work, and associated cost, could affect community bandwidth and resources. Such resource implications will not be clear until the community groups specified by the CCT-RT recommendations consider the recommendations and decide on a possible course of action. Moreover, the time that community groups will require to consider the recommendations - if they choose to take up the issues at all - is uncertain.

      The Board appreciates and understands the importance of having ICANN continue to be appropriately involved with data collection across all its policy initiatives and work. The results of the implementation of recommendation 1 will help collect and provide meaningful data to the community, which will have positive impact on their work.

      Are there any security, stability or resiliency issues relating to the DNS?

      This Board action is not expected to have a direct effect on security, stability or resiliency issues relating to the DNS, though the outcomes particularly of the DNS Security related recommendations may have an impact in the future.

      Is this action within ICANN’s Mission?  How does it relate to the global public interest?

      This action is within ICANN’s Mission and mandate and in the public interest as it is a fulfillment of a key commitment entered into in 2009 within the Affirmation of Commitments, now embodied in the ICANN Bylaws.  ICANN’s reviews are an important and essential part of how ICANN upholds its commitments. The scope of this review is inherently tied to ICANN’s core values of introduction and promotion of competition in the registration of domain names,

      Is this either a defined policy process within ICANN’s Supporting Organizations or ICANN’s Organizational Administrative Function decision requiring public comment or not requiring public comment?

      Public comments were received prior to Board consideration.

    2. AOB

      No resolutions taken.

      The Chair then called the meeting to a close.

      Published on 9 September 2019


1 Based on the CCT Review Team Fact Sheet, dated  31 October 2018: https://community.icann.org/download/attachments/63153798/CCT%20Review%20Fact%20Sheet%20%2831Oct2018%29.pdf?version=1&modificationDate=1544130125000&api=v2

2 Based on the CCT Review Team Fact Sheet, dated  31 October 2018: https://community.icann.org/download/attachments/63153798/CCT%20Review%20Fact%20Sheet%20%2831Oct2018%29.pdf?version=1&modificationDate=1544130125000&api=v2

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."