[Gnso-newgtld-wg] VPICs/RVCs and tomorrow's discussion

[Kathy Kleiman]

Hi All,In preparation for our meeting tomorrow on Voluntary Public
Interest Commitments, I'd like to recirculate my
principles/guardarails posting, updated for the addition of the Human
Rights Core Value in our Bylaws, and note there was nothing new in
anything I said. We've been discussing private PICs for years.  We
also heard recently from our Board liaisons, with Becky Burr sharing
her worries about potential private PICs, and ICANN being forced to
act outside its scope and mission. We heard from Avri and Becky that
ICANN can't delegate to a third party that which it cannot enforce
itself. 
Below is my short paper on principles for PICs ("guardrails") and
beneath it, the CircleID post of Mitch Stoltz, Senior Staff Attorney,
Electronic Frontier Foundation, _ICANN Should Keep Content Regulation
and Other Arbitrary Rules Out of Registry Contracts.  _
Overall, we create a base registry agreement for a reason - all
contracts between ICANN and new gTLD registries should be the same. We
need room for agreements with the GAC, as we have all decided, but not
for the "kitchen sink" of any terms or any reason. That would
effectively nullify our contracts and even our policy work in this
PDP.  Overall, I don't think we are far away from agreement - and
look forward to the discussion tomorrow! 
Best,
Kathy-----------------------------------------------------------------------------------------------------------------------------------------------------------

	FOUR GUARDRAILS FOR VOLUNTARY PUBLIC INTEREST COMMITMENTS (VPICS)
AND REGISTRY VOLUNTARY COMMITMENTS (RVCS) IN THE NEW GTLDS    

	ICANN’s Bylaws wisely bar the organization from regulating content.
Upfront, section 1.1 declares: “ICANN shall not regulate (i.e,
impose rules and restrictions on) services that use the Internet's
unique identifiers or the content that such services carry or
provide.” ICANN regulates (or quasi-regulates) layers of the
Internet Infrastructure before the content layer; we leave the content
to the world regulators, content providers and platforms. 

	But in 2013 and 2014, ICANN’s CEO made a good choice and a bad
choice. Then-CEO Fadi Chehadé wanted a place in the registry
agreement (the contract between ICANN and a registry) to put promises
made by applicants who want to operate new registries to the
Government Advisory Committee (GAC) – that was a good choice. But
Fadi chose to create a dumping ground for anything registries wanted
to commit to for any reason–a bad choice. The name chosen was just
as bad: Private or Voluntary Public Interest Commitments. 

	These “Private PICs” gave registries unprecedented powers, absent
any review or veto by the Generic Names Supporting Organization (GNSO,
the entity responsible at ICANN for gTLD policy). Most registries
restrained themselves – they know ICANN has GNSO-created policies
for the registration, transfer, dispute and revocation of domain
names. But some registries gave themselves unlimited power to abuse
and censor their registrants. Without due process or even reason or
rationale, some registries in their “private PICs” gave themselves
the power to suspend domain names with no notice and no clear reason
(thereby potentially removing hundreds of webpages of speech and
commerce, and thousands of email addresses in active use). 

	_BECAUSE THESE PICS APPEARED IN ICANN CONTRACTS, ICANN BECAME THE
ENFORCER OF THESE SELF-SELECTED, ARBITRARY POLICIES THROUGH THE PIC
DISPUTE RESOLUTION PROCESS (PICDRP), WHICH WAS SIMILARLY CREATED
WITHOUT A GNSO POLICY DEVELOPMENT PROCESS _as opposed to the UDRP,
URS, and PDDRP mechanisms (created and under review within ICANN’s
GNSO framework). Fortunately, ICANN has engaged little with the PICDRP
and private PICs to date. _Who wants to run a court with no rules and
no reason? _But this dangerous arrangement remains, and threatens to
embroil ICANN in questions of speech regulation. 

	A FRESH LOOK BY THE ICANN BOARD  

	Fortunately, the ICANN Board raised the issue last month and wrote an
open letter to the ICANN working group known as “Subsequent
Procedures Policy Development Process Working Group” expressing
concern about private PICs that might entangle ICANN in issues that
were “outside of ICANN’s technical mission.” It bears repeating
that the one thing explicitly called out in ICANN’s Bylaws as being
_outside of ICANN’s mission _is to “regulate” Internet services
“or the content that such services carry or provide.” The Board
asked the working group for “guidance on how to utilize PICs and
RVCs without the need for ICANN to assess and pass judgment on
content.” The questions are good and we think the answers are easy
and straightforward: let’s agree to curb abuse and recommit to
ICANN’s narrow mission of managing the DNS by placing limits on
so-called VPICs: 

	A SOLUTION: GUARDRAILS FOR VOLUNTARY PICS/RVCS  BY ICANN AND NEW
GTLD REGISTRIES

	1. PICS/RVCS CAN ONLY ADDRESS ISSUES WITH DOMAIN NAMES THEMSELVES,
INCLUDING ELIGIBILITY CRITERIA CONSISTENT WITH POINT 2 BELOW - NOT THE
CONTENTS OF WEBSITES OR APPS THAT USE DOMAIN NAMES 

	Basically, no Voluntary PICs about content regulation. Registries
would continue to be free to use their own judgment about when to
suspend the domain name of a website that violates local law or the
registry owners’ conscience, but we encourage registries, and all
providers of Internet infrastructure, to stay out of the
content-regulation business as much as possible 

	This saves ICANN from the horrible position of enforcing rules
completely outside its mission, mandate and conscience, e.g., a
possible future .WHITESUPREMACY gTLD in which “Voluntary PICs”
require _ICANN _to suspend all registrants who use their domain names
to post content about equity, systemic bias, and Black Lives Matter
rallies. 

	Not through ICANN, and not through a third party administered by
ICANN, should such clearly content-oriented (and offensive) rules be
enforced. Happily, we all agreed in 2016, that the Internet’s domain
name system is not the place to police speech. _ICANN, the
organization that regulates that system, is legally bound not to act
as the Internet’s speech police. _Let’s step away from this
landmine quickly. 

	2. COMMITMENTS NEED TO BE CONSISTENT WITH THE HUMAN RIGHTS CORE VALUE
ESTABLISHED IN THE ICANN BYLAWS 

	This one is exceptional straightforward: we agreed to the ICANN Core
Value of “respecting recognized human right as required by
applicable law” in the 2016 ICANN Bylaws.  How could we not include
or reference as a guidepost or principle as to what is allowed or not
allowed in the contracts ICANN is signing? 

	ICANN BYLAWS, SECTION 1.2(B) CORE VALUES 

	“In performing its Mission, the following ‘Core Values’ should
also guide the decisions and actions of ICANN:

	*** 

	(viii) Subject to the limitations set forth in Section 27.2, within
the scope of its Mission and other Core Values, respecting
internationally recognized human rights as required by applicable law.
This Core Value does not create, and shall not be interpreted to
create, any obligation on ICANN outside its Mission, or beyond
obligations found in applicable law. This Core Value does not obligate
ICANN to enforce its human rights obligations, or the human rights
obligations of other parties, against other parties.”

	3. PICS/RVCS SHOULD NOT GIVE REGISTRIES UNBOUNDED DISCRETION TO
SUSPEND DOMAIN NAMES 

	Simply put, let’s have no absolute monarch with uncontrolled power
over the life and death of a domain name. Believe it or not, one
registry applicant gave itself the power “at its sole discretion and
at any time and without limitation, to deny, suspend, cancel, or
transfer any registration or transaction, or place any domain name(s)
on registry lock, hold, or similar status” for vague and undefined
reasons. This currently affects hundreds of gTLDs and potentially
millions of registrations! _But we have spent two decades at ICANN
coming up with fair and balanced rules for the creation, revocation
and transfer of domain names, along with the handling of domain name
disputes. _The idea that someone, for example, within the term of a
domain name might offer the registry more money, and thus the registry
orders the registrar to unilaterally terminate the domain name
contract, is unacceptable.

	_How can ICANN fathom enforcing Voluntary PICs with no limits? _It is
an absurd thought: ICANN can’t – not through its own mechanisms or
those of third parties – so these provisions simply should not exist
in future voluntary PICs. Absolute monarchs went by the wayside in the
last century. 

	4. AND PICS/RVCS SHOULD NOT BE USED TO CREATE NEW POLICIES THAT
DIDN’T COME THROUGH ICANN PROCESSES 

	The GNSO makes the policies for gTLDs with the advice of Advisory
Committees (including GAC and ALAC) and the approval of the Board. If
registries want to go above and beyond by creating protections for the
environment, for political speech, for intellectual property, for
white supremacists, let them do it in their own terms of use, and
subject to other forms of review and opposition, and to market forces,
but not enforced by ICANN or delegated by ICANN to a third party for
enforcement. 

	*** 

	Overall, voluntary PICs were designed to allow reasonable
accommodation of Government Advisory Committee Early Warnings and
Advice – a place to confirm that a .HOSPITAL registry may review the
authorizations, charters and licenses of this applicant of a
“highly-sensitive” string and have the right, on complaint, to
consult with the registrant and appropriate supervisory authorities
about its authenticity. A .hospital registration should be a hospital
registration. 

	We don’t want to see ICANN become another content moderation
battleground. They will also help registry operators to resist calls
for censorship by certain governments and indeed from anyone who wants
to arbitrarily impose rules on the DNS outside our ICANN processes. 

	-------------- CircleID Posting by Mitch Stoltz, November 23, 2020
-------------------------------------------

	ICANN Should Keep Content Regulation and Other Arbitrary Rules Out of
Registry Contracts 

	By Mitch Stoltz Senior Staff Attorney at the Electronic Frontier
Foundation

	The domain name system is not the place to police speech. ICANN is
legally bound not to act as the Internet's speech police, but its
legal commitments are riddled with exceptions, and aspiring censors
have already used those exceptions in harmful ways. This was one
factor that made the failed takeover of the .ORG registry such a
dangerous situation. But now, ICANN has an opportunity to curb this
abuse and recommit to its narrow mission of keeping the DNS running,
by placing firm limits on so-called "voluntary public interest
commitments" (PICs, recently renamed Registry Voluntary Commitments,
or RVCs). 

	For many years, ICANN and the domain name registries it oversees have
given mixed messages about their commitments to free speech and to
staying within their mission. ICANN's bylaws declare that "ICANN shall
not regulate (i.e., impose rules and restrictions on) services that
use the Internet's unique identifiers or the content that such
services carry or provide." ICANN's mission, according to its bylaws,
"is to ensure the stable and secure operation of the Internet's unique
identifier systems." And ICANN, by its own commitment, "shall not act
outside its Mission." 

	But… there's always a but. The bylaws go on to say that ICANN's
agreements with registries and registrars automatically fall within
ICANN's legal authority, and are immune from challenge, if they were
in place in 2016, or if they "do not vary materially" from the 2016
versions. 

	Therein lies the mischief. Since 2013, registries have been allowed
to make any commitments they like and write them into their contracts
with ICANN. Once they're written into the contract, they become
enforceable by ICANN. These "voluntary public interest commitments"
have included many promises made to powerful business interests that
work against the rights of domain name users. For example, one
registry operator puts the interests of major brands over those of its
actual customers by allowing trademark holders to stop anyone else
from registering domains that contain common words they claim as
brands. 

	Further, at least one registry has granted itself "sole discretion
and at any time and without limitation, to deny, suspend, cancel, or
transfer any registration or transaction, or place any domain name(s)
on registry lock, hold, or similar status" for vague and undefined
reasons, without notice to the registrant and without any opportunity
to respond. This rule applies across potentially millions of domain
names. How can anyone feel secure that the domain name they use for
their website or app won't suddenly be shut down? With such arbitrary
policies in place, why would anyone trust the domain name system with
their valued speech, expression, education, research, and commerce? 

	Voluntary PICs even played a role in the failed takeover of the .ORG
registry earlier this year by the private equity firm Ethos Capital,
which is run by former ICANN insiders. When EFF and thousands of other
organizations sounded the alarm over private investors' bid for
control over the speech of nonprofit organizations, Ethos Capital
proposed to write PICs that, according to them, would prevent
censorship. Of course, because the clauses Ethos proposed to add to
its contract were written by the firm alone, without any meaningful
community input, they had more holes than Swiss cheese. If the sale
had succeeded, ICANN would have been bound to enforce Ethos's
weak and self-serving version of anti-censorship. 

	A Fresh Look by the ICANN Board? 

	The issue of PICs is now up for review by an ICANN working group
known as "Subsequent Procedures." Last month, the ICANN Board wrote an
open letter to that group expressing concern about PICs that might
entangle ICANN in issues that fall "outside of ICANN's technical
mission." It bears repeating that the one thing explicitly called out
in ICANN's bylaws as being outside of ICANN's mission is to "regulate"
Internet services "or the content that such services carry or
provide." The Board asked the working group [pdf] for "guidance on how
to utilize PICs and RVCs without the need for ICANN to assess and pass
judgment on content." 

	A SOLUTION: THREE GUARDRAILS ON PICS/RVCS  

	[Note from Kathy, 12/16, in consultation with Jorge Concio, we added
the 4th guardrail/principle: “Commitments need to be consistent with
the human rights core value established in the ICANN Bylaws” –
previous posted to this WG]

	There's a simple, three-part solution that the Subsequent Procedures
working group can propose: 

	-    PICs/RVCs can only address issues with domain names
themselves — not the contents of websites or apps that use domain
names;

	 -   PICs/RVCs should not give registries unbounded discretion to
suspend domain names;

	 -   and PICs/RVCs should not be used to create new domain name
policies that didn't come through ICANN processes. 

	In short, while registries can run their businesses as they see fit,
ICANN's contracts and enforcement systems should have no role in
content regulation, or any other rules and policies beyond the ones
the ICANN Community has made together. 

	Guardrails on the PIC/RVC process will keep ICANN true to its promise
not to regulate Internet services and content. It will help avoid
another situation like the failed .ORG takeover, by sending a message
that censorship-for-profit is against ICANN's principles. It will also
help registry operators to resist calls for censorship by governments
(for example, calls to suppress truthful information about the
importation of prescription medicines). This will preserve Internet
users' trust in the domain name system.

	
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-newgtld-wg/attachments/20201216/915da14b/attachment-0001.html>