New gTLD Program - Trademark Protection and Malicious Conduct Cartagena, Colombia 6 December 2010 >>KURT PRITZ: Good afternoon, everybody. We're going to start in just a minute, okay? Good afternoon, everybody. I'm Kurt Pritz. Thank you very much for taking your time to join this discussion about the new gTLD program and the overarching issues associated with it and the work that's been done to work towards a solution. I'm very pleased to be joined by board members Vanda Scartezini, Bruce Tonkin, Rita Rodin Johnston, Steve Crocker and Suzanne Woolf, who I think you all know. Just as a point of housekeeping, I'm going to apologize in advance that Vanda and Steve will have to leave after the start of this session, as they have another meeting to go to, but, you know, we value their -- yeah. We value their participation even for a limited time that we're pleased that they could join. Can I have the first slide? So after a brief introduction, we're going to operate on the level that most of the people in the room are acknowledgeable of the applicant guidebook and the issues surrounding the introduction of new TLDs, and so after a brief introduction by me, for each of the four overarching issues -- economic studies, root zone scaling, trademark protection, and mitigating malicious conduct -- we will have an opportunity for members of the audience to comment on the work that's been done to date and if there are opportunities for specific changes that need to be made in the guidebook in order to fully address the issue, we'll take that on board. The purpose of having the board members here with us today is for them to personally interact with the community, listen to comments, and take that back directly to the board discussions on the next steps for the new gTLD process. So we see that as very valuable. Can I have the next slide? So very briefly, the four issues to be discussed that were raised after the publication of the first guidebook have to do with ensuring the continued stability and security of the root zone, undertaking economic studies to determine what the potential benefits and costs of the new gTLD program are, addressing the concerns of trademark owners regarding registrations and protection of trademarks at the top level and, importantly, at the second level, and finally, with a multiplication of TLDs how do we work to ensure that malicious conduct doesn't multiply similarly or even reduce it. Now, the -- oh. So I should be the slidemaster here, huh? Yeah. So our overall approach on this has been to take input, seek consultations from those who consulted on the guidebook, form expert groups such as the IRT and STI, form trademark solutions, publish those findings, iterate it through public comment, and then develop a set of solutions either for the guidebook or, in some cases, you know, in support of launching the process. And it's very important going forward, I think, that we implement the proposed solutions and then measure their impact, so that we can continue to improve on the solutions that have been developed. And I'm not going to go through this, really, but how do we measure impacts? We look at the policy goals and the goals set out in the Affirmation of Commitments for the new gTLD program, and we'll measure the effectiveness of the -- these four measures against them. So we're going to start -- we have two hours for four issues, so not much time and we really want to hear from you. So with regard to root zone scaling, there's been collaboration and consultation among and with the RSSAC, SSAC, and a teamed formed especially for this purpose, the RSST. We've published documents around root zone scaling, one having to do with a specific instance of the L-Root and, you know, using that as a model for the root zone, what are the impacts to L-Root operations with the introduction of new TLDs. Another report reported on the delegation rates that are anticipated with new gTLDs. How many and how fast are we going to delegate TLDs. That report indicated, you know, 2 or 300 TLDs a year, and a maximum in any case, even if we were to get infinitely many applications, of a thousand a year. And then there's another report that was staff-generated with outside expertise, a summary of impacts to root zone scaling. So it's -- the status of this is the following. The concern -- one of the concerns with root zone scaling was that we'd have the coincident introduction of IPv6, IDNs, the signing of the root zone, DNSSEC, and new gTLDs, and not necessarily overtaken by events but so far we do have three of those -- right? -- IDN delegations, some -- IDN delegations, IPv6 deployment in some cases, and a signed root zone. I'm going to turn this discussion over to Steve Crocker and Suzanne, but the fact that delegations will be very limited is very important to the discussion. The fact that delegation rates will not exceed 1,000 per year. So I'm going to ask Steve to very briefly talk to this issue and then we can take questions regarding where we think the status of the root zone stability issue is right now. So if you don't mind, Steve. >>STEVE CROCKER: Now I'm on. Kurt, thank you very much. And I think you covered the ground quite well, so I'll try not to repeat any of the things that you said and just try to emphasize and add small points. The original scope was at a time when there was much less information and now we're -- over time, we have bounded the problem considerably. The root has gotten signed and DNSSEC -- the impact of DNSSEC is now pretty well visible, which -- and fortunately it's essentially negligible, and Suzanne can comment even more knowledgeably about it all. We also, as Kurt has said, now have a much better handle on what the likely load is as seen from sort of the marketing end of this. How many applications are going to come in. And even if large numbers of applications come in, how many are going to reach the next stage and put any load on the root server system. Two things that I think are worth emphasizing here. One is that despite the fact this has been kind of an extended and a little bit messier process than we had envisioned, it's been a fundamentally constructive process with parties talking to each other more substantively and more often than they had previously, and that's set the tone for continued kind of conversations of the kind that I think are -- are the usual and ordinary interactions between one side of the process that's generating load and the other side that has to deal with it. The other is that this estimate or, you know, figure of "not to exceed a thousand per year," is the picture now and will persist for some period of time but obviously doesn't characterize the indefinite future. So I don't want to too fine a point on it, but let's say that that's a two- or three- or four-picture as opposed to a ten- or a fifty-year picture. And a point that is -- has been discussed a lot but maybe isn't going to come out as clearly in all of the documentation is that there's no intention of taking these numbers as lasting forever. There's a very strong understanding that there has to be a revisiting and a recalibration and a measurement and observation process baked into this. And as I say, all this is fundamentally constructive and, for what it's worth, I'm sleeping quite well at night. You want to -- Suzanne, you want to -- >>SUZANNE WOOLF: Sure. I can add just a couple of points for emphasis, just because I believe Kurt and Steve have mostly covered the ground. But one -- there's two other sort of minor takeaway points here. One is that it is really hard to overstate the usefulness since the initial root scaling questions were formed of the thought and discussion that just went into scoping what questions we were really asking, and to having the worked example of the DNSSEC rollout in front of us. You know, we have this demonstration case at this point, and a great deal of it was public. You know, the detail -- a great deal of operational deal is fully public around how the DNSSEC rollout was done and the cooperation -- you know, the day-to-day collaboration amongst the parties involved to make sure that this proceeded in an orderly, predictable, stable way, and that there was no issue of damage or unpredictability to the system. The other thing I think that came out of this inquiry is that in addition to the fact that we do, in fact, do well with managing the operational side of things, there was an additional recognition that we can do better, and some discussion and some recommendations regarding closer monitoring and more specific data to be shared among the parties and to be shared publicly about exactly how the system is functioning and how -- and how things are performing and what stability looks like, what a robust functioning root system looks like. So I think both the RSSAC statement that came out and frankly I believe the SSAC statement that's very imminent look very brief and simple but, in fact, they represent a great deal of thought and work and commitment to a system that works and to making it work even better. >>KURT PRITZ: Thanks very much. So we're going to pause here and ask people to come to the microphone if, on this issue, there is specific questions or requests for further work. >>STEVE CROCKER: Thank you very much. [Laughter] [Applause] >>KURT PRITZ: So maybe some more action here. With regard to economic studies, you know, significant work has been done here, but the work is widely discussed. At different times, ICANN has contracted with Compass Lexecon, Dennis Carlton, Greg Rosston, Michael Katz, Charles River Associates, to provide economic studies. Also, studies have been conducted independently by Gandi in 2009, I think, and -- 2007, and OECD back in 2004 have furnished studies on the utility and potential net benefits of expansion of the root zone. And so these documents all discuss the benefits and costs of new gTLDs. They portray the benefits and costs differently. Is there going to be competition in the very generic space? What is the value of restricted TLDs, for example, or IDNs? What are the costs associated with trademark protection? What are costs associated with switching from one TLD to another? There's been two specific reports done on whether new register -- new TLDs should have price caps for their prices and there were also two reports on whether there should be structural or organizational separation between registrars, whether that structure should be maintained or relieved in some way. So several economic studies have been done. I think Elaine Pruis did a great job reading each one of these studies into the record in the session earlier this morning, but they all have to do with these different topics. So really it's -- for the audience here, I want to note that given the comments in the meeting so far here in Colombia, that the economic study's posted for public comment so we've opened up a public comment period on it, and seeking the answer to these questions, maybe, or other questions, but I invite people to come to the microphone, give their comments on any of the economic studies that have been published, utility of more work, or what can we reasonably expect from economic studies and how should they be or should not be a gating issue for new gTLDs or how should they affect the guidebook. So specific comments about the studies with specific recommendations and then, going forward, as we launch new gTLDs, how should impacts of the program be measured and how should we utilize the expertise of economists and that field in order to describe whether or not we've realized the benefits or mitigated the costs and how that can be done. So how do we measure this going forward. So if anybody wants to come to the microphone, I'd be pleased. >>MARILYN CADE: Thank you. Would you -- my name is Marilyn Cade. Would you go back to -- if you could, to the slide that has the list of the economic reports on it? >>KURT PRITZ: Uh-huh. Right there. >>MARILYN CADE: Those are economic reports. Some of them may be studies. Most of them are economic reports. There is really a significant difference. I guess I should say, first of all, that as someone who has hired a number of economists -- I might even have fired a few -- in my history in working for a large corporation, I have a really, I think, in-depth understanding of the role of economic analysis studies, reports, and policy -- and views about how both economic theory and facts can inform policymaking. Some of these reports are actually -- do actually include analysis, and others do not actually include fact-based gathering of information within the use of domain names, the registered -- sorry. The -- how domain names are registered and how they are used, and why people register or unregister domain names. And I want to make that point because I spent extensive time in talking to an economic firm and helping them to deepen their understanding of this particular, I might call it, sector. It's not -- doesn't deal with potato chips, doesn't deal with cars, doesn't deal with cosmetic products. It deals with something that is in a managed space, and that is very different than a consumer product which is directly interchangeable with another consumer product. So my point in saying some of these are reports, they may all provide information. Not all of them are actually based on studies of the actual registration and use of the present base of domain names which would, of course, include the vast number of domain names that are registered in country codes as well as in ASCII-based TLDs. So I'm pleased to see that in this second phase of the -- of this report just published on Friday, that we're beginning to get to something that I called for quite a long time ago, and I want to thank you all for that, and that is to look at actual use -- it's called case studies in here -- I might have a slightly different enhanced expectation and I'll talk about that in a minute, but I think we're beginning to look at the real experience of registrants and beginning to say, "So what are the things we can learn from what's going on right now?" One of the things that I would say today is an anomaly -- and I'm not going to give you my forecast on how long that will continue to be but it is in the future -- and that is the concept of switching costs. That is not a reasonable expectation for trademark holders who have invested their identity around a particular name. You don't switch from your present identity easily. You will have to coexist. And perhaps a better analogy for many of us would be to think about the need to have coexistence, for instance, of IPv4 networks and IPv4 numbers and IPv6 for quite a long time to come. It will take a long time before someone who has built up a significant identity, registered trademarks in vast -- in high numbers and in multiple countries, and built a presence both physically in brand recognition space in the marketplace and virtually to ever be able to abandon a name. They will also have to worry about ongoing efforts to capture the traffic or to cybersquat on the goodwill that exists in that previous name. So I think we really have to think about coexistence costs as opposed to switching costs. Now, perhaps in the future, after search has been replaced by something else and we think, rather than speak or write, we won't have to worry about this, but I can't forecast the time and I don't think any economist could. We must understand that in order to really -- there's some new information in this study, and I would say that we must have a comment period, so I thank you for opening one, but we learned some things in here that have been alluded to before but we haven't learned everything we need to know. And I think that's an important point as well. But one of the things we learned is that it is very expensive to register and protect a brand, and that it is about users. Users have certain expectations of an identity they find on the Internet. They associate either quality or lack of quality with particular brands and they also have expectations sometimes that there is -- that brands are trusted. And so let me give you an example of what a consumer might believe. This may not be a trademark brand, but it is certainly a brand. Registrations in dot gov are restricted to government agencies only. And a consumer accessing a name expects that to be a U.S. government agency. That is a consumer expectation. I think we've got to begin to look more at what the consumer expectations are, and understand what the implications are, then, for what the intellectual property protective devices must be, in order not to harm the consumer. We've been talking a lot about not harming the registry or the registrar. We need to also think about the fact that we are here to offer choice to registrants, not to build registries as businesses. The two will probably go hand in hand. I think the study begins to point out we need to talk more to the people who have to, for whatever reason, maintain those big portfolios. So here's my point: That information is trade secret information. In order to get access to that information, there's going to have to be a trusted third party that the party who holds the portfolio is willing to sign an exclusive proprietary agreement with. I can't talk about -- any more about the depth of that because the people you need to -- we need to be able to talk to are the brand holders, and about whether they're willing to disclose that information. I do know it's going to have to be treated like trade secret information, and all information will have to be anonymized. But I think we'll learn some important things and we may learn what essential additional IPR protections are needed and where they have to be applied. >>BRUCE TONKIN: Just before you run off, Marilyn, can you just clarify for me what question you're asking the brand holders there? So -- certainly there's public information as to what names most brand holders have because the WHOIS is have, so we know what they have, so you're really asking the question on what they're going to do with those names. Is that the question you're asking? >>MARILYN CADE: No. I think if you were to look at the Analysys Mason report that I worked on with MarkMonitor we did develop a lives questions. When you -- you don't just ask -- in order to understand the issues here, the -- because, you know, people are using the word "switching costs," but we -- that's not really the right term here. We need to think about this as portfolio management and defense costs, right? And there's also the brand enhancement, marketing of the brand, but right now we're talking about managing a portfolio and defending it, and I think we all understand that trademark holders have to protect their brand. This is not like a copyright. They have to protect their brand, or run the risk of losing it and dilution. So when you're managing -- and there are people who are much more expert than me. My experience in this is a few years old. When you're managing a portfolio, you have to make sure your registrations are renewed. You have to look for cybersquatting. You have to take defensive actions against people who are harming your brand or you may need to recover certain registrations that have been registered, for whatever reason, as either cybersquatting or they're registered to harm you or to dilute your brand. So the whole management process, Bruce, is very broad. So let me give you an example of where we add a network -- a negative network externality to someone who must defensively register. If all of the defensive processes we establish, such as sunrise or whatever, if they're individualized because somehow we think that adds competition between the registries -- I would question that, but if that's individualized then the brand holder has to individually train on not just one but two or 10 or 15 or 20 processes. And it's very -- that adds cost. So it isn't just that you're training someone to manage a new process, but you may be training people to manage multiple processes that are not consistent. That adds cost in the management of a yellow. Does that make sense? So when you ask a brand holder, "What are the mechanisms you use," you also need to ask them what the implication -- what the additional cost factors are -- >>BRUCE TONKIN: Right. >>MARILYN CADE: -- based on their approach. Some brand holders use aggressive defensive approaches. Others don't. >>ANTONY VAN COUVERING: Antony Van Couvering with Minds + Machines. I'm afraid Marilyn just stepped into an area I know a little bit about in the past and I think it's very important to distinguish between costs that are imposed by, say, gTLDs and ICANNs and costs that are imposed by a company's cost structure. I've certainly heard a number floating around that it's going to cost $300,000 per gTLD for brands. That either means they have a portfolio of 30,000 names that they're paying market price for, or they have a much lesser portfolio they're paying way too much for. I mean, I certainly don't think it's incumbent on everyone to subsidize overpriced internal processes, so I urge people to bear that in mind when we talk about costs. Since this is about the economic study, I'd also like to take issue with the fact that there's any new information here. I don't think there's any -- anyone is going to be surprised to learn that museum didn't work. And we know that it didn't work because it has very restrictive policies. I'd also like people to keep in mind that prior to this round, the names chosen were chosen by ICANN. There is a difference between dot com and dot ugly. You know, there's a semantic difference between names. Now, we have the chance, at last, to let people who understand their markets choose names that are attractive to their customers. The economic report talks about dot com and dot biz and how, if truly there were competition to dot com, someone would just choose a dot biz instead. They are not equivalent, and in fact that name was not chosen by NeuStar. That was not their first choice. They would rather have had another one. And I think we need to bear in mind that we cannot predict what's going to happen entirely, but we should not rely on economists who also cannot predict what's going to happen. Thank you. >>KURT PRITZ: I'm just going to interrupt for a second and give Vanda and Steve the opportunity to head off to their -- okay. To head off to their meeting. So thank you very much, Vanda. Yeah. Michael. >>MICHAEL PALAGE: Kurt, thank you. One of the things -- and I appreciate ICANN for investing the resources upwards of $2 million for these reports, slash, studies. Following up on one of the points I made earlier today, it would really help if ICANN could explain where -- what they picked and choosed from different reports, because they don't all say the same thing. So one of the things -- I know I sound like a broken record here, but part of the Affirmation of Commitments of -- part of the Affirmation of Commitments about providing the decision process is -- I think is really critical here. So one of the things I think both the community as well as I think the GAC is looking for is to explain what ICANN agreed with and where they deviated, because there are points of agreement and disagreement in this list. >>BRUCE TONKIN: So Mike, just -- because Kurt's just raised this question for me as well. You are ICANN and so really what -- when we're talking about which bits are picking and choosing from reports, this is the ICANN community. So what we'd like to hear from you is what bits do you think are relevant in those reports. You know, the board's not miraculously jumping in there and picking something out. We're listening to you. So this is a forum not to, you know, ask us -- we've already had the session on accountability and transparency. So perhaps focus on specifically what bits of the reports you think are worthy and we're interested to hear what others think as well. >>MICHAEL PALAGE: Mindful of the time, I don't want to take up too much time. I will just go back to the one point that I had raised earlier specifically. In the original CRAI report, the CRAI economists said there was an inefficiency for a brand TLD to have to buy a name from itself through a registrar. They mentioned the inefficiency in that model. Now, Kurt had said at the time, "Well, it's rather complex and, you know, we didn't know -- we don't -- you deviated because you're still mandating the use of registrars." So I -- I would point that as one specific and I could go through and identify a number of other points along those same lines. So I will try to get that in during the public comment period so that the board could reference that. The second follow-up point is, I know that this is a -- not an exact science. I appreciate that and I -- you know, you've -- I was where you are at right now. I know it's a difficult job and you're damned if you do, damned if you don't. The strength of ICANN is -- the strength is also its greatest weakness, right? You rely upon the bottom-up consensus-driven process. But unfortunately there are sometimes economic interests that impede the ability of reaching consensus which places the board in a very awkward situation. And I submit to you that your greatest ally in defending your actions is the GAC. And one of the things in the vertical integration where the CAM proposal that was written by myself, Avri Doria and Milton Mueller which the board adopted many of the proposals, one of the things that you build upon was the to be able to refer matters to national competition authorities. So after the ICANN board details how it relied upon these different studies, giving this to the GAC that do have, if you will, competition authorities -- in fact, you know, the dot com contract the last time got referred to the U.S. competition authority for review -- I think there are ways that you can utilize the GAC to validate your decision and I think it won't cost you millions or hundreds of thousands of dollars to do this additional work. So, again, I am all about the -- bringing a responsible closure to this process and just would like to make those points. Thank you. >>KURT PRITZ: Thanks, Michael. Mr. Foody. >>PAUL FOODY: Hello, gentlemen, ladies. The points about the limitation on the number of new gTLDs is at 1,000 per year. It really is irrelevant because it applies for just this application period. As a result, we're looking -- we have got to be anticipating an unlimited number of gTLDs. As a consequence, the preeminent domain will no longer be dot com, which if your proposal with regards to dot XXX goes ahead is going to be tarnished as a cesspool anyway, people will look away from dot com and look at what the future will be. When they see every major corporation with its own dot TLD, something that's heralded with dot canon's application, they are going to be deciding to go for the 185,000 TLD rather than any other secondary domain. The board has -- so far, you haven't done a single economic study of the impact of a massive million name top-level root. You have got to do that. The report by Dennis Carlton in 2009, it was done before even the number of gTLDs, though were expected, was even released. The second report last year, the second or the first stage of this latest economic report, it didn't address the possibility of a top- level domain system replacing the dot com domain. That has got to be done. And you will see that what is going to happen is that we're going to replace dot com where somebody can get a presence on the Internet for $10 for something that costs $1 million, at least $1 million for the first TLD. The second TLD will be $185,000, if that, because there are people who are saying, "Look, you have already carried out the work. You have already vetted us, so we want a discount on that." So the more gTLDs a corporation applies for, the cheaper it becomes. Meanwhile -- >>KURT PRITZ: So what's -- do you have a specific recommendation for board members? >>PAUL FOODY: My specific recommendation for board members is that based on the fact that you are wanting to improve competition, to recognize that the introduction of new gTLDs has got to be done in such a way that it doesn't replicate dot com, that it doesn't replace it, it's got to be complementary to it. What you have to do is -- And I suggested this morning that the easiest thing to do would be to say, look, the biggest thousand population cities in the world each get a dot TLD. Now, the reason that would make sense is that it would -- first off, it would offer the ability to test what is going to happen. Secondly, it gives a global awareness to changes in the domain name market, you know. So people become immediately aware that there are changes going on. Thirdly, it gives a global incentive to develop the sort of infrastructure that is going to be necessary if more gTLDs are required in the future. >>KURT PRITZ: Thank you. >>PAUL FOODY: My pleasure. >>KURT PRITZ: Yes? >> Hi, Fred Krueger (phonetic). I just wanted to make a brief comment. My first comment is we shouldn't be calling these things economic studies because we are not studying something. We're not studying a colony of ants to try to see what direction the ants walk in. This is economic prediction. That's what we're talking about. We're talking about, Please have some economist come up and tell us what the world's going to look like two years from now. Now, can any of you -- can any person in this room tell me what the Dow Jones is going to be two years from now? Can anybody tell me what the dollar, Euro is going to be two years from now? Can anybody tell me how many registrations dot music will have two years from now? No economist, no person in this group and none of this evidence, none of this data, which I have studied probably more than anybody in this room -- I've studied every single WIPO case. I have looked at all the data. And we've seen all the data, and there is no new data. There is no new information. We had these existing TLDs, which are now five years old. There is no new information. You can't study these things and come up with new stuff. You have to make predictions. You have to make assumptions about the future. And guess what? We're all wrong. Russia thought they would get 100,000 names; they got 600,000. Colombia thought they'd get 100,000; they got 600,000. That's reality, okay? The reality is we have absolutely no idea which one of these things is going to be successful and which ones aren't. I can guarantee you that a lot of smart people in this room using their own money are betting on the fact that this stuff will be successful. I think that's the best single test of the new TLD program. Why people like Constantine are coming here for two years running and spending his own money sponsoring this event, he thinks dot music is going to be successful. And I think it will. I think that is the ultimate test of the new gTLD program. I'm sorry, Marilyn, you're wrong. Thank you. [Applause] >>STEVE DelBIANCO: Kurt, it is Steve DelBianco with NetChoice, also a member of the business constituency. So the question you have put to us is what's new that came out of this study and how it should impact the guidebook and the decisions that have to be made. And I believe that the economists did their best to answer a question, not to predict the future but ask the question, do they believe that the benefits would exceed the costs of the new program as designed. And that's a rather pointed question. And as Fred said, it is rather difficult to answer. The economists concluded tentatively that new gTLDs will have a benefit that exceeds their costs. But on page 39, here's, I guess, the new information: Quote, if the new gTLDs fail to have adequate trademark protections, then infringement rates and cybersquatting costs could rise significantly. So if things are on balance, there's positive. But if the RPMs are inadequate, costs would rise significantly which throws into question whether or not costs would exceed or match benefits. So this is hard to use as a gating factor to say don't proceed. But it does point to new information in here that argues for enhanced rights protection measures, especially with a clearinghouse. And I believe that the BC will post its specific edits on that, specific changes today. That's number one. And number two is something we discussed this morning, Kurt, with respect to a more controlled release at the delegation phase because it is very different than the batching. I don't want to confuse it with batch because batch is with respect to evaluation and extended evaluation of apps. When it comes to putting them in the root, this notion of doing initial delegations at a relatively low quality with time to evaluate whether the RPMs have to be adjusted -- I think that's the word we used this morning. Adjusting RPMs basis on the experience of how that clearinghouse or claims service works on the first few delegations. So I don't want to call it a "batch" because that will confuse everyone. But think of a it as a bucket then, a bucket of water that we throw out there but we turn on a fire hose that's going to drown any chance of achieving effective safeguards we're obliged to provide. >>BRUCE TONKIN: How would you prioritize those? That's a reasonable -- >>STEVE DelBIANCO: Bruce, let me ask you. Absent any prioritization, how would the first delegated TLD be determined? I think it is the first one that's finished. Is that correct? >>BRUCE TONKIN: Well -- >>STEVE DelBIANCO: If the first one is finished and you say the first ten -- >>BRUCE TONKIN: Some of it is in control of the applicant and some of it is in the control of ICANN. So if you looked at the 2004 round, some of them still haven't gone live. Dot post hasn't gone live, for example, and that was approved last year. So the actual rate at which they went live was really determined in many cases by the applicant themselves and their own processes. So they set the timetable. I was hearing from you that you're implying that we would somehow say actually this week we're only going to take ten and then we have to decide which of the ten they would be. Just maybe clarify what you mean by -- There is going to naturally be a delegation rate that will vary over time. And I think you would probably find the gap -- even if you go back to the 2000 round, biz and info didn't go at the same time. There was actually a pretty big spread even in the 2000 round of those going live. So I think there would naturally be a spread, and you will naturally see that. So I just want to clarify with you assuming that we would then say we are going to put you and you and let you go first. >>STEVE DelBIANCO: Here's the decision we have to make as a community: When the first delegation -- when the first TLDs are delegated and are ready to turn on, others should not turn on until you have a chance to do what you promised to do this morning, to evaluate and tweak the RPMs, to make sure that we have effective safeguards, which is our obligation. I think the economic study gives us new information that the balance between cost and benefits is positive but could be thrown the other way. That's one piece of new information. Another piece of information is staff's suggestion -- and I agree with them -- that you have two tweak the RPMs after they are turned on. >>BRUCE TONKIN: That's how the program is designed. The program is designed that we actually are doing a round in 2011 and then we evaluate that round before we open up for another round. So that is built into the process. >>STEVE DelBIANCO: But, Bruce, you can't do an entire round of several hundred TLDs -- >>BRUCE TONKIN: That's what you're disputing. You are saying a round is too big? >>STEVE DelBIANCO: I'm saying as soon as the first TLD of the 2011 round is in the root and turned on, to your point, it is delegated but maybe not active because they are not taking registrations. As they are taking registrations, going through sunrise periods and TM claims, we are undoubtedly going to learn we didn't get it perfect. I don't want the perfect be the enemy of the good. We are not saying don't proceed. We are saying proceed carefully and using testimony, I think, that's been delivered here at this meeting that we will have to adjust the RPMs, trademark claims, sunrise, clearinghouse. We will have to adjust them as we use them in experience. It doesn't make any sense to adjust and do our learning with a simultaneous turn-on of hundreds of TLDs. We are going to have to actually have one or two go out. Maybe they are the first two that are done and ready. I will leave it to the community to figure out that priority. But it is clear that this economic study points to the need to get that right. >>KURT PRITZ: So, sadly -- Yes? I'm sorry. >>RITA RODIN JOHNSTON: Hello? I want to make one comment. I just want to make sure, Steve, I'm not sure that's new information. I'm far from articulate in all of these economic studies, but I can tell you that it's not news that the potential cost of trademark owners are going to be huge. And I think that the board has recognized that for a while now, which is why we formed an IRT in the way we did. We formed an IRT actually that wasn't as cross-community as some would have liked because we wanted trademark experts to come and try to propose some protection solutions, people that knew what their individual cost structures were going to be like to try to give us some real valid solutions that would work. >>STEVE DelBIANCO: If I might follow-up to be clear, I didn't say it was new information that trademark protection costs would be huge. I didn't say that at all. I said the economists' new information is that they think benefits exceed costs and then go on to say those costs could be far more significant than they estimated if the trademark protection measures are not adequate, which is what they're saying is -- the answer to the question do costs exceed benefits, do benefits exceed costs, the answer to the question is we think benefits exceed costs but it depends. That I think is new information, not the magnitude of the costs but the balance between costs and benefits. >>KURT PRITZ: So, Steve, we're starting with the period where we have to make comments a little terser. So, of course, we are -- >>STEVE METALITZ: I will be as terse as possible. I'm Steve Metalitz. I have two questions. First is to Kurt. Kurt, you said at the beginning, I was happy to hear, that the economic study, the one at the top there, is now up for public comment. It is not up for public comment on the ICANN Web site yet. But can you tell me what the closing date of the public comment will be? >>KURT PRITZ: No. We are trying to sort that out. So the board is going to take comment here, and we are going to discuss the path forward. >>STEVE METALITZ: You can't say whether it going to be before or after Friday? >>KURT PRITZ: I can't because it is not my call. I have an opinion for that. So it is posted for comment on the ICANN Web site. >>STEVE METALITZ: It wasn't 15 minutes ago, but maybe that's my problem. >>KURT PRITZ: Go to the -- where the new gTLD -- >>STEVE METALITZ: I know it is posted but to say there is a public comment -- >>BRUCE TONKIN: The intent -- whether it is available 15 minutes ago or not, but to be absolutely clear because I saw a message this morning, I saw a directive to staff to create a public forum for that economist report. I don't know if it's available this second but certainly that is the intent. >>STEVE METALITZ: What was the expiration date on the public comment forum in the directive that you saw? >>KURT PRITZ: It doesn't have a closing date yet. >>STEVE METALITZ: It doesn't have a closing date? >>KURT PRITZ: No. >>STEVE METALITZ: Well, my next question was going to -- was assuming that there was a closing date and that it might be after Friday but let me proceed on the assumption that there is going to be a closing date and that will be after Friday. I recognize that may not prove to be true. The report states in paragraph 3, "In principle, projections regarding external costs could be used to design application screening policies or to guide the design of policies, to reduce the magnitude of any external costs associated with a new gTLD." So I guess I would like to ask the board members on the panel, do you think that by Friday, assuming that the public comment period has not closed and that there is a public comment period, that you will have enough information from that public comment process in order to decide whether to use that principle and to use projections regarding external costs to design application screening policies or to guide the design of policies to reduce the magnitude of external cost? Do you think you will have enough information by Friday? >>RITA RODIN JOHNSTON: Steve, I really have no idea. I don't. I hear what you're saying. I was not aware this was posted with no outside date. I think that we're going to rely on staff to get information this week and present it to us, and we just have to play it by ear. I have no idea. >>STEVE METALITZ: Okay. I don't want to put the other board members on the spot here, but I would submit that the time period between whenever last Friday night this was posted and whenever next Friday morning you sit down to decide on this issue is not sufficient time for public comment that will allow you to consider whether -- what is in this report should be followed. And I'm not -- obviously you are not bound to follow it. I do think that if you don't follow it, you are bound to explain it. And I don't think you are going to have a chance to do that by -- with the public comment that effectively ends on Friday. Thank you. >>KARLA VALENTE: The report is for public comment under the guidebook dedicated page. It was not posted as a stand-alone yet. >>PAUL STAHURA: My name is Paul Stahura, and I have a couple of comments, things to point out in the report and regarding what Steve DelBianco said, too. I want to point out that the report did say that the benefits exceed the costs. And at least my understanding -- and I think pretty much everybody in the room would say that more trademark infringement, more defensive registrations happen in dot com than other TLDs like dot info and dot biz and the new TLDs, even though they both had the same rights protection mechanisms. So you have to ask yourself, well, they have the same rights protection mechanisms. Why does one have more defensive registrations than the other one? And I think it's because that one has more traffic, so there's more squatters trying to get the traffic. So, therefore, there is more defensive registrations trying to prevent the squatters from getting the traffic. Which leads me to another point in the report that said a benefit to the trademark holders for defensively registering is, in effect, they get the traffic. I think there was half a sentence in the report about that. And that has to be taken into account when you do the equation to figure out which -- you know, whether the benefits exceed the costs. And so, we had the IRT which came up with even more rights protection mechanisms than what we have in dot com and these other TLDs where there's a differential between trademark defensive registrations in com and these other TLDs. And so, you know, I sort of agree with Steve DelBianco but I also disagree with him. I agree if we had more rights protection mechanisms, obviously the costs might go down for the trademark holders. But if we have less, even the costs might go up but they still might not exceed the benefits. And so I do agree with him that if we had more, the costs would go down but if we had less, they wouldn't -- still might not exceed. And if we did a test, let's say, with the first couple TLDs that come out in the new round and we find out -- first, that will take a long time. So we got a wait a year or something to figure out, well, this brand- new TLD, the first one that went out, does it have enough -- how many defensive registrations did it get? What happened with the rights protection mechanisms? That's too long to wait. But I would guess that that one probably won't -- it will be just like the dot infos and the dot biz's and the dot museums and they will have even less defensive registrations because we have more rights protection mechanisms because of the IRT and it doesn't have as much traffic as dot com so it will have less because of that. So my question would be to DelBianco, what happens if there is less trademark defensive registrations? Does that mean we dilute the rights protection mechanisms? Do we make less of them? I would say yes, we would, if we were to run this, quote, test. But I think we did enough studies. This is, like, the fourth study. Let's move on. This is enough studies. And the rights -- the benefits exceed the costs. Anyway, that's all I had to say, the benefits exceed the costs. [Applause] >>KURT PRITZ: So I'm not -- we are kind of out of time for this session. So if everybody who is going to comment could take one minute and comment -- and, Amadeu, that doesn't mean you get to talk faster than usual. [Laughter] And, Michael, you have already made a comment, so if there is a way you could pen your comment for the comment forum, that would be terrific because we are over time on this topic and I have two topics to go. >>AMADEU ABRIL i ABRIL: Just one small question regarding the studies. To point to something that's there but something that's missing, we were talking about competition about positive and negative externalities of benefits and costs. I need some analogies of what has happened. I mean, I see nowhere which portion of dot cat or DotAsia or the name zone was already in dot com before being registered there. How many of that are the same registrants or not? This is something that's not that difficult to check, and it would provide us some ideas about differentiation and competition. And we could see different trends and analyze the different policies, the different meaning and learn things about that. >>BRUCE TONKIN: Amadeu, I would classify you as an expert in dot cat. What's your gut feel -- this is an interesting question -- of the names in dot cat, how many of those are also in dot com? >>AMADEU ABRIL i ABRIL: We never checked. I ask the people managing dot cat. They never checked. We should, but ICANN should. What I know, for instance, for the first year after sunrise, 31% of the registrations came from people that never had registered a domain name before, which is quite significant. This is also something that can be done. You can also take for infringement just 50 random names for each TLD and the first 50 we will provide inside semicolon dot and see whether they appear to represent something that you would expect in that TLD or the ratio between names in the zone and conflicts with that UDRP or other type of conflicts. And even the simple metrics that could then be mapped into different probably patterns of policies and registry behaviors. We miss that. And I don't think this is that complex. >>KURT PRITZ: Karla has a couple comments to read, so if you can just read them. >>KARLA VALENTE: This is Karla Valente from staff. I am speaking on behalf of the chatroom. We have about 45 to 51 participants in the chatroom. So one of the questions is: Why haven't the comments in the public periods for economic studies ever been summarized by the staff? The comment period's closed April '09, July '09, July '10 respectively. There were issues mentioned in the public comments that introduced issues of massive potential cost of implications for different type of new gTLDs. Does the staff plan to summarize these comments before the board votes on Friday? Second question -- >>KURT PRITZ: Just for the informationer, the plan is for the economists themselves to summarize and analyze the comments and don't think it is staff's role. I know myself that the economists read those comments when they wrote their second version of their report but have not yet done the comment summary. >>KARLA VALENTE: And second question: Even the latest reports look at very narrow, selected subset of very obvious problems with the proposed GNSO new gTLD implementation. For example, what happens if Microsoft secures dot search? How does Google or any startup search provider, for that matter, feel about it? Microsoft may be happy to allow Google to register Google.search if they can point video.search and use dot search to Bing. Will ICANN look at this potential problem further? So I just want to make a point that there are more questions in the chatroom. But because of timing, what I'm going to do is I'm going to send all of those questions to the board today. >>ROBERT HALL: Just a quick comment on someone's earlier comment about iterating within a round. We are on Round 3. We iterate between Rounds 1, 2 and Round 3. We should iterate before Round 4, not within a round. So we don't put info and iterate before biz. I want to talk about economics, and I want to talk specifically about something that showed up in the new applicant guidebook or the final applicant guidebook or the temporary final applicant guidebook or whatever we call it, which is -- there is a chart in the middle of it that says ICANN now wants three years of operating revenue -- projected operating revenue held in escrow for all applicants. So, you know, I can do the back-of-the-paper math that says, look, it is going to cost a few hundred thousand to run a proper registry. So now you want -- Let's say it is 400,000. Now you want 1.2 million given to you to hold in escrow in case we fail as opposed to letting me take that money and spend it on actually making sure I don't fail. So I'm kind of curious as to the rationale of where did three years come from. There is no option around it. It is either line of credit or cash in a barrel head to be held in escrow. I think you are laming people. Everybody is commenting about the 185 grand needed to get there. Without realizing, hey, now you need three years of whatever you think you are going to do held in escrow again. Maybe, Kurt, if you could comment on where that came from. Just before I leave, I would like to say I will answer the person's question about the Dow Jones in this way. Dot music is going to have zero registrations in two years. I'm sorry, he's got four months of advertising, 18 months of auctioning and everything else to get through with communities and auctions, 90 days of signing up registrars. So let's not kid ourselves. If we don't get moving, the problem is in three years he will still have zero. So we've got to move. [Applause] >>KURT PRITZ: Yeah, so, Rob, that three-year requirement has been in the guidebook for quite some time. It's not three years operating revenue or even operating expenses, but it's for the registry to secure a note that will assure that certain core functions of the registry will continue to operate in order to protect registrants to find a successful registry operator or to provide for an easy landing. But it has been in the guidebook since the start. >> (Speaker off microphone). >>KURT PRITZ: It depends on the model of the registry. So it is not really the topic of this conversation. We can take it offline. >>ROBERT HALL: (Speaker off microphone). >>KURT PRITZ: Elaine? >>ELAINE PRUIS: Elaine Pruis. I just wanted to maybe bring some information to this room that might be new to some people. The dot CO registry relaunch utilized several of the recommended rights protection mechanisms such as a clearinghouse. And I thought it would be interesting if Steve would like to see if that was useful or how it worked. He can talk to them, and maybe it would be interesting for the board to check with a director of that registry. Thanks. >>WENDY SELTZER: Wendy Seltzer I will be very brief. Just noting the volume of economic studies and the tremendous work that the board has done in reaching out through its staff to commission those studies, I think the board has done substantial economic diligence here. And it's time to move forward. [Applause] >>BRUCE TONKIN: Just a quick comment on the dot CO comment, just to provide perspective. I guess, the rights protection mechanisms have been continuously evolving really since 2000 and not just by gTLDs but also ccTLDs. Dot EU, for example, used many of the lessons learned from dot biz and dot info. Subsequent TLDs like DotAsia use lessons learned from dot EU, and dot CO is obviously the latest fairly large registry released along with the Cyrillic version of Russia. And both of those have used a lot of these rights protection mechanisms. So we are not really going from no information. But it is true some of the new mechanisms are still untested, such as URS and other things. But it is a continuous improvement process. >>PHILIP SHEPPARD: Thank you. Philip Sheppard. I would just like to correct some nonsense we heard earlier about defensive registrations, which was correctly or incorrectly equating what was in the studies. Defensive registrations are all about the protection of reputation. They're nothing to do with traffic. A defensive registration is a TLD you do not want but are forced to pay for by somebody else's business model. We may yet be seeing defensive applications of top-level TLDs. These are also TLDs you do not want but are forced to pay for because of somebody else's business model. And in this case, you are forced to pay an enormous amount of money. Defensive registrations, defensive applications are money down the drain of other businesses because businesses outside of their business area want a commercial opportunity. Let's be very clear about that. That is why they're a bad thing, and that is why we have -- or have been trying to have all these defensive -- all these protection mechanisms in order to stop that externality happening. Thank you. [Applause] >>KURT PRITZ: Okay. Thanks, everyone. So if the board members and all of you think it's okay, there's two more topics. One is trademark protections and one is malicious conduct. And they are loosely related, although very separate. So what I'd like to do, because we have 50 minutes left, is -- five zero -- is combine those two talks and invite comments on one or the other. So what I'd invite when you come to the microphone, describe whether you're commenting on an augmentation to rights protection mechanisms or malicious conduct mitigation measures or both. So that would be great. And I think these issues are fairly well vetted with this audience, so I'm going to just briefly point to the slides that the development of trademark protections involved critical collaborators in the community, especially experts in the IP and business constituencies, and then the entire GNSO and At Large representatives. Several documents were published that resulted in the specific measures in the guidebook that have -- if you look at the life cycle of the registry, we have prelaunch mechanisms that are operated through the clearinghouse, trademark claims and sunrise, one of those two is mandatory for every registry, and then the post-delegation the Uniform Rapid Suspension process, post-delegation processes for finding registries liable if they are actively engaged in infringing behavior and thick WHOIS. Other suggestions have been GPML block being at the second level, greater registry liability for registrant acts. So when you come to the microphone, we'd ask you to discuss specific changes to the current set or suite of protection mechanisms. With malicious conduct, likewise, there were critical collaborators in this. There is an HSTLD advisory group, also a Zone File Access Advisory Group, each developing or have developed a settle of protections against malicious conduct. The high security TLD group is seeking to create a voluntary program for registries that want to certify themselves or hold themselves out to registries that they're high security zones. The ZFA group collaborated and delivered a product that's in the guidebook to ease access to zone file data. And both these things have manifested themselves in guidebook amendments that are in the current version of the guidebook. Very briefly, the malicious conduct mitigation measures are here. There's actually a last one that's not included in this slide that is that the current registry agreement now has a code of conduct for registries to protect against data abuses. So this list that's been published at many meetings is republished here, plus the last one. And other suggestions really have been considered and identified as policy issues. So maybe the work going forward is policy related, but elimination of privacy and proxy services, registrant verification, WHOIS accuracy obligations, WHOIS searchability. Boy, there was another suggestion there, and it went away. Oh, there's another thing that can be done that we're undertaking now to make WHOIS data more internationalized so we can accurately account for different scripts in the WHOIS database. So that's one other suggestion that's been suggested. So, you know, the comments so far in this meeting has been really good, and I'd ask the audience to come to the microphone and comment on the suite of trademark protections, malicious conduct mitigations, what could be changed or improved, what additional work should be done. So I kept that really terse on purpose, recognizing the knowledge here in the room and wanting to make time for everybody. >>MICHAEL PALAGE: Hello, Kurt. I will speak to malicious conduct. And I currently serve as the high-security zone TLD working group. And, Rita, as you are aware on the Board Governance Committee, I currently have an outstanding reconsideration request in connection with some board actions taken in connection with that. I guess what I would just ask for is for ICANN to allow the HSTLD group to finish our work. We are currently right now in the middle of an RFI process. We had a call last week, or two weeks ago, with a number of accountancy firms who would seek to be participating in an RFI process, to the participate in the validation type program. We have worked with ICANN staff, and it is our intent to have a report available by the second week of February, which would allow it to be published within the acceptable time frame in advance of the March meeting. So from that standpoint, we would just like to be able to finish our work. And it was a little awkward to, if you will, respond to some of the participants in the middle of an open RFI period when the board basically said, "We don't want anything to do with it." So again, if ICANN is committed to the bottom-up process, if you could just let the bottom-up process finish our work before taking action it, would really be appreciative. And again, in many of my comments here today I talked about the responsible -- beginning the responsible closure of this process. I really want to help bring about that closure. There's a right way and a wrong way. And it's just some of these awkward steps like what you see with Steve Metalitz of when it's opening and when it's closing that really makes it awkward. And, you know, I just want to wrap things up responsibly. Thank you. >>BRUCE TONKIN: Mike, maybe just elaborate a little bit further for me regarding the bottom-up process, but perhaps just summarize very quickly what the outcomes of the HSTLD are, and when you are going to run it through the GNSO. Because I assume -- Are you creating a policy around high secure zones or just -- When you said bottom-up process, because I haven't seen it come through the GNSO at all. >>MICHAEL PALAGE: Well, it was ICANN that had asked for this. It was ICANN itself. And the ICANN board is allowed to ask for the creation of policy. >>BRUCE TONKIN: Sure. >>MICHAEL PALAGE: So it's not like a bunch of people got together and said, "Let's follow Mike." ICANN said, "Step forward, take responsibility." We did that. And from Seoul until approximately Brussels, we met every week. We had a weekly teleconference. Actually, for a three-month period of time we actually had double calls to advance some of the control elements. So we were acting in response to a request by ICANN to solve one of the outstanding issues. >>BRUCE TONKIN: Okay. We'll take it off-line because I'd like to understand the request a little bit more. But I'd be happy to meet with you this week to understand the context, particularly your process context. But I certainly don't think it's accurate to say that the board said, "Go away and don't do anything." >>MICHAEL PALAGE: Well, I guess, Bruce, and I will not repeat what's in my reconsideration request, but when we talk about asking -- again, going back to the Affirmation of Commitments and asking for an explanation, in the resolution you cited legal concerns. And what was incredibly, shall we say, out of the blue, as the chair of the group, legal concerns had never been raised at any point in time. When I read the briefing papers that were made available, there was no reference to legal. So, again, as someone in the community that sees, you know, from Mount Olympus the resolutions come down, whereas, whereas, resolved, when you see we're not doing this because of liability concerns, now, to staff's credit, General Counsel and ICANN did engage in a call after the fact in trying to get a feel for how we might be able to address those legal concerns. And one of the things that the group is evaluating right now is what ICANN has done in connection with the UDRP. ICANN created the policy and has accredited people such as NAF and WIPO to administer it. So there are options, and not having the ability to understand the decision is what's so frustrating. And I think that's what you hear a lot of, not -- again, you hear, I think, this frustration from some of the people here. Probably more so in the GAC is where you are hearing a lot of this frustration. And, again, it's just people who want to help bring a responsible closure to the process. Thank you. >>PHILIP SHEPPARD: Thank you. It's Philip Sheppard speaking on behalf of the business constituency. Kurt, I mentioned to you in the informal sessions we had yesterday that we had a document in process which answers a whole range of issues to do with new gTLDs and Applicant Guidebook. And this beautiful 16-page document will be with you shortly. In the meantime, relevant to today's discussion, let me just summarize a couple of things to do with rights protection mechanisms in the paper, which I think are pertinent. The first thing to say, I think, is that we are disappointed by ICANN's continued disregard of its stated concerns about effective rights protection mechanisms. The final guidebook is proposing substantially weakened version of the chapter of RPMs it first discussed. If this issue had been solved earlier, you would be hearing from us, voices in the same direction saying get on with it. We're fine. Go ahead with the release. >>BRUCE TONKIN: What's been weakened in the final guidebook? >>PHILIP SHEPPARD: The next three. URS. URS is not going to be a rapid process. It's been shortened a little bit, but it is still not particularly fit for purpose. We have got more detail in this document which we will send you. But essentially, you have got problems in terms of its -- the possibility for de novo review after two years' suspension, that suspensions are temporary. And it is essentially placing brand owners in a potential monitoring situation. Secondly, the trademark clearinghouse is not really a clearinghouse, as it's -- it's a database. And unless, within that and sunrise, we solve this issue in terms of getting the word right on use, either qualification of how to get a trademark in there, it also won't be fit for purpose. But again, as I mentioned to you yesterday, our suggested wording specifically on that issue is in this paper. And we think that will help very much. And it goes directly -- I mean, the objective that staff are pursuing on this in terms of what trademarks qualify for it, how you do it, the object that the board were pursuing when it came up with its wording in the Norway meeting is exactly our objective. It's just that the phrasing to date is a little too specific for certain trademark regimes. And we have come up with some wording, checked with global trademark experts, which we believe scales to different types of regimes. So you will have the specifics of that in this document. A third issue -- >>RITA RODIN JOHNSTON: Philip, sorry, has that paper been submitted to staff? >>PHILIP SHEPPARD: Yes, it will be. It's freshly approved. We had a vote on it, and it's just finished. So it will be with all of you as soon as Mr. Steve DelBianco gets e-ring on the e-mail. And our third issue is the post-delegation dispute procedure where we are concerned in particular about the high burdens of proof there at both the first and second level. Again, the detail is in the paper. So the essence of the message is it's all been moving in the right direction, but it's a bit like pushing a rock uphill. There were some fixes there which were described earlier, and if only we get those right, you know, we'll be on track. But we're not there yet. Thank you. >>STEVE METALITZ: Thank you. Steve Metalitz. Again, my comment is on malicious conduct. Kurt, you were saying earlier today, wondering why people aren't commenting on the application, so I want to give you a comment on the application. Especially criterion 35, which requires that the applications have security measures that are appropriate for the applied for gTLD string, and also require a description of any augmented security levels or capabilities commensurate with the nature of the applied-for gTLD string. I think this is a positive step. There are -- We have been saying for a long time that some gTLD strings by their character, it's not going to be sufficient to have the minimum level of protections against malicious conduct that all the other new gTLD applications have to meet. I am kind of concerned, however, that this description of any augmented security levels or capabilities commensurate with the nature of the applied-for gTLD string apparently is not going to be made public. And therefore, it will be very difficult for members of the public to provide any advice to the evaluators, even if those members of the public are knowledgeable about the types of protections which should be available for strings with unique trust implications, which is again the language in criterion 35. So I guess my two points are, first, I think it would be very useful for ICANN to state specifically, I think it's implied here, that this criterion does not apply only to financial services oriented strings, but there are many other types of strings with unique trust implications. And, second, to make as much information as possible -- I understand with security information, it may not be everything, but I think Bob Hutchinson talked about security by obscurity earlier this afternoon. I hope as much information as possible will be made available to the public. Because basically what you are doing with this criterion is you are letting the public guide the evaluator as to whether there is -- the security protections are strong enough, rather than putting a positive obligation in there. So in order for the public to do its job, it's going to need more information than you currently plan to make public. Thank you. >>KURT PRITZ: Yes. I just want to respond to that briefly, and a comment by Bruce, in that we did receive advice that there were also good reasons for keeping, you know, security-type information confidential. So we didn't relay any security plans that could cause damage. So -- >>BRUCE TONKIN: I think there's probably a difference in what Steve means by security and what a technical person might mean by security. Like when I talk about security, I'm not going to give you my crypto codes but I don't think that's what you are asking. And what you are saying is that section is fairly broad. And you are saying -- presumably you are talking about things like what authentication checks are done and that sort of thing. >>STEVE METALITZ: Yes. For example, someone might say for my string that has unique trust implications, I am going to require that registrants be verified, or I won't require that. So that's what we would like to know because we might be able to say for that kind of string it really should be. >>KURT PRITZ: And the comment this morning was exactly about certain types may be held confidential, but a lot of it should be made public. So it's the second comment in a row just like that. >>STEVE METALITZ: Thank you. >>DAVID TAYLOR: David Taylor. I have a declaration of interest to make. First of all, I was on the IRT. Secondly, I am a lawyer. And thirdly, I will benefit from a lack of rights protection mechanisms, as a lawyer. So personally, take them out. [ Laughter ] [ Applause ] >> David Taylor: However, with my sort of more protection of consumers and trademark owners hat on, I do think that they're good, and we need strong RPMs. And I won't go over the points that Philip just covered but it's to add to it on the URS where we are today, in that it isn't rapid. It is redundant. Because even with the seven days taken out, you are looking at something which instead of going 47 days is 40. And the EUDRP is around 35 days. So it's quicker to file an EUDRP, or a UDRP, if you like. So that's one thing. And the way it's gone now where we have got 5,000 words to file in the complaint, if you give a lawyer 5,000 words he will write 4,999 words. So this isn't the way to go. We should have less words, less words in the response to keep the fees down. And that's just basic points, but we could go through the other ones, and we will make comments. >>KRISTINA ROSETTE: Hi, Kristina Rosette. Everything that David said about his declaration of interest applies to me as well. Some very specific suggestions on rights protection mechanisms. First, I think at this point it's important to recognize that all the -- although the IRT had recommended only an identical match, we did so in the context of a much broader tap industry of solutions, which we did not anticipate or plan to have unraveled. And frankly, had we known that that would have happened, it is a virtual certainty that we would have recommended the broader match that you have now seen recommended and requested in the GAC's recent communication to the board. With regard to the URS, I'll just point out that in addition, there's a -- hopefully it's poor drafting, but there is a section in there that essentially says that where the respondent does not respond and the examiner can conceive of any possible defense, then the respondent wins. And obviously any creative lawyer is going to be able to think of any possible defense. And I think it's important to note that it should be any possible successful defense, because otherwise you are going to have that exception essentially swallow up the utility of the mechanism. With regard to the trademark PDDRP, I'm not going to repeat the comments that Phillip made but I should just note that now that we are looking at a future of complete vertical integration, I would say that's fine. But you can't have your cake and eat it to. So with regard to the trademark PDDRP, I think it needs to be revised to ensure that any registrar that is vertically integrated with a registry should have, in the event of a trademark PDDRP claim, the conduct of that registrar imputed to the registry. Finally, I would also note with regard to the URS as it is written, the owner of a trademark registration from any country other than the United States, Canada, Australia and a few others that require evidence of use, is first going to have to go to the trademark clearinghouse and go through that whole process to get their mark validated. And while that was an interchange the IRT had suggested, we had also suggested that there be other efficiencies which have since been jettisoned. So on the one hand you are adding increased burden without the having the offset. But I had understood Paul Stahura to say earlier that dot com had the same rights protection mechanisms as dot info and dot biz. That is incorrect. Dot com did not have a prelaunch mechanism. Instead, we had a wonderful opportunity to write letters to Network Solutions and ask for holds and all the rest of it. Another way to look at UDRP which I think a lot of people have not been and they should be is that it's a very expensive way to essentially get a defensive registration. You can't file a successful UDRP complaint for under about $4,000 including the filing fee. And what you are going after are the names you frankly didn't want in the first place but you need to make sure some cybersquatter doesn't have them and is using them to damage your brands. Following up on Elaine's suggestion, I think that's an excellent idea, although I would also note that dot CO implemented a variation on the Globally Protected Marks List. So if we are going to compare apples to apples, we do in fact need to compare apples to apples. >>KURT PRITZ: Kristina, why don't you give us feedback on how the CO process worked. That's what we are trying to learn from. You presumably just experienced that. Did it work or was it useful? >>KRISTINA ROSETTE: The verdict is still out. There is certainly squatting in it, although I think -- >>BRUCE TONKIN: Specifically, the GPML side of it because that's something I know they implemented, but following the IRT report, I was wondering -- >>KRISTINA ROSETTE: All the clients that I work with that qualified for it handled it directly, simply to reduce the expense of having to do so. So I am not in a position -- They handled that internally. I think if you wanted to get in touch with INTA and see if they'd pass on an information request, that might be one way to do it. Do you have a question, Rita? Okay. >>KATHERINE KLEIMAN: Kathy Kleiman with dot org, and before I was with dot org was on the STI. And I want to ask what happened to the 20 day period under the STI? That had been something we had worked on a lot and spent many, many hours talking about. The reason why was basic notice to registrants, and that they would have time to respond. Under the UDRP, many registrants, those who respond often respond very late in the day because it takes a while for the notice to get to them. So since the complainant holds the full ability to know when to file, should they choose to file at the beginning of an August holiday for a European registrant, or before Christmas with -- again, with an individual registrant who might be on holiday for two weeks, there was a concern about notice. And also that 14 days, even if you have an extra seven days, it's very hard to respond, it's very hard to find someone to assist you to respond. So I'd love to know what happened to that seven days, because we did build in so much behind that, including the very, very rapid decision that the panelist needs to make, the examiner needs to make. I wanted to note just as a personal thought, with the GPML and dot CO, while I understand it did work well, I'm not sure it works very well -- I mean it might work well for dot CO and not for the vast majority of new gTLDs. With the noncommercial TLDs, with the -- with TLDs that may or may not have any overlap with dot com. It's a different type of world, and I think it was a very wise decision to go with three of the IRT mechanisms and not the fourth. With my dot org hat on, the PDDRP I want to thank you for. I think it's gotten much better. We are talking about a challenge of a gTLD that may have hundreds, thousands, millions of registrants. And so the fact that there's now a threshold review, that there is an appeal, and also that there's a recognition of the equities; that the examiner is asked to consider the impact of the revocation of the TLD not just on the registry but on the registrants, unrelated registrants. I think all of these make it a much stronger and better proceeding. So thank you for listening. >>BRUCE TONKIN: Just a follow-up comment on this GPML and also the dot CO implementation of it, it is still open to put any of these things through the GNSO policy development process, and they become mandatory for not just new gTLDs but existing TLDs as well. So to the extent to which Kristina's colleagues or INTA or dot Co itself can provide feedback to the GNSO saying, "This was great. You should implement it widely" or "This is what went wrong and this is how we w improve it," that's really what the ICANN process is meant to do. So I wouldn't ever say the door on these things is closed, and certainly something like that, if it was found to be successful in a recent TLD launch, should being maybe taken back to the GNSO, modified slightly. Because ultimately if the GNSO approves it, the board will endorse it and it becomes mandatory. So I just wanted to highlight there's no sort of end date, really. That new policies and new procedures that get determined become policy development and become mandatory. >>RITA RODIN JOHNSTON: Kathy, I just have one follow up. When the board was reviewing the URS, we understood that to be what it says, which is rapid suspension. And this was going to be for clear, clear cases of abuse. So I think you're talking about having the period extended to some extent. We heard somebody comment, and I apologize, I can't remember who, that if you look at the time periods you are basically longer than UDRP. So I just wondered what your thoughts were on that. >>KATHERINE KLEIMAN: I'd welcome to hear why they think it's longer when the UDRP. When we added it up, it was designed to be much faster than the UDRP where if you have one panelist, if you have three panelists, often there is a fairly long time period for decisions. And we said I think it was three to five business days. So the idea is really the panelist -- well, the examiner is really supposed to turn this around very, very quickly. And that's where the real time savings came from, was enough notice to the registrant that if this goes into the ether, if it goes into their spam filter, there's some way to kind of recover from that. But that fast decision -- because it really should be an up or down and that's how we designed the URS. >>BRUCE TONKIN: This is one of the things that we implement it, we see how it goes, Kathy. If we are finding a lot of instances where that's caused a problem, we'll adjust it. Again, these things are not locked in stone. We need to implement something. You can argue pros and cons, whether it's 14 or 21 days, but ultimately we need to implement it, then learn from it, evaluate it, decide whether it needs to be shorter or longer. >>DAVID TAYLOR: Bruce, do you want to comment on the speed? If I can follow-up on the speed point there. I can take the example of the first EUDRP which we filed which was for a case Nokiasex.com. Clearly a bit of a problem for Nokia. That was 35 days from start to decision with WIPO. So that's the 35 days I'm quoting. Obviously wait to see how long it gets on the URS. >>JONATHAN ZUCK: Yes, hello, my name is Jonathan Zuck with ACT. And I know you brought up the issue of metrics surrounding new gTLDs, and that's going to come up and I'll participate in this process. Sometimes knowing where to interject comments is a little bit like playing Marco Polo, I guess. What occurs to me with a lot of things that come up here is if we do some analysis of what has happened before and establish some baselines that will both suggest metrics but also suggest deltas when we're trying to evaluate things. So, for example, really analyzing the amount of time the different complaints in UDRP process, malicious conduct complaints, contract compliance. I have yet to ever hear a statistic out of the contract compliance department that I find useful. Kurt mentioned 16,000 letters went out. I don't even know if that's good thing or a bad thing, frankly. So I mean, doing a real statistical analysis of some of the existing UDRP procedures, some of the resolutions of malicious conduct, contract compliance, et cetera, I think will give us a baseline that we have something to compare to, whether the situation is made worse or improved upon given the new mechanisms that are in place under the DAG. >>JEFF NEUMAN: Hello. This is Jeff Neuman. I'm with NeuStar but I'm making this comment on my own behalf. If I went through my list of disclaimers of everything I am from being a lawyer to being one of the founding members of the IPC I'd probably be here all day. The comment I want to make as one of the most vocal opponents initially on the post-delegation dispute resolution policy, I want to echo the comments made by Kathy that I really appreciate the work that's been done on that and I really believe now it strikes the right balance and to tinker with it anymore I think would be a disaster, would actually -- I've seen the letter from the World Intellectual Property Organization asking yet again for the willful blindness standard, which is, again, I want to state before the board actually considers that letter again, that that is a -- a standard that would be greater than the rights they would enjoy under U.S. law and I did a whole briefing on it. I sent it back with version -- I don't know -- DAG 2, 3, one of those. Just -- so before you take these new comments, please don't let them rehash arguments that have already been made and decided. Let's make sure it's new. And the new point, I want to actually thank Kristina for the suggestion and maybe it's in the paper that the BC will submit but I do agree that now in a world with vertical integration, if it puts the post delegation dispute resolution policy to bed, yes, add that in about the fact of holding a registrar -- an integrated registry/registrar, holding the conduct of the affiliated registrar against the registry. Great. If that's what it's going to take to close it, let's close it, let's wrap it up and let's get this thing started. You know, I was on the IRT, I was on the STI, commented left and right, but I think right now we've -- we've got everything we need to move forward and test it out. We have learned a lot of lessons from the past before. The IP claims, some have called me the father of the IP claims because, you know, we did it for dot biz and I drafted it. There have been a lot of improvements on the IP claims process put in. I think we have learned. I think we have tested it out. It's been there. The sunrise, that's been tested out left and right. And NeuStar is the back-end operator for dot CO which everyone has been talking about. I'm not going to make any statements on behalf of it, but it worked. It was very smooth. There have been little complaints. The fact that no one had to paid Kristina's law firm, I think that's great. I think they saved a lot of money and I think it worked. [Applause] >>JEFF NEUMAN: Sorry for the lack of billables. Point is, I think we've come far enough. I think it's time to go. Let's test it out. Let's get it done. [Applause] >>LEE WILLIAMS: Lee Williams with the financial services community. For some time, we've been appealing to the staff and the board to require elevated security for financial services generic top-level domains. In the current version of the applicant guidebook we've seen language that was introduced that acknowledges that financial services has unique trust implications, lays it out as an example of a domain set that would be expected to have commensurate levels of security. We see that language as absolutely responsive to our comments. We very much appreciate the fact that it's been built into the applicant guidebook. Now, we wouldn't say that the issue is closed. We'd say that we now have codified in the rules the language that will allow us in the implementation stage to make that elevated level of security real. It's not a change or an improvement now that we need to the current approach. It's that we all need to do our part as we move forward in implementation, to see that those advantages really are realized. Now, a couple of comments earlier that Mike and Steve made about how the HSTLD advisory group is working, and the confidentiality I think bear a little bit of underscore. HSTLD advisory group is one example of a group that is happy to invest its own time in pushing that security standard and giving us the level of specificity that we'll need for the evaluators to actually assess the applications as they come in, and we would urge the staff and the board to let HSTLD move forward even if it is more independent than some might have thought a year or so ago. We think that it has real advantage in that process. There's also, in the applicant guidebook, the opportunity for industry-developed or industry-supported standards. Financial services -- and I suspect other sectors -- stand ready to develop those standards, and if we have either HSTLD or industry-developed standards that can be public, then applicants will be able to publicly commit to meeting those standards. Without having to detail every authentication or every encryption technique, they will be able to say, "We've met the ISO standard" or "We've met the financial services standard" or "We've met the HSTLD standard." >>BRUCE TONKIN: I think that's really helpful because if you look at a lot of the technical parts of the application, they're actually relying on the IETF standards which are done in a very similar way. So basically they're saying, you know, "This needs to comply with such and such an RFC," "This needs to apply to DNSSEC," "This needs to apply to the IP Version 6 standard. And I think if you're different industries -- and I've had some other discussions this week with people from the pharmaceutical industry as well. I mean, I think if an industry sector can say "This is the sort of standards we think need to be adhered to" and you have a way of saying that that's got industry support, I think that's very useful. And at the very least, you can submit that in the public comments on a particular application. So if someone applies for a particular name in your industry sector, you should say, you know, in this industry sector this is the minimum standards that should apply and the evaluators can then look at that. So, you know, I think that's exactly right. There's a little bit of a difference between ICANN itself approving a particular industry standard -- I mean, it could, but I think we envisage more that the external industries set standards, whether it's IETF or whether it's the finance industry, and then if it relates to different things, then that's something the evaluators would be looking at, because each application has to define their security standards and those standards need to be appropriate for the TLD they're applying for. >>LEE WILLIAMS: Wherever they might come from, if the applicants recognize them and then the evaluators are able to take them into account. >>BRUCE TONKIN: Yeah. >>LEE WILLIAMS: And ultimately, even the compliance group might look at them in post-delegation. All of that, we think, is an important way for the overall community to weigh in on security. So we would applaud the staff and the board for what we see as real progress in this area, and we'd urge you to invest continued resources in the implementation stage and to enlist all of us. Thank you. >> Mark (saying name). Just a brief comment about the clearinghouse. I think there are some sections that need some tightening up in the drafting. Specifically Section 7.4 talks about verifying the absolute grounds of a registration, where governments do that. Trademark offices do that. So you can come up with a decision that is contrary to what the trademark office has said. So I don't see the reason -- the need for Section 7.4 quite honestly. >>KURT PRITZ: So that's similar to another comment we received. Thanks. Bruce, Rita, or... So do you have any comments in closing? >>RITA RODIN JOHNSTON: Not really. I think this was helpful. The board's heard a lot of the comments of the community this week. We understand there's been some concern that the comments aren't going to be heard. We've been trying to iterate towards being more transparent in our decisions and listening to comments and hopefully bringing them to ground, so Bruce and I have been dutifully taking notes here and we're going to talk to the board. We have a workshop tomorrow and we're going to try to address all of these. I don't think you're ever going to see something that comes back that says, "You know, there was a comment on X and this is why the board did not address that comment," but we're going to try as much as possible to give a very clear idea to the community on any decisions that we make this week. So thanks for your feedback. >>KURT PRITZ: Thanks, Rita. Mr. Foody we kind of wrapped. >>PAUL FOODY: Oh, sorry. I just had a couple of comments on fluctuate. [Applause] >>PAUL FOODY: Thank you. They're all on my side. >>KURT PRITZ: I don't know. [Laughter] >>PAUL FOODY: Okay. A couple of comments on malicious conduct, okay? >>KURT PRITZ: One minute. >>PAUL FOODY: Well, I was speaking to Claudio from the IP, and he acknowledged that cyber-bullying where IP lawyers are going after innocent people is a very real problem. So please keep your mind open to that possibility. Secondly, the -- you know, lawyers use the law sometimes to -- to actually maintain things that are malicious. I've recently had an application, a trademark application for nozi -- n-o-z-i -- turned down because one they said it looked like the word "Nazi," which it does because -- so that was the reason why I applied for it. And secondly, it's being used by the London Olympic Committee was their reason for gagging me. So, you know, as amazing as that might sound, some lawyer is using the law to stop me from publicizing the fact that the London Olympic Committee had chosen the word "Nazi" as their logo. And this is -- you know, this is verifiable from the -- the Canadian Intellectual Property Office. Thirdly -- >>KURT PRITZ: Lastly? >>PAUL FOODY: -- I'm looking at the Section 318 and it says "The grounds upon which an applied-for gTLD string may be consider contrary to generally accepted legal norms relating to morality and public order that are recognized under principles of international law are," and it includes "incitement to or promotion of child pornography or other sexual abuse of children." In Canada at the moment, there's a public information advert talking about how the incidence of child pornography has multiplied by a factor of 10 in the last 10 years. Now, if ICANN does not take the opportunity to tie in dot xxx with dot com so that children, you know, youths are no longer subjected to that sort of thing, I think you're falling foul of your own rules. Thank you. >>KURT PRITZ: Okay. Thank you very much. Did you want to say anything? [Applause] >>KURT PRITZ: All right. So thank you very much for your time and for coming to the microphone and making very good comments. Notes have been taken, and you'll see them up in lights and carefully considered, so thank you very much.