In early November 2013, prior to ICANN’s Buenos Aires meeting, I published an article at this forum, Policy Advisory Boards – A Cornerstone PICS (Public Interest Commitment Specification), that extoled the advantages of adopting a Policy Advisory Board (PAB) model as a practical, effective, and least burdensome means of effectively implementing the request of ICANN’s Governmental Advisory Committee (GAC) for consumer and competitive safeguards at sensitive new gTLD “strings”—especially those that are related to regulated industries and professions. It is deeply gratifying that the article has received nearly 9,000 views since first being posted, and more importantly that it has inspired considerable discussion within the ICANN community.

As I stated in that article:

The GAC safeguards can be fully developed and implemented through the establishment of a Policy Advisory Board (PAB) at each such string composed of a balanced and inclusive membership. The PAB can then develop appropriate registrant eligibility criteria and registry policies—these policies can then in turn be incorporated within enforceable Public Interest Commitments Specifications (PICS) for the registry.

The means of implementing the GAC safeguards was not resolved in Buenos Aires, and at the conclusion of the meeting the GAC requested a briefing on whether the Board considered the existing PIC specifications, including Section 3c, to fully implement its advice.

Since Buenos Aires, I joined with colleagues from the Business Constituency (BC) and the At-Large Advisory Committee (ALAC) to request that ICANN’s New gTLD Program Committee (NGPC) put the PAB Model out for public comment to gauge support and solicit ideas for improvements prior to the upcoming Singapore meeting. Unfortunately, after an exchange of several letters (described below), the NGPC declined to do so.

Dissatisfied with that response and using a rarely invoked process, the ICANN community has now launched its own initiative to ensure that consumer protection and effective competition become key components and benefits of new gTLDs. On February 25th, the entire ALAC voted unanimously to put the PAB Model out for public comment.

The full text of the PAB Model Proposal and supporting materials can be viewed at here. The best available information is that this ALAC-initiated public comment period will begin on or around March 10th for a 21-day public comment period, followed by a 21-day reply period.

How ICANN responds to this action will be a real world test of its true commitment to the bottom up, consensus based, multistakeholder consultation and decision making process that is accountable to the ICANN community and public interest; the cornerstone elements of the ICANN policy development process of the multistakeholder model. This test will occur during the very time when ICANN has initiated extraordinary steps of its own in purported defense of that model through its signing of the Montevideo Statement and its call for the Internet Governance meeting to be hosted by Brazil in April.

The ALAC Rationale

In the absence of the NGPC ensuring that PICs cannot be subject to unilateral changes by a registry, and in the absence of any announced enforcement mechanism other than the PICDRP which is costly, slow and requires that personal harm be demonstrated by the entity filing the DRP, the ICANN community finds itself compelled to take matters into its own hands.

As the ALAC Rationale for support of the PAB Model states:

In response to requests from its GAC and other stakeholders (but without consulting them on the response), ICANN instituted a mechanism called Public Interest Commitments (PICs). While the PIC program superficially provided a mechanism that enabled TLD applicants to demonstrate a set of self-imposed rules intended to satisfy the GAC advice, upon further review PICs are revealed to provide little or no actual public interest benefit… To many stakeholders—especially those stakeholders who provide and use services and products over the Internet—this is simply not a sufficient infrastructure on which to base trust in the new gTLDs, particularly those related to regulated or sensitive industries…The PAB proponents (and we believe many GAC and other community members as well) find this response to be completely unsatisfactory and against the public interest…

The ALAC joins other members of the ICANN community in supporting the Policy Advisory Board model as described below—used for regulated fields and trust-sensitive strings (such the strings listed as “Category 1” in the GAC Communiqué)—as an effective, implementable and necessary solution to many of the trust issues that have been raised related to new gTLDs, and we are asking for the support of the wider ICANN community.

ALAC also describes the purpose of soliciting public comment from the entire ICANN community:

The purpose of this public comment period is to obtain feedback and collect broader community input into the further development of the PAB model, and to which TLD strings it may best apply. After the public comment period is complete the ALAC will analyse the results, and—in collaboration with other community members—determine subsequent action.

Background: The Exchange of Letters with the NGPC

On January 27th I joined with other well-known members of the ICANN community, in urging the NGPC to “take the specific action of posting the proposal for establishment of a Policy Advisory Board approach by new gTLD registry applicants and soon-to-be operators to effectively address key concerns specific to Restricted Access registries, especially those linked to highly regulated industries requiring consumer protection and harm mitigation, for public comment.” Allowing the community to comment on the PAB model would greatly assist and inform further NGPC consideration of this matter as well as facilitate face-to-face discussions with the GAC at the upcoming ICANN meeting in Singapore next month. That was posted by ICANN.

That letter was responded to on February 4th by ICANN’s Vice-President for gTLD Operations in a letter stating that ICANN would not put the PAB model out for public comment—but which noted that registry operators were free to voluntarily adopt such a model.

The proponents followed up with a response to that refusal on February 14th, when they sent a second letter to Chairman Chalaby. He responded in turn with his own letter of February 20th. That response again refused the request for public comment, noting that the NGPC had approved a Resolution on February 5th that implemented the GAC advice (although its own implementation deviated in some significant ways from the GAC request.

Several things are noteworthy about the NGPC’s action of February 5th:

• The majority of the strings originally identified by the GAC as implicating regulated sectors were relegated to a category requiring only three minimal safeguards, not the full scope of eight safeguards. The reason for the differentiation is unclear and unexplained—for example, it is not obvious why .MEDICAL is subject all safeguards but .HEALTH is not; likewise for .CREDITCARD versus .CREDIT, etc.
• Registry operators are required to include various safeguard requirements in their Registry-Registrar Agreements, but have no ongoing obligations to actively monitor and enforce such provisions.
• Registry operators are, for those gTLDs subject to the full panoply of safeguards, required to “clear a pathway” for working relationships with regulators and self-regulatory bodies in order to develop risk-mitigation strategies aimed at fraudulent and illegal other activities—but are not required to develop such relationships with other expert stakeholders, such as civil society consumer advocacy and protection groups.
• And, in perhaps the biggest flaw, registries for the full safeguards gTLDs are only required to include a provision in their Registry-Registrar Agreements that require registrars to obtain “a representation” from registrants that they possess any necessary authorizations, charters, licenses, or other credentials for participation in the sector associated with the gTLD string. Scam artists who provide false WHOIS contact data and intend to perpetrate frauds will have no hesitation clicking on a box or engaging in whatever other action is requested to make such a non-validated and false representation in order to obtain a domain from which to launch their schemes.

That watered down requirement was strongly criticized in a February 4th, 2014 letter sent to ICANN Board Chairman Stephen Crocker by U.S. Assistant Secretary for Communications and Information Lawrence Strickling. Secretary Strickling emphasized that “the concept of “representation” is different from the affirmative obligation for the registry operator to verify or validate the credentials of domain names registrants that indicate participation in certain professional and regulated sectors, as the GAC requested”. His letter also indicates continuing questions regarding whether the NGPC action effectively prevents a gTLD registry operator using restricted registration policies from granting undue preference to any particular party, or subjecting potential registrants to any undue disadvantage.

This dilution of the GAC’s requested safeguards appears at odds with one of ICANN’s Core Values, as stated in Section I.2.11 of the Bylaws:

In performing its mission, the following core values should guide the decisions and actions of ICANN:

11. While remaining rooted in the private sector, recognizing that governments and public authorities are responsible for public policy and duly taking into account governments’ or public authorities’ recommendations.

Concern from other Quarters

It is clear that other parties also share continuing concerns about adequate protections of the public interest where new gTLDs implicate regulated sectors. For example, two recent letters published by ICANN focus on the .HEALTH application and similar health-related gTLDs and request “the ICANN Board to delay the allocation of .HEALTH and other health?related names until adequate safeguards, and baseline conditions for their implementation, are in place. Towards that end, it is essential that ICANN relies on the health community to lead the process to produce a new set of safeguards for health, to be discussed with the ICANN Board at the London ICANN meeting in June, 2014.” (See letters from Society of Health Informatics and from International Medical Informatics Association)

Similar concerns exist for strings that implicate other regulated sectors where the public interest is paramount.

Conclusion

Adoption of the PAB or model with similar public interest safeguards could effectively address the GAC request and related public interest-motivated input in a manner that relieves ICANN’s Board and staff of determining the precise details of “adequate safeguards, and baseline conditions”, as well as avoiding the placement of excessive burdens on ICANN compliance staff, by inserting a self-regulating and correcting mechanism within each implicated gTLD.

As our January 27th letter concluded:

The PAB provides a flexible, pragmatic, and effective means of implementing GAC safeguard advice for strings associated with regulated industry/profession gTLDs for which very different public protection issues and industry practices pertain. It offers flexibility to the registry applicant to design an inclusive and representative group of experts, consumer interests, and engagement with appropriate regulatory representatives. Its adoption would provide the NGPC with an effective response that does not require it or ICANN to get into the issue of appropriate policies for each differing gTLD. The establishment of PABs also would substantially reduce further compliance burdens upon ICANN by providing a broad pathway for bringing regulators, self-regulatory groups, and appropriate members of civil society within the policymaking and activity monitoring structure of a gTLD, and doing so in a standardized framework, thus reducing compliance monitoring as the PAB’s members will be actively engaging with the Registry Operator. Such models for such a form of inclusion of consumer advocates; civil society, and consultation with regulatory bodies are well developed in many industry sectors.

Comments on the PAB proposal could further refine such issues as whether separate PABs must be established for each gTLD associated with a specific regulated/restricted access sector (e.g., health care or financial services) or whether the goals could be better served by establishing one overarching PAB interacting with all implicated strings. They could also help delineate the degree to which registry operators would interact with the PAB and thereby shape registry policies. Finally, comments could address whether the PAB approach is relevant for all sensitive strings or whether other protective measures would be more suitable for some.

Given the potential of PAB adoption to sever the Gordian Knot situation that ICANN is presently entangled in, there was never a sound reason not to seek expeditious public comment to inform further discussion in Singapore and beyond. Representing the face of a broad and growing coalition of impacted Internet users, ALAC has taken that step after the NGPC’s refusal to do so.

Now that the ALAC has initiated its own public comment, how ICANN responds to this community-grounded, consensus-driven initiative will be critical not only for the public protections that the PAB model seeks to foster, but for testing ICANN’s real world commitment to the multistakeholder model.