[CPWG] Is ICM Registry's Registry Agreement within ALAC' Remit

[mike palage.com]

Hello All,

During yesterday's ALAC CPWG call, Evan articulated his viewpoint on why responding ALAC submitting a response in connection with the ICM Registry Agreement was potentially outside the scope of ALAC's remit.  Justine and I respectfully disagreed with this position. Listed below are my Top 3 reasons why this is not only within ALAC's remit but an affirmative obligation.


  1.  ICM Registry's application and original registry agreement made many direct and indirect references to how their operation of the TLD would benefit Internet end users.   In fact the opening paragraph of ICM Registry application to ICANN specifically cited Internet users:

ICM Registry, Inc (ICM) and the International Foundation for Online Responsibility (IFFOR) conducted extensive outreach and discussion to develop a strategy for identifying a TLD string for the responsible online adult-entertainment community that would transcend geographic regions and languages while having high recognition and lasting value for both registrants
and Internet users. (emphasis added)

See https://archive.icann.org/en/tlds/stld-apps-19mar04/xxx.htm

The sTLD Charter includes a Policy Goal statement makes the following reference:

The sTLD will (i) foster communication between the Sponsored Community and other Internet stakeholders, (ii) protect free expression rights as defined in the United Nations Declaration of Human Rights, and (iii) promote the development and adoption of responsible business practices designed to combat child pornography, facilitate user choice and parental control regarding access to Online Adult Entertainment, and protect the privacy, security, and consumer rights of consenting adult consumers of Online Adult Entertainment goods and services (the "Policy Goals").

See https://www.icann.org/en/registry-agreements/xxx/xxx-agreement-appendix-s-31-3-2011-en

My strong personal belief, and one that I hope is shared by other stakeholders within ALAC, is that when a commercial entity wraps itself in a cloth proposing to benefit Internet end users to secure a defacto contract in perpetuity worth tens of millions of dollars and then attempts to walk away from those commitments to Internet end users, ALAC has an affirmative obligation to bring that to the attention of ICANN. Full Stop.


  1.  The European Union's recent passage NIS 2.0 Cybersecurity directive reinforces a lot of the important work that ALAC has been engaged in regarding enhancing the overall security of the Internet to benefit Internet end users.  TLD Name Registries are now specifically enumerated as an essential entity. Additionally, Article 28 specifically calls out the accuracy and accessibility of domain name registration data as part of this overall security framework. In Appendix S to their current Registry Agreement, ICM Registry represented to authenticate and verify registrants.

Potential registrants are authenticated as members of the community by a variety of means including, but not limited to, third party Authentication Providers

See https://www.icann.org/en/registry-agreements/xxx/xxx-agreement-appendix-s-31-3-2011-en

Attached are the authentication and verification procedures that ICM Registry publicly shared with the ICANN community. Another cutting-edge feature of this process was the distinguishing between natural and legal registrants. Coupled with the use of the Membership Contact ROID, ICM Registry minimized the collection of personal identifying information. When ICM Registry rolled out this registrant verification program in 2011, it was years ahead of its time.  This process appears to comply with the letter and spirit of NIS 2.0 Article 28.  Therefore, when ICM Registry proposes to replace its contractual obligations to drive a Bentley with a Ford Pinto, I have a problem. Moreover, when this proposed contractual change related to Internet cybersecurity, I think ALAC should see this as a problem as well.


  1.  The ability of ICANN Compliance to properly enforce its contracts with Registrars and Registries is critically important to the sustainability of the ICANN multistakeholder model, especially concerning Consensus Policies developed by the ICANN community. One of the issues that has concerned Justine and me in preparing this document, is the apparent non-compliance of ICM Registry in depreciating the heightened authentication and verification of .XXX registrant in violation of what was represented in Appendix S and their failure to submit a RSEP in connection with this change. I again hope there is universal agreement within the ALAC community on the need for a robust ICANN Compliance framework to support the ICANN multistakeholder model.

In conclusion, I agree with Evan that we should always be asking ourselves the question - is this within ALAC's remit?  Because as a community we have limited bandwidth and resources.  However, as I hopefully have demonstrated by the reasons set forth above, submitting a public comment in connection with ICM Registry's proposed Registry Agreement is clearly within ALAC's remit.

Best regards,

Michael







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20240418/253405d1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICM-Membership-Flow-Verification.pdf
Type: application/pdf
Size: 2059279 bytes
Desc: ICM-Membership-Flow-Verification.pdf
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20240418/253405d1/ICM-Membership-Flow-Verification-0001.pdf>