Latest news of the domain name industry

Recent Posts

Sanchez beats Greenberg to ICANN board seat

Kevin Murphy, February 27, 2017, Domain Policy

Mexican intellectual property lawyer León Felipe Sánchez Ambía has been selected to become a member of the ICANN board of directors by the At-Large, comfortably beating his opponent in a poll this weekend.

Sanchez took 13 votes (65%) to 10-year At-Large veteran Alan Greenberg’s 7, in a vote of At-Large Advisory Committee members and Regional At Large Organization chairs.

He’ll take the seat due to be vacated in November by Rinalia Abdul Rahim, who will leave the board after one three-year term.

He’s currently head of the IP practice and a partner at Fulton & Fulton in Mexico City. According to his bio:

He is co-lead for the Mexican chapter of Creative Commons and advisor to different Government bodies that include the Digital Strategy Coordination Office of the Mexican Presidency, the Special Commission on Digital Agenda and IT of the Mexican House of Representatives and the Science and Technology Commission of the Mexican Senate.

He drafted the Internet Users Rights Protection Act for Mexico and has been very active on issues like Anti-Counterfeit Trade Agreement (ACTA), Stop Online Privacy Act (SOPA), Trans-Pacific Partnership Agreement (TPPA) and other local initiatives of the same kind, always advocating to defend users’ and creators’ rights in order to achieve a balance between regulation and freedom.

Sanchez is certainly the less experienced of the two short-listed men when it comes to length of involvement in the ICANN community, but he’s a member of the ALAC and is deeply involved as a volunteer in ICANN accountability work following the IANA transition.

The At-Large was recently criticized in a report (pdf) for the perception that it is “controlled by a handful of ICANN veterans who rotate between the different leadership positions”.

Sanchez’s appointment to the board may have an effect on that perception.

The selection of another (white, male) North American to the board, replacing an Asian woman, will of course create more pressure to increase geographic and gender diversity on the other groups within ICANN that select board members.

A written Q&A between the two candidates and At-Large members can be found here.

1 Comment Tagged: , , ,

Now the DNA backpedals on “Copyright UDRP”

Kevin Murphy, February 27, 2017, Domain Policy

The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.

The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.

The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.

The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.

PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.

It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.

The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.

The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.

In the statement, the DNA says:

some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.

While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.

Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.

The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.

In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:

While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.

2 Comments Tagged: , , , , , , , , ,

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.

In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.

The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.

The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.

PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

Losers would either have their domain suspended or, like UDRP, seized by the complainant.

The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.

But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.

The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.

The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.

I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.

Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.

Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.

Copyright ADRP may not be dead yet, but its future does not look bright.

UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.

4 Comments Tagged: , , , , , , , , , ,

Hacked ICANN data for sale on black market

Kevin Murphy, February 22, 2017, Domain Services

If you were a user of ICANN’s Centralized Zone Data Service back in 2014 you may wish to think about changing some passwords today.

ICANN has confirmed that a bunch of user names and hashed passwords that were stolen in November 2014 have turned up for sale on the black market.

The batch reportedly contains credentials for over 8,000 users.

ICANN said yesterday:

ICANN recently became aware that some information obtained in the spear phishing incident we announced in 2014 is being offered for sale on underground forums. Our initial assessment is that it is old data and that no new breach of our systems has occurred. The data accessed in the 2014 incident breach included usernames and hashed passwords for our Centralized Zone Data System (CZDS). Once the theft was discovered, we reset all user passwords, and urged users to do the same for any other accounts where they used the same passwords.

While CZDS users have all presumably already changed their CZDS passwords, if they are still using that same password for a non-CZDS web site they may want to think about changing it.

ICANN first announced the hack back in December 2014.

It said at the time that the Government Advisory Committee’s wiki, and a selection of other less interesting pages, had also been compromised.

The attackers got in after a number of ICANN staffers fell for a spear-phishing attack — a narrowly targeted form of phishing that was specifically aimed at them.

If you email with ICANN staff with any regularity you will have noticed that for the last several months your email subject lines get prefixed [EXTERNAL] before the staffer receives them.

That’s to help avoid this kind of attack being successful again.

2 Comments Tagged: , ,

India’s biggest bank switches to dot-brand

Kevin Murphy, February 22, 2017, Domain Registries

State Bank of India has announced plans to migrate all of its web sites to its new dot-brand gTLD.

The company has been responsible for .sbi since it was delegated by ICANN last April, but bank.sbi is its first live domain name.

Currently, while bank.sbi is live and resolving, the old domain sbi.co.in appears to still be its primary address.

However, SBI said “all of the bank’s internet presence… shall soon be migrated to the .sbi gTLD”.

There will be a period of crossover while customers get used to the change, it said in a press release.

The bank said: “a gTLD site like .sbi conveys an assurance to the customer that the site is authorised, genuine and is not an inappropriate or phishing site”.

The move is perhaps significant given that SBI is state-owned, and one might expect some level of nationalism when it comes to domain choice.

But SBI, India’s largest bank with $490 billion in assets under management, is not the first bank to say it plans to use its dot-brand as its primary TLD.

BNP Paribas, the world’s biggest non-Chinese bank, uses .bnpparibas for almost everything, particularly in its native France. It has three domains in the Alexa top 100,000 most-visited web sites.

Others with dot-brands in use include Barclays and Citi.

4 Comments Tagged: , , , ,