ICANN refuses to say why it allowed Donuts to buy Afilias

ICANN appears determined to make its decision-making process when it comes to industry consolidation as opaque as possible.

The Org has denied a request from two rival registries for information about how it approved the acquisition of Afilias by Donuts last December, apparently exploiting a loophole in its bylaws.

The transaction got the nod from ICANN after its December 17 board of directors meeting, at which the board discussed the deal and gave CEO Göran Marby the nod to go ahead and process the request.

What it didn’t do was pass a formal resolution approving the deal, which seems to have given it the room to wriggle out of its transparency requirements, such as publishing its rationale and briefing materials.

It’s a trick it also used last year when it decided to bar Ethos Capital from acquiring Public Interest Registry.

In response to a Documentary Information Disclosure Process request (pdf) last month, filed by Dot Hotel and Domain Venture Partners, ICANN said:

ICANN org makes available, as a matter of due course, on the ICANN website the resolutions taken, preliminary report, minutes, and the Board briefing materials for each Board meeting… ICANN org has already published all materials for the 17 December 2020 Board meeting.

No new information was published.

The DIDP was filed by two applicants for the new gTLD .hotel, which are competing with applications originally filed by both Donuts and Afilias.

They’d also asked for ICANN’s rationale for allowing Donuts to own two .hotel applications post-acquisition, but ICANN said it had no documents reflecting that rationale.

The .hotel contest is also the subject of an Independent Review Process case and a lawsuit, in which DVP is a plaintiff.

ICANN rules out vaccine passports, kinda, but warns in-person meetings may be a long way off

The odds of a return to in-person ICANN meetings this year is “fifty-fifty”, but the Org has no plans to introduce so-called “vaccine passports” to hasten the process.

That’s what emerged during a session at ICANN 70, the fourth consecutive remote public meeting since the coronavirus pandemic began, yesterday.

ICANN’s mid-year meeting, originally slated for The Hague, was recently confirmed to be online-only this June, and the final meeting of the year, scheduled for October in-person in Seattle, is still far from certain.

Speaking to the Non-Commercial Stakeholders Group, CEO Göran Marby yesterday gave the odds of a Seattle meeting as 50:50, and said in-person meetings will only go ahead when global pandemic restrictions are at a point where people from all parts of the world are able to attend. He said:

We cannot go to a country or a region that sets up too many obstacles for ICANN people to travel there.

…

It could be technically possible for us to have a meeting somewhere with a very limited participation, but then we really have to ask “Should we have that?”, because if we can’t people into the meeting from different parts of the world, we probably shouldn’t do the meeting.

…

Since the beginning of this, we always said that the decisions are made by the people who come to the meetings, and if we can’t have enough participation from different stakeholder groups in different parts of the world, then there’s not going to be an ICANN meeting.

The return to normality will be dictated largely by vaccine roll-out worldwide, he indicated, but benchmarked against the slowest-to-jab nations.

While the US and UK are making rapid progress getting shots in arms, other nations are barely getting started with their programs.

But Marby ruled out the idea of ICANN-specific “vaccine passports”, saying: “It’s not for ICANN to set them up, it’s going to be the governments and the hotels and the airlines to set them up.”

The ICANN board and NCSG also acknowledged a certain degree of volunteer burnout and reduced participation over the last 12 months, which was broadly chalked down to the crippling time-zone problems online meetings entail.

Because ICANN rotates its meetings through broadly speaking three time zones (Americas, Europe, East Asia) with about eight hours between them, at any given meeting roughly two thirds of the community is going to be working well outside of their usual business hours for a week or more, which takes its toll.

IP lobby demands halt to Whois reform

Trademark interests in the ICANN community have called on the Org to freeze implementation of the latest Whois access policy proposals, saying it’s “not yet fit for purpose”.

The Intellectual Property Constituency’s president, Heather Forrest, has written (pdf) to ICANN chair Maarten Botterman to ask that the so-called SSAD system (for Standardized System for Access and Disclosure) be put on hold.

SSAD gives interested parties such as brands a standardized pathway to get access to private Whois data, which has been redacted by registries and registrars since the EU’s Generic Data Protection Regulation came into force in 2018.

But the proposed policy, approved by the GNSO Council last September, still leaves a great deal of discretion to contracted parties when it comes to disclosure requests, falling short of the IPC’s demands for a Whois that looks a lot more like the automated pre-GDPR system.

Registries and registrars argue that they have to manually verify disclosure requests, or risk liability — and huge fines — under GDPR.

The IPC has a few reasons why it reckons ICANN should slam the brakes on SSAD before implementation begins.

First, it says the recommendations sent to the GNSO Council lacked the consensus of the working group that created them.

Intellectual property, law enforcement and security interests — the likely end users of SSAD — did not agree with big, important chucks of the working group’s report. The IPC reckons eight of the 18 recommendations lacked a sufficient degree of consensus.

Second, the IPC claims that SSAD is not in the public interest. If the entities responsible for “policing the DNS” don’t think they will use SSAD due to its limitations, then why spend millions of ICANN’s money to implement it?

Third, Forrest writes that emerging legislation out of the EU — the so-called NIS2, a draft of a revised information security directive —- puts a greater emphasis on Whois accuracy

Forrest concludes:

We respectfully request and advise that the Board and ICANN Org pause any further work relating to the SSAD recommendations in light of NIS2 and given their lack of community consensus and furtherance of the global public interest. In light of these issues, the Board should remand the SSAD recommendations to the GNSO Council for the development of modified SSAD recommendations that meet the needs of users, with the aim of integrating further EU guidance.

It seems the SSAD proposals will be getting more formal scrutiny than previous GNSO outputs.

When the GNSO Council approved the recommendations in September, it did so with a footnote asking ICANN to figure out whether it would be cost-effective to implement an expensive — $9 million to build, $9 million a year to run — system that may wind up being lightly used.

ICANN has now confirmed that SSAD and the other Whois policy recommendations will be one of the first recipients of the Operational Design Phase (pdf) treatment.

The ODP is a new, additional layer of red tape in the ICANN policy-making sausage machine that slots in between GNSO Council approval and ICANN board consideration, in which the Org, in collaboration with the community, tries to figure out how complex GNSO recommendations could be implemented and what it would cost.

ICANN said this week that the SSAD/Whois recommendations will be subject to a formal ODP in “the coming months”.

Any question about the feasibility of SSAD would be referred back to the GNSO, because ICANN Org is technically not supposed to make policy.

Nominet warns of government takeover as Namecheap backs fire-the-directors campaign

Nominet has raised the specter of a government takeover of the .uk registry, should members vote to oust five of its top directors at an Emergency General Meeting a week from now.

The warning came as part of the company’s anti-EGM publicity, and at a time when the campaign for a Yes vote has passed 25% of eligible votes, with Namecheap becoming the biggest name yet to support the ouster.

In a blog post, the company refers readers back to the Digital Economy Act of 2010, which in part gives the UK government the ability to unilaterally take over .uk, should Nominet seriously mess up:

It means that the government can step in, if Nominet is ever considered unstable or not capable of governing itself.

Removing five directors, including two of the four independents, and pressuring the remaining directors to install candidates outside normal procedures, as the EGM petitioners seek to do, would be a huge step backwards in terms of good governance. We have been warned that instability will be of serious concern to government. We know it would create a scenario which would make intervention more likely.

That part of the Act was brought in because at the time Nominet was perceived to be at risk of capture by domain investors. It has since reformed its constitution to make this less likely.

The current situation could be seen as a replay of the situation 11 years ago, with many of those most unhappy with Nominet’s recent strategy among the domainer community.

The campaign, PublicBenefit.uk, wants to fire five directors including the chair and CEO and replace them with two new appointments who have promised to lower .uk domain prices and direct more profit to public benefit causes.

As of today, the campaign has 429 member signatories, representing 25.1% of voting rights. This is probably enough to pass its resolutions, which call for a simple majority of members attending the EGM.

Namecheap has become the largest registrar so far to sign up. It’s the seventh-largest .uk registrar, with 201,355 domains under management. GoDaddy, 1&1 Ionos, Tucows, and the others in the top 10 are so-far undecided. Google has said it will abstain.

It’s debatable whether the Digital Economy Act applies here. The Act deems that a registry has failed under two quite narrow circumstances:

(a)the registry, or any of its registrars or end-users, engages in prescribed practices that are unfair or involve the misuse of internet domain names, or

(b)the arrangements made by the registry for dealing with complaints in connection with internet domain names do not comply with prescribed requirements.

Do either of those apply to PublicBenefit.uk’s demands? It looks like a stretch.

The EGM will take place March 22, next Monday, and right now it’s not looking great for Nominet’s top brass.

ICANN 71 is online-only, because of course it is

ICANN has called off plans to conduct its 71st public meeting in the Netherlands this June.

Blaming the ongoing coronavirus pandemic, the risk to safety and travel restrictions, ICANN confirmed last week that the venue will again be Zoom, rather than The Hague.

It will be the fifth consecutive meeting to go online-only.

The dates will remain the same — June 14 to June 17 — and the European time zone of course means that folks at ICANN HQ in Los Angeles will once again be working throughout the night.

ICANN 70, relocated from Cancun, begins next Monday.

ICANN 70 has virtual schwag, other new stuff

It may not make up for the lack of sun, sea, sand and sexual abstinence, but the ICANN 70 meeting, taking place this month on Zoom instead of Cancun, Mexico, does have a few new enticements that may tickle your fancy.

It’s also beginning to look like ICANN 70 won’t be the last of ICANN’s public meetings this year to be online-only.

At the trivial end of the spectrum, attendees get a virtual schwag bag containing unsponsored, printable collectibles including: two versions of a do-not-disturb door sign, a name badge, and two types of origami paper airplanes.

Equally trivially, ICANN appears to trying to foster a sense of remote community by encouraging attendees to take photographs of their food and post them to social media with the hashtag #icannchef. Because it’s 2009, apparently.

A bit more substance comes with the promise of private breakout rooms, which ICANN described in a blog post.

Apparently attendees will be able to create their own private rooms, containing multiple parties, whether it’s for social or business or policy-making purposes.

While ICANN 70 Prep Week started this week, that feature doesn’t appear to be live yet, or is so well-hidden that I couldn’t find it.

I can see this being potentially useful for meetings that take longer than the time allotment Zoom gives you for free, but I’m not sure I’d want to hold any super-sensitive meetings on a platform configured by ICANN, given its track record.

Other new features include the ability to listen in to live interpretation in the supported languages during the supported sessions, natively via the Zoom interface.

ICANN’s also turning on Zoom’s often hilarious, automated real-time transcription service, for sessions that don’t receive the usual human-assisted scribe service.

The Org has been adding features to its online platform bit-by-bit since the coronavirus pandemic forced the community into virtual mode a year ago.

It’s unlikely to be the last time ICANN meets in an online-only fashion. The board of directors is to meet tomorrow to consider the fate of ICANN 71, which is currently scheduled to take place in The Hague in June.

While some countries may well be approaching some level of pre-pandemic normality by then, ICANN is an international organization and the maxim “Nobody’s safe until we’re all safe” probably applies here.

Got beef with ICANN? Why you may not want to use the Ombudsman

Complaining to the independent Ombudsman may not be the best way to start a beef with ICANN, and that’s according to the Ombudsman himself.

Herb Waye told DI this week that consulting him as a first port of call may well lock complainants out of escalating their complaints through his office in future procedures.

Earlier this week, I reported on a lawsuit filed by three so-far unsuccessful .hotel gTLD applicants, which among other things alleges that ICANN’s Request for Reconsideration appeals process is a “sham”.

Reconsideration has quite a high barrier to success, and complaints are rarely successful. Requests are dealt with by the Board Accountability Mechanisms Committee, a subset of the very same board of directors that passed the resolution being complained about, advised by the same ICANN lawyers.

But RfRs are also automatically sent to the Ombudsman for a determination before the BAMC looks into them, which should provide a valuable and ostensibly independent second set of critical eyes.

However, in practice this has almost never happened since the provision was added to the ICANN bylaws five year ago.

The .hotel plaintiffs tallied up the 14 RfRs related to the new gTLD program since 2017 and found that the Ombudsman had recused himself, without detailed explanation, on every single occasion. Their complaint in California Superior Court reads:

Neither ICANN nor the Ombudsman has provided any intelligible reason for this gross flouting of ICANN’s bylaws and the Ombudsman’s dereliction of duty, other than a naked and vague claim of “conflict of interest”. The lack of any Ombudsman process not only violates ICANN’s bylaws and its contracts with Plaintiffs, but it renders the promise of a fair and independent Reconsideration process null and illusory, and the notion of true accountability a farce.

The ICANN bylaws state that the Ombudsman must recuse himself from considering RfRs “involving matters for which the Ombudsman has, in advance of the filing of the Reconsideration Request, taken a position while performing his or her role as the Ombudsman”.

According to Waye’s explanation, this is a very broad standard indeed. He told DI in an email:

it is not just me but over 18(?) years of Office of the Ombudsman involvement in complaints or investigations. So I need to go back through the archives when I receive an RR to make sure neither Chris [LaHatte] nor Frank [Fowlie] have made a determination (it doesn’t have to be a public report (or position) or a report to the Board to qualify for recusal).

Among other factors, it also doesn’t have to be a past determination directly involving the RR requestor either… if the substance of the RR has been reviewed by the Office in the past, or if the RR is about an issue similar to one that has been the subject of a complaint and a determination, then recusal is also required to avoid inconsistencies or perceived bias.

He consults with his “independent outside counsel”, Dave Marglin, when figuring out whether recusal is necessary, he said.

Waye published an explanation of his role in Reconsideration on page 19 of the Ombusdman’s most-recent annual report (pdf).

I wondered whether a 2015 decision by Waye predecessor LaHatte related to the new gTLD program’s controversial Community Priority Evaluation might account for the spate of recusals over the last few years, but Waye would not be drawn.

“I can’t identify specifics about each recusal as I must at all cost avoid identifying past complainants or subjects of complaints,” he said. “As I mentioned, some published reports may be the reason for a recusal but it may also be the result of the RfR issue having passed through my Office prior to the RfR being filed as a complaint; which may or may not be a known fact, so I err on the side of caution and treat all recusals the same.”

Given that the Ombudsman also deals with sensitive interpersonal interactions, including sexual harassment complaints, a code of confidentiality could be a good thing.

But it also means that there are an unknown number of undisclosed topics, dating back the best part of two decades, that the Ombudsman is apparently powerless to address via the Reconsideration process.

And that list of untouchable topics will only get longer as time goes by, incrementally weakening ICANN’s accountability mechanisms.

It seems to me that for companies with no interest in confidentiality but with serious complaints against an ICANN board action, complaining to the Ombudsman as the first port of call in a case that would likely be escalated to Reconsideration, Cooperative Engagement Process and Independent Review Process may be a bad idea.

Not only would they be locking the Ombudsman out of their own subsequent RfR, but they’d be preventing him or her getting involved in related RfRs for eternity.

Waye does not disagree. He said:

I think anyone considering bringing a complaint to the Office of the Ombuds should now consider their desired outcome if there is any possibility the issue may be something that could eventually take the RfR route. Do they want an informal (potentially confidential) determination from the Ombuds or do they want something more “public” from the Ombuds in the form of a substantive evaluation made directly to the BAMC. It’s still a new process and my participation in the RfR accountability mechanism is still a work in progress for the people considering using the RfR. But it’s what the community wanted and we will make it work.

It strikes me that the Reconsideration policy outlined in the ICANN bylaws is, by accident or design, self-terminating and opaque. It becomes less useful the more often it is used, as the range of topics the Ombudsman is permitted to rule on are slowly whittled away in secret.

It also occurs to be that it might be open to abuse and gaming.

Worried that a rival company will try to use Reconsideration to your disadvantage? Why not file a preemptive Ombudsman complaint on the same topic, forcing him to recusing himself and leaving the eventual RfR in the hands of the far-from-objective BAMC and ICANN board?

Waye said:

I suppose it would be possible, though it would require me making a determination or taking a position of sorts related to the eventual RfR… a complaint doesn’t automatically mean recusal. And of course it would mean me and my counsel not seeing through the “gaming” agenda and declining the complaint at the outset.

.hotel battle lands ICANN in court over accountability dodges

ICANN’s accountability mechanisms, or lack thereof, have landed the Org in court.

Three applicants for the .hotel new gTLD have sued in California’s Superior Court in LA, claiming ICANN has consistently failed to provide true accountability, refusing for over seven years to implement fundamental mechanisms required by its bylaws.

They want the court to force ICANN to stick to its bylaws and to also temporarily freeze an Independent Review Process case related to .hotel.

The registries in question are Fegistry, Domain Venture Partners and Radix. They filed their complaint at the end of October, but ICANN did not publish it until the end of January, after its terse reply, and an administrative ruling, had also been filed with the court.

While the endgame is presumably to get the .hotel contention set pushed to auction, the lawsuit barely mentions the gTLD at all. Rather, it’s a broad-ranging challenge to ICANN’s reluctance to submit to any kind of accountability at all.

The main beef is that ICANN has not created a so-called “Standing Panel” of judges to preside over IRP cases, something that its bylaws have required since 2013.

The Standing Panel is meant to comprise seven legal experts, trained up in all things ICANN, from which the three panelists presiding over each IRP would be selected.

It would also operate as a final appeals court for IRP rulings, with all seven panelists involved in such “en banc” challenges.

The idea is to have knowledgeable panelists on a retainer to expedite IRPs and ensure some degree of consistency in decision-making, something that has often been lacking in IRP decisions to date.

Despite this requirement being in the bylaws since 2013, ICANN has consistently dragged its feet on implementation and today there still is no Standing Panel.

The .hotel plaintiffs reckon ICANN has dodged $2.7 million in fees by refusing to pick a panel, all the while offloading certain fees onto complainants.

It didn’t get the ball rolling until January 2018, but the originally anticipated, rather streamlined, selection process quickly devolved into the usual mess of ICANN bureaucracy, red tape and circular community consultation.

The latest development was in November 2020, when ICANN announced that it was looking for volunteers for a cross-community “IRP Community Representatives Group”, a team similar to the Nominating Committee. which would be responsible for picking the Standing Panel members.

The deadline to apply was December 4, and we’ve not heard anything else about the process since.

The .hotel litigants also have beef with the “sham” Request for Reconsideration process, which is notorious for enabling the board to merely reinforce its original position, which was drafted by ICANN staff lawyers, based on advice provided by those same ICANN staff lawyers.

They also take aim at the fact that ICANN’s independent Ombudsman has recused himself from any involvement in Reconsideration related to the new gTLD program, for unclear reasons.

The lawsuit (pdf) reads:

ICANN promised to implement these Accountability Mechanisms as a condition of the United States government terminating its formal oversight of ICANN in 2016 — yet still has wholly failed to do so.

Unless this Court forces ICANN to comply with its bylaws in these critical respects, ICANN will continue to force Plaintiffs and any other complaining party into the current, sham “Reconsideration” and Independent Review processes that fall far short of the Accountability Mechanisms required in its bylaws.

The plaintiffs say that ICANN reckons it will take another six to 12 months to get the Standing Panel up and running. The plaintiffs say they’re prepared to wait, but that ICANN is refusing and forcing the IRP to continue in its absence.

They also claim that ICANN was last year preparing to delegate .hotel to HTLD, the successful applicant now owned by Donuts, which forced them to pay out for an emergency IRP panelist to get the equivalent of an injunction, which cost $18,000.

That panelist declined to force ICANN to immediately appoint a Standing Panel or independent Ombudsman, however.

The .hotel plaintiffs allege breach of contract, fraud, deceit, negligence and such among the eight counts listed in the complaint, and demand an injunction forcing ICANN to implement the accountability mechanisms enshrined in the bylaws.

They also want an unspecified amount of money in punitive damages.

ICANN’s response to the complaint (pdf) relies a lot on the fact that all new gTLD applicants, including the plaintiffs in this case, signed a covenant not to sue as part of their applications. ICANN says this means they lack standing, but courts have differed of whether the covenant is fully enforceable.

ICANN also claims that the .hotel applicants have failed to state a factual case for any of their eight counts.

It further says that the complaint is just an effort to relitigate what the plaintiffs failed to win in their emergency hearing in their IRP last year.

It wants the complaint dismissed.

The court said (pdf) at the end of January that it will hold a hearing on this motion on DECEMBER 9 this year.

Whether this ludicrous delay is related to the facts of the case or the coronavirus pandemic is unclear, but it certainly gives ICANN and the .hotel applicants plenty of time for their IRP to play out to conclusion, presumably without a Standing Panel in place.

So, a win-by-default for ICANN?

Conspiracy nut ordered to pay thousands to “kingpins” as “cartel” lawsuit chucked out

Domain industry conspiracy theorist Graham Schreiber has been ordered to pay CAD 6,000 ($4,750) in legal fees to many of the scores of industry figures he sued as a “cartel” of “kingpins” last August.

A Canadian Federal Court judge last month threw out his rambling, incoherent complaint in its entirety, saying among other things that it was “frivolous and vexatious”, containing no allegations the defendants were capable of responding to.

Judge Angela Furlanetto summarized the case like this:

It can best be described as a wide-spread attempt by the Plaintiff to express his displeasure and frustration with his experience in his prior lawsuit in the U.S. and with the domain name system.

And:

In this case, the Plaintiff baldly asserts conspiracy, racketeering, trafficking, extortion, passing off and perjury. The Plaintiff raises these issues broadly, does not plead material facts to support the constituent elements of these causes of action, and has not identified with any clarity which defendants are asserted to have committed each of these acts and how. The who, when, where, how and what are not pleaded

In throwing out the case, she ordered that Schreiber must pay CAD 1,500 ($1,189) to each of the four sets of defendants who had responded to his complaint, to cover their legal fees.

Schreiber actually got lucky — the defendants had asked for a total closer to CAD 25,000 ($20,000), but the judge took pity on him because he was representing himself in the case.

The beneficiaries of these four payouts, should they ever be made, are GoDaddy VP James Bladel, a group comprising Jeff Ifrah, Keith Drazek, Timothy Hyland, Phil Corwin and David Deitch, Greenberg Traurig lawyers Marc Trachtenberg, David Barger, Amanda Katzenstein, Paul McGrady and Ian Ballon, and Facebook Canada.

But the suit had named dozens of other industry figures of greater or lesser prominence, in a crazy blanket rant that appears to be rooted in an old beef Schreiber has with CentralNic and Nominet related to the domain names landcruise.uk.com and landcruise.co.uk.

One of his rather bold legal gambits was to inform the court that he’d been trolling the defendants on social media for years, and that the fact he had not yet been sued for libel was evidence of a conspiracy.

Will a six grand legal bill be sufficient to get him to sit down and shut up? I guess time will tell.

Hat tip to erstwhile defendant John Berryhill for posting the ruling (pdf).

Three ICANN directors voted against Marby’s pay rise

In what may or may not have been an accidental moment of transparency, ICANN has revealed that three of its directors recently voted against giving CEO Göran Marby a pay rise.

Notes on the February 8 board meeting, which granted Marby a 5% salary increase from July, contain this tally:

Eleven Directors voted in favor of Resolution 2021.02.08.05. Three Directors voted against the Resolution. Two Directors including Göran Marby, the subject of the Resolution, were unavailable to vote. The Resolution carried.

It appears to be the first time, at least in recent years, that an ICANN board vote breakdown has been published on a matter of executive compensation.

Assuming this was a deliberate decision to increase transparency, rather than an admin screw-up, kudos to ICANN for the baby-step.

Any resolution carried by the ICANN board related to personnel matters such as pay is usually during a confidential “executive session” which is not properly minuted and doesn’t usually have a vote breakdown published.

The report does not name the dissenting directors or their arguments against the pay raise. That kind of thing would usually come in the formally approved minutes, which might not come for months and might not elaborate further.

However, when Marby sought and was granted a contract extension last year, and the vote was not unanimous, ICANN did eventually publish some information about dissenting directors’ rationales.

One director had voted against the extension partly due to issues with “the CEO’s communication style” that he believed needed to be addressed. Another abstained because she felt there should have been a formal performance review first.