Carlton,

I recently had a discussion with Milton about problems regarding the definition of multistakeholderism and the inefficiency of the current ICANN model to handle a rapidly evolving threat matrix. Milton and I were both participants in the ICANN 1.0 and ICANN 2.0 models, and we talked about how external forces are likely to drive the need for an ICANN 3.0 refresh in the not too distant future.

While the original goal was for ICANN to work with the stakeholders in the ecosystem to respond to problems in a fashion more quickly than governments, I think the proof in the pudding is that is clearly not working. Perhaps the most damning evidence of the growing inefficiency of the ICANN model is following statistic.

ICANN’s proof of concept for the introduction of new gTLDs started in the Spring of 1999 and the decisions for the selection of these string were made in the Winter of 2000, approximately 18 months.
The Stuart Lynn “sponsored” round took place in 2004, approximately 4 years after the first proof of concept round.
ICANN last round of new gTLD expansion took place in 2012, approximately 8 years after the sponsored round.
The next round is scheduled to open in 2026, 14 years after ICANN’s previous round.

2 ($50,000), 4 ($45,000), 8 ($185,000), 16 years ($227,000 ++) - THIS IS NOT EFFICENCY. This simple fact is the bigger ICANN has become and the larger remit that is has undertaken, the SLOWER things go. Or perhaps more cynically stated, those incumbents with a financial interest in maintaining the status quo can imped policy process more easily. Look at ICANN’s struggles on accuracy and access to registration data that has spanned decades, and the ICANN community cannot even agree on a definition of the word accuracy. The Europeans proposed NIS 2.0 in 2020 , it went through the whole legislative process and was implemented into national law in approximately 4 years.,

If you were a business that cared about the issue of the accuracy and access to domain name registration data where would you invest your limited time, spendings decades traveling in circles around the world to ICANN meetings or a couple of years in Brussels.

The US, EU, AU, CN and RU have all recognized the importance of the DNS as critical national infrastructure, and more and more countries are likely to enshrine this concept into their national laws. The world we live in is much different than the world ICANN faced back in 1999 (ICANN 1.0) and 2003 (ICANN 2.0). Therefore, I think the community should embrace this change and how ICANN co-exists in this new world. I think an ICANN 3.0 which focuses on core technical coordination (think IANA functions) is the path forward.

Best regards,

Michael

From: Carlton Samuels <carlton.samuels@gmail.com>
Date: Monday, February 17, 2025 at 2:37 PM
To: mike palage.com <mike@palage.com>
Cc: Jonathan Zuck <JZuck@innovatorsnetwork.org>, Alan Greenberg <greenberg.alan@gmail.com>, CPWG <cpwg@icann.org>, ALAC <alac@atlarge-lists.icann.org>
Subject: Re: [ALAC] Re: Statement on Registration Data Accuracy

Hi Mike:

I got all that, thank you!

Refer this line: "... If the true goal of the registration data (WHOIS) accuracy is contactability, then who the registrant claims to be is secondary....." I am still persuaded to that position.

That construct was intended to convey that my views are in context of the existing policy and the pointers for implementation and execution that still exist. If the ICANN policy on data accuracy has changed, then I am behind the curve here and must update myself.

The use of the word 'regulator' associated with ICANN is not a snark intended to modify its ordinary meaning. So yes to contactability, accountability and trust, principles for normative behaviour usually vested in a regulator.

However, accepting an argument for alignment with NIS2 will naturally require abandonment of existing [consensus?] policy and, then, a change in the script. We would add adoption of something congruent to 'legally binding' governmental oversight; verify and hold the actors to account.

I can well imagine it'd be, at minimum, an interesting intellectual exercise.

Carlton

==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================

On Mon, 17 Feb 2025 at 13:55, mike palage.com <mike@palage.com> wrote:

Carlton,

A lot to unpack but allow me to try.

So lets start off with what we agree on – “the self-regulated registration data (WHOIS) accuracy model has failes (sic).”

What we disagree on “the true goal of the registration data (WHOIS) accuracy is contactability, then who the registrant claims to be is secondary. Whether they identify as Wile E. Coyote, Donald D. Duck, or Jack Schitt shouldn’t matter.So long as they can be reached via a valid phone number or email. And if they cannot be reached, there are consequences.”

I think “contactability” is framing the discussion entirely wrong. I think the better perspective is “accountability”. There is a clear trend in national law that DNS is critical infrastructure. While “contactability” was a nice talking point for Contracting parties looking to keep their operating costs down by merely verifying the operation of either an email or a phone number, the use of disposable emails makes ICANN’s current definition of “accuracy” largely meaningless when dealing with bad actors.

If we frame the discussion of data accuracy from an accountability perspective, I think this aligns with where the Cooperation Group is headed with its guidance on NIS 2.0 Article 28. With accountability in the ecosystem (see also Article 21 of NIS 2.0) we build trust within that ecosystem that directly benefits are participants (end users) within that ecosystem.

One of the great talents of Steve DelBianco is to take complex issues and to distill them down into simple to understand concepts that can be easily repeated to make a lasting impact on this listener. I think we “contactability” is a 1990’s concept that no longer scales to the reality of today’s internet where DNS is widely being recognized as critical infrastructure under national law. This reality I think necessitates that we approach RDDS data accuracy and access from an accountability perspective.

Channeling my inner Steve and Jonathan, I think the three key bullet points on a single power point slide would be:

Contractability, Accountability and Trust. I would just use these three words on the slide to have the listener pay attention to the message I was conveying. I would then use the following talking points to expand on each bullet point.

“Contactability” is an outdated concept from the 1990’s

“Accountability” is the proper concept to align with DNS being viewed as critical national infrastructure

“Trust” in an eco-system is possible when are participants can be held accountable

Jonathan, I welcome your thoughts on how close I got to the Steve DelBianco gold standard?

Best regards,

Michael

From: Carlton Samuels <carlton.samuels@gmail.com>
Date: Sunday, February 16, 2025 at 3:39 PM
To: Jonathan Zuck <JZuck@innovatorsnetwork.org>
Cc: Alan Greenberg <greenberg.alan@gmail.com>, CPWG <cpwg@icann.org>, ALAC <alac@atlarge-lists.icann.org>, michael palage.com <michael@palage.com>
Subject: Re: [ALAC] Re: Statement on Registration Data Accuracy

I see all this and I’m still gobsmacked how easy it is to connive at error. Leading……well, um threshold questions are always intended to enforce adaption of a set narrative. That should be rejected for cause.

There is no successful contradiction for the evidence of inaccuracy in contact data and the registration system still lacks meaningful enforcement of the existing data accuracy policy for the DNS. It remains astonishing how easily errors persist—registrars are required to warrant that registrants provide valid contact details, yet verification remains weak. ICANN’s policy demands that registrars validate and periodically review phone and email contacts, even as these are constantly changing and too often left unchecked.

Here is what we know for sure. The self-regulated registration data (WHOIS) accuracy model has failed. We have undeniable proof: emails don’t resolve, phone numbers are unreachable, and registrars face no real consequences for non-compliance. What we have here is a policy that exists in theory but not in practice. ICANN, the supposed master regulator, has failed to enforce its own policy. Evidence of oversight is weak to non-existent, and without penalties, registrars have no incentive to comply.

Enter NIS2, which flips the script on registration data (WHOIS) accuracy. It raises the bar on verification, intends enforcement of legally binding government oversight and introduces penalties for non-compliance. So now, the hue and cry. Because if the EU enforces this directive as law, it would fragment the domain registration landscape, resulting in divergent verification standards, conflicting enforcement mechanisms, and inevitable clashes with GDPR. Lawyers will thrive with the legal grey areas now at play.

But let’s not get lost in the noise. If the true goal of the registration data (WHOIS) accuracy is contactability, then who the registrant claims to be is secondary. Whether they identify as Wile E. Coyote, Donald D. Duck, or Jack Schitt shouldn’t matter. So long as they can be reached via a valid phone number or email. And if they cannot be reached, there are consequences.

Carlton

==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================

On Fri, 14 Feb 2025 at 14:02, Jonathan Zuck via ALAC <alac@icann.org> wrote:

Thanks for your work on this! As I read it, it seems to be missing the end user impact assessment that we have begun to incorporate in such comments. We make the point that we’re not the experts but instead rely on the expertise of others but could we site some of those experts to lay out a few bullets that tie this exercise back to our mandate and remit?

From: Alan Greenberg <greenberg.alan@gmail.com>
Sent: Thursday, February 13, 2025 12:10 PM
To: Jonathan Zuck <JZuck@innovatorsnetwork.org>
Cc: CPWG <cpwg@icann.org>; ALAC <alac@atlarge-lists.icann.org>; Michael Palage <michael@palage.com>
Subject: Statement on Registration Data Accuracy

Jonathan, the statement in response to the GNSO query related to registration data accuracy is not finalized.

It is a significant enhancement on the version discussed during yesterday's CPWG meeting, but is identical in its overall intent.

It is a much stronger and hopefully effective message.

It was a collaborative effort of Michael, Cheryl, Justine and me.

You can find it at https://docs.google.com/document/d/1uvGxFjlKMscGweIb-29UKc46ycgGKADbRA4NCp66eDA

Alan

_______________________________________________
ALAC mailing list -- alac@icann.org
To unsubscribe send an email to alac-leave@icann.org

At-Large Online: http://www.atlarge.icann.org
ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.