EFF rages as Ethos closes Donuts buy
The Electronic Frontier Foundation thinks the acquisition of Donuts by “secretive” private equity group Ethos Capital represents a risk to free speech.
The deal, which sees Ethos buy a controlling stake from fellow PE firm Abry Partners, closed earlier this week, having apparently received no official objection from ICANN.
But the EFF now wants ICANN to force Donuts to change its gTLD registry contracts to make it harder for the company to engage in what it calls “censorship-for-profit”.
The group’s senior staff attorney, Mitch Stoltz, raised the issued at the Public Forum session of last week’s ICANN 70 virtual public meeting, and expanded upon his thinking in a blog post this week. He wrote:
Donuts already has questionable practices when it comes to safeguarding its users’ speech rights. Its contracts with ICANN contain unusual provisions that give Donuts an unreviewable and effectively unlimited right to suspend domain names—causing websites and other internet services to disappear.
He pointed to Donuts’ trusted notifier program with the Motion Picture Association, which streamlines the takedown of domains used for pirating movies, as an example of a registry’s power to censor.
Donuts runs gTLDs including ones with social benefit meanings that the EFF is particularly concerned about, such as .charity, .community, .fund, .healthcare, .news, and .university.
Stoltz also makes reference to the Domain Protected Marks List, a Donuts service that enables trademark owners to block their marks, and variants, across its entire portfolio of 240+ gTLDs.
In effect, this lets trademark holders “own” words and prevent others from using them as domain names, even in top-level domains that have nothing to do with the products or services for which a trademark is used. It’s a legal entitlement that isn’t part of any country’s trademark law, and it was considered and rejected by ICANN’s multistakeholder policy-making community.
The DPML is not unique to Donuts. Competitors such as UNR and MMX have similar services on the market for their gTLDs.
When Stoltz raised the EFF’s concerns at last week’s ICANN meeting, CEO Göran Marby basically shrugged them off, saying he didn’t understand why one PE firm buying an asset off another PE firm was such a big deal.
I have to say I agree with him.
Ethos came under a lot of scrutiny last year when it tried to buy .org manager Public Interest Registry, turning it into a for-profit entity, generating cash for Ethos’ still-undisclosed backers.
(This week, Ethos disclosed in a press release that its investors include massive hedge funds The Baupost Group and Neuberger Berman “among others”, which appears to be the first time these names have been mentioned in connection with the company).
But a pretty good case could be made that .org is a unique case, that has had a non-profit motive baked into its DNA for decades. That does not apply to Donuts, which was a profit-making venture from the outset.
It’s not entirely clear why the EFF is suddenly concerned that Donuts will start exercise its contractual right-to-suspend more frequently under Ethos than under Abry. Stoltz wrote:
As we learned last year during the fight for .ORG, Ethos expects to deliver high returns to its investors while preserving its ability to change the rules for domain name registrants, potentially in harmful ways. Ethos refused meaningful dialogue with domain name users, instead proposing an illusion of public oversight and promoting it with a slick public relations campaign. And private equity investors have a sordid record of buying up vital institutions like hospitals, burdening them with debt, and leaving them financially shaky or even insolvent.
Even with the acquisition passing through ICANN easily, the EFF wants Donuts to change its contracts to make it more difficult for the company to suspend domain names on a whim.
I believe the language causing the controversy comes from anti-abuse policies in the Public Interest Commitments found in almost all Donuts’ contracts with ICANN, which state in part:
Registry Operator reserves the right, at its sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status as it determines necessary for any of the following reasons:
a. to protect the integrity and stability of the registry;
b. to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;
c. to comply with the terms of this Registry Agreement and the Registry Operator’s Anti-Abuse Policy;
d. registrant fails to keep Whois information accurate and up-to-date;
d. domain name use violates the Registry Operator’s acceptable use policies, or a third party’s rights or acceptable use policies, including but not limited to the infringement of any copyright or trademark; or
e. as needed during resolution of a dispute.
As a voluntary PIC, this language is unique to Donuts, though other registries have similar provisions in their registry agreements.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
Very interesting topics. Thanks for bringing these issues to light.
Have you heard of any instance whereby a non-abusing domain was taken from a registrant or otherwise cancelled by a registry simply because the registrant did not maintain accurate whois contact information?
I agree that this is much ado about nothing. Every Registry and Registrar has provisions similar to the ones that the EFF is complaining about. And with everyone demanding that Registries and Registrars combat DNS Abuse, these types of provisions are necessary.
EFF shouldn’t look at the language in the Agreements, but only the actions of the of the organization with the Agreement. And up until now, neither Donuts or any other Registry or Registrar having similar language in their agreements have in my opinion abused their power.
If one only looks at the contractual language to complain, then perhaps EFF should look at the agreement it entered into with its registrar to register/renew eff.org.
EFF uses Gandi as their registrar for eff.org. If you take a look at Gandi’s General Terms and Conditions, it contains the following language:
(https://contract.gandi.net/v5/contracts/42806/MSA_SAS_2020.1_en.pdf)
12.2. Termination without notice
Any material breach of Your contractual obligations that could not be corrected or whose importance makes it impossible to continue the General Terms and Conditions of Service or all or part of the Service shall motivate the immediate termination of the General Terms and Conditions of Service and/or the concerned Service Agreements, and/or the deactivation or even the deletion of Your User Account, Your concerned Organizations, without judicial formality and without any kind of compensation being claimed at Gandi, without prejudice to any kind of compensation that may be claimed by Gandi.
Notwithstanding the subscribed Service, the following events shall be deemed as material breaches to Your obligations:
– The communication of fake, incomplete or inaccurate personal data, contact information about You or any person that mandates You to act on its behalf, the failure to correct or update such data, or failure to provide required supporting documents within fifteen (15) calendar days, or any other deadline indicated in Our notice ;
If We are informed or discover You take part in anyway, or carry out whether directly or indirectly, via Our Services any unlawful activity, including:
– any provocation, apology or incitement to commit crimes or offenses, especially crimes against humanity;
– the apology or incitement of racial hatred;
– any activity or publishing of any racist, xenophobic or revisionist Content;
– any activity or publishing of minors sexual exploitation related Content or any Content that could directly or indirectly be deemed as incitement to commit suicide, to make, use or distribute illegal substances;
– terrorist activities;
– attacks, penetration, fraudulently staying in an information system managed or ran by Gandi, or a third party;
– the collection, the processing or the illegal sending or personal data;
– activities causing any damage or disturbance, by any mean, to Our Services or Our information system, or to any other service or system
connected to the Internet;
– any infringement of Gandi’s intellectual property rights (including but not limited to trademarks, color and graphic charter, etc).
12.4. Pursuant to rules and regulations in force, We may suspend or immediately delete without notice some or all Services subscribed and/or Your User Account, or Your Organizations:
to comply with a legal or regulatory obligation;
– pursuant to an order, injunction or decision by competent authorities (including in the case of a court decision or an administrative panel decision)
Agreed.