Six months following the April 11th issuance of the Beijing Communique by ICANN's Governmental Advisory Committee (GAC), ICANN continues to wrestle with whether to accept the bulk of the GAC's proposed safeguards for new gTLDs as set forth in Annex 1 of that document.
On October 1st ICANN Board Chairman Stephen Crocket sent a letter to GAC Chair Heather Dryden summarizing the results of the September 28th meeting of the New gTLD Program Committee (NGPC) that considered the remaining and still undecided advice received from the GAC.
In regard to Category 1 Safeguard Advice relating to consumer protection, sensitive strings and regulated markets, that letter stated: Category 1 Safeguard Advice: The NGPC is working on an implementation plan for the advice and will inform the GAC of the details upon approval by the NGPC.
In other words, the NGPC has still made no final decisions regarding the Category 1 Safeguard Advice.
One key subset of the Category 1 Advice relates to strings that are related to regulated industries and professions. In that regard, the Beijing Communique states the following:
Category 1 Consumer Protection, Sensitive Strings, and Regulated Markets
The GAC Advises the ICANN Board:
Strings that are linked to regulated or professional sectors should operate in a way that is consistent with applicable laws. These strings are likely to invoke a level of implied trust from consumers, and carry higher levels of risk associated with consumer harm. The following safeguards should apply to strings that are related to these sectors:
1. Registry operator will include in its acceptable use policy that registrants comply with all applicable laws, including those that relate to privacy, data collection, consumer protection (including in relation to misleading and deceptive conduct), fair lending, debt collection, organic farming, disclosure of data, and financial disclosures.
2. Registry operators will require registrars at the time of registration to notify registrants of this requirement.
3. Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.
4. Establish a working relationship with the relevant regulatory, or industry self-regulatory, bodies, including developing a strategy to mitigate as much as possible the risks of fraudulent, and other illegal, activities.
5. Registrants must be required by the registry operators to notify to them a single point of contact which must be kept up-to-date, for the notification of complaints or reports of registration abuse, as well as the contact details of the relevant regulatory, or industry self-regulatory, bodies in their main place of business.
The Communique then goes on to provide a non-exhaustive list of multiple domains within twelve separate categories (e.g., Children, Health and Fitness, Financial, and Professional Services) that these safeguards should apply to.
Drawing on my experience co-founding .TRAVEL, where we established a similar model, this way forward can establish a basis to end the ongoing impasse in final consideration and appropriate implementation of this subset of GAC advice. This article provides a mechanism by which the GAC safeguard advice for protecting the public interest attaching to regulated sectors can be implemented. This approach would assure that as Internet users interact with domains at new "sensitive string" gTLDs associated with regulated industries and professions, they can be assured that the registrants are bona fide entities engaged in legitimate activities.
The GAC safeguards can be fully developed and implemented through the establishment of a Policy Advisory Board (PAB) at each such string composed of a balanced and inclusive membership. The PAB can then develop appropriate registrant eligibility criteria and registry policies — these policies can then in turn be incorporated within enforceable Public Interest Commitments Specifications (PICS) for the registry.
The PAB approach recognizes that one size does not fit all — that the specific and appropriate safeguards for a string associated with gambling activities are quite different from those involving strings that relate to, for example, financial services, health care, professional services, or charities. The virtue of the PAB approach is that it would permit protection of the legitimate public interest through adoption of the general PAB structure by the NGPC without requiring it to in any way get into specific details of the proper implementation of safeguards at any particular string encompassed by this GAC advice. Registrant criteria, registry policies, and other relevant decisions relating to that implementation would be made by each string-specific PAB based upon the specific sector, relevant regulations, data collection needs, and other considerations for the specific string. Certain costs associated with PAB implementation and operation would be imposed on the applicant/registry operator in the belief that such strings carry certain public interest responsibilities and that these costs are best recouped from regulated sector applicants rather than from affected elements of the public.
The remainder of this paper outlines Guiding Principles for the PAB model, including suggested elements and considerations for PAB adoption and implementation: as well as the various categories of parties to be considered for inclusion within a PAB. The author hopes that this suggested approach will prove beneficial to the NGPC and the GAC, as well as provide a common ground for discussion between affected new gTLD applicants and the general public, including the many interest groups and constituencies with a strong interest in the proper and beneficial functioning of a particular gTLD that implicates a regulated sector.
Policy Advisory Board Representation
By Ronald N. Andruff, President & CEO, dotSport LLC
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection