ICANN pays to push Whois case to European Court of Justice
Just has to lose GDPR rulings in other courts first
Domain-name system overseer ICANN will spend millions of dollars arguing its GDPR case to the European Court of Justice rather than resolve its own internal disagreements.
The California-based non-profit said this week it would appeal a decision against it in German court but also, bizarrely, announced that it would also appeal that court's decision to the European Court of Justice if it gave the wrong answer.
"If the Higher Regional Court does not agree with ICANN or is not clear about the scope of the European Union’s General Data Protection Regulation (GDPR), ICANN is also asking the Higher Regional Court to refer the issues in ICANN’s appeal to the European Court of Justice," reads a blog post on the matter published in ICANN's website.
Typically, appellants will show some modicum of respect to a court they are appealing to and will wait for that court's judgment before talking about an appeal to a higher court.
But nothing has been normal about ICANN's approach to the question of how new European privacy legislation – GDPR – will impact the Whois service; an outdated online system that publishes the contact details, including names, telephone number and home and email addresses, of all domain name holders.
Having belatedly realized that the GDPR legislation will impact Whois, ICANN first tried to force through a new policy – an effort that failed amid acrimony - then decided it could get Europe to give it a special one year "moratorium" – a request that was met with derision – and then imposed a "temporary solution" similar to the one that had failed earlier.
You shall not pas... oh, you already have
As a result of the organization's inaction, internet registries and registrars devised their own approaches. And then, on the day that GDPR became law, ICANN sought an injunction against one of them, German registrar EPAG, for its approach in an effort to enforce its new policy and assert authority in Europe. But that effort also failed when the court threw out ICANN's arguments.
Seemingly unaware of how the legal system works, ICANN criticized that court decision less for its actual decision than for the fact that it hadn't done what ICANN wanted: to state definitively what the correct interpretation of the GDPR legislation is when it comes to the Whois service.
German court snubs ICANN's bid to compel registrar to slurp up dataREAD MORE
Just as ICANN had somehow persuaded itself that EU data protection authorities were in a position to put European law on pause for its convenience, the organization also seems to have persuaded itself that a regional court faced with an emergency injunction request would make a legal determination about the correct interpretation of a new law just because that would make ICANN's life easier.
There is no reason to believe that the Higher Regional Court will do what ICANN wants either. In a brief entry into reality, ICANN appears to recognize that and so has asked the court to refer a number of questions about the correct legal interpretation of GDPR when it comes to Whois.
Actually, it hasn't "asked" the court, it has demanded it.
"If the Senate is therefore convinced that the outcome of this procedure depends on the interpretation of certain provisions of the GDPR, the Senate must refer these possible questions to the ECJ for a preliminary ruling pursuant," the appeal [PDF] reads, although opinion differs as to the exact requirements of the Senate.
Later on: "The Higher Regional Court of Cologne has to refer even though these are preliminary injunction proceedings. This court would also be obliged to refer to the ECJ in preliminary injunction proceedings."
Come back here and take what's coming to ya! I'll bite your legs off!
What's the bet that the higher court doesn't feel any such obligation to ask the questions it has been provided with, despite ICANN's insistence?
So what on earth is ICANN doing? And why is it spending millions of dollars pursuing flawed legal challenge after flawed legal challenge? The answer is simple: the organization has more money than sense.
With the 2012 expansion of the internet's name space to thousands of new extensions, including the auctioning of extremely popular extensions, ICANN has hundreds of millions of dollars in its coffers.
It charged $185,000 per application and received 1,930 of them, netting it $357m in revenue on what was, at the time, an annual organizational budget of $60m. Even after ICANN subtracted what it claims were the costs of the program (figures that were not open to review and may well have been inflated), it still had an excess of $160.2m.
Despite the organization's then CEO and chair promising to "ring fence" the money, the temptation proved too great and ICANN's staff persuaded themselves they could spent the money on activities "related" to the program.
On top of paying senior executives double-digit pay raises every year since, the organization also expanded every aspect of its work. Controversially, it gave millions of dollars to a slew of former top US government officials, including former Secretaries of State Condoleezza Rice and Madeleine Albright, and former National Security Advisor Stephen Hadley, during the process to grant it autonomy from the US government – and then attempted to hide that expenditure from its own constituencies.
Sponsored: Becoming a Pragmatic Security Leader