Can NameCheap reverse .org price cap scrap?

NameCheap has taken it upon itself to fight ICANN’s decision to remove price increase caps on .org. But does it stand a snowball’s chance in hell of winning?

The registrar has filed a Request for Reconsideration with ICANN, appealing the organization’s signing of a Registry Agreement with Public Interest Registry that allows PIR to raise prices by however much it wants, more or less whenever that it wants.

NameCheap, which had over 390,000 .org domains under management at the last count, says it is fighting for 700-odd of its customers whose comments, filed with ICANN, were allegedly not taken into account when the decision was made, along with registrars and everyone else that may be adversely impacted by unfettered .org price increases.

NameCheap thinks its business could be harmed if price increases are uncapped, with customers perhaps letting their domains expire instead of renewing. It’s RfR states:

The decision by ICANN org to unilaterally remove the price caps when renewing legacy TLDs with little (if any) evidence to support the decision goes against ICANN’s Commitments and Core Values, and will result in harm to millions of internet users throughout the world.

…

Unrestricted price increases for legacy TLDs will stifle internet innovation, harm lesser served regions and groups, and significantly disrupt the internet ecosystem. An incredible variety of public comments was submitted to ICANN from all continents (except Antarctica) imploring ICANN to maintain the legacy TLD price caps — which were completely discounted and ignored by ICANN org.

Before the new contract was signed, PIR was limited to a 10% increase in its .org registry fee every year. It didn’t always exercise that right, and has said twice in recent months that it still has no plans to increase its prices.

The new contract — which has already been signed and is in effect — was subjected to a public comment period that attracted over 3,200 comments, almost all of them expressing support for maintaining the caps.

Despite not-for-profit PIR’s protestations, many commenters came from the position that giving PIR the power to increase its fee without limit would very possibly lead to price gouging.

That ICANN allegedly “ignored” these comments is the key pillar of NameCheap’s RfR case.

The public comment period was a “sham”, the registrar claims.

But is this enough to make ICANN change its mind and (somehow) unsign the .org contract?

There are three ways, under ICANN’s bylaws, to win an RfR.

Requestors can show that the board or staff did something that contradicts “ICANN’s Mission, Commitments, Core Values and/or established ICANN policy(ies)”

They also win if they can show the decision was was taken “without consideration of material information” or with “reliance on false or inaccurate relevant information”.

It’s quite a high bar, and most RfRs are rejected by the Board Accountability Mechanisms Committee, which is the court of first instance for reconsideration requests.

Requestors rarely show up with sufficient new information sufficiently persuasive to kick the legs from under ICANN’s original decision, and the question of something contradicting ICANN’s core principles is usually a matter of interpretation.

For example, in this case, NameCheap is arguing that failing to side with the commenters who disagreed with the removal of price caps amounts to a breach of ICANN’s Core Value to make all decisions in consultation with stakeholders:

The ICANN org will decide whether to accept or reject public comment, and will unilaterally make its own decisions — even if that ignores the public benefit or almost unanimous feedback to the contrary, and is based upon conclusory statements not supported by the evidence. This shows that the public comment process is basically a sham, and that ICANN org will do as it pleases in this and other matters.

But one of ICANN’s stated reasons for approving the contract was to abide by its Core Value to depend “on market mechanisms to promote and sustain a competitive environment in the DNS market”. It doesn’t want to be a price regulator, in other words.

So we have a clash of Core Values here. It will be pretty easy for ICANN’s lawyers — who drafted the contract and will draft the resolutions of the BAMC and the full board — to argue that the Core Values were respected.

I think NameCheap is going to have a hard time here.

Even if it were to win, how on earth does one unsign a contract? As far as I can tell, ICANN has no termination rights that would apply here.

Where the RfR will certainly succeed is to force the ICANN board itself to take ownership, on the record, of the .org contract decision.

As ICANN explained to DI earlier this month, while the board was very much kept in the loop on the state of negotiations, it was senior staff that made all the calls on the new contract.

But an RfR means that the BAMC, which comprises five directors, will first have to raise their hands to confirm the .org decision was kosher.

NameCheap will then get a chance to file a rebuttal before the BAMC decision is handed to the full ICANN board for a confirmatory vote.

While the first two board discussions of the .org contract were not minuted, the bylaws contain an interesting feature related to RfRs that I’d never noticed before today:

If the Requestor so requests, the Board shall post both a recording and a transcript of the substantive Board discussion from the meeting at which the Board considered the Board Accountability Mechanisms Committee’s recommendation.

I sincerely hope NameCheap invokes this right, as I think it’s pretty important that we get some additional clarity on ICANN’s thinking here.

Airline hit with $230 million GDPR fine

British Airways is to be fined £183.39 million ($230 million) over a customer data breach last year, by far the biggest penalty to be handed out under the General Data Protection Regulation to date.

This story is not directly related to the domain name industry, but it does demonstrate that European data protection authorities are not messing about when it comes to GDPR enforcement.

About 500,000 BA customers had their personal data — including full payment card details — stolen by attackers between June and September last year, the UK Information Commissioner’s Office said today..

It is believed that they obtained the data not by hacking BA’s database, but rather by inserting a script hosted by third-party domain that executed whenever a customer transacted with the site, allowing credentials to be captured in real time.

The ICO said its decision to fine $183.39 million — which amounts to more than 1.5% of BA’s annual revenue — is preliminary and can be appealed by BA.

Under GDPR, which came into effect in May 2018, companies can be fined up to 4% of revenue.

The biggest pre-GDPR fine is reportedly the £500,000 penalty that Facebook was given due to the Cambridge Analytica scandal.

GDPR is of course of concern to the domain industry due to the ongoing attempts to make sure Whois databases are compliant with the laws.

.amazon frozen AGAIN as endless government games continue

Amazon’s application for the .amazon gTLD has yet again been frozen, after a South American government invoked ICANN’s appeals process.

The bid, as well as applications for the Chinese and Japanese versions, were returned to “on-hold” status at the weekend, after Colombia filed a formal Request for Reconsideration, an ICANN spokesperson confirmed to DI.

“The processing toward contracting of the .AMAZON applications has been halted pending the resolution of Request 19-1, per ICANN organization’s normal processes,” the spokesperson said.

This means the applications could remain frozen for 135 days, until late October, while ICANN processes the request. It’s something that has happened several times with other contested gTLDs.

Colombia filed RfR 19-1 (pdf) on June 15. It demands that ICANN reverses its board’s decision of May 15, which handed Amazon a seemingly decisive victory in its long-running battle with the eight governments of the Amazon Cooperation Treaty Organization.

ACTO’s members believe they should have policy control over .amazon, to protect the interests of their citizens who live in the region they share.

To win an RfR — something that hardly ever happens — a complainant has to show that the ICANN board failed to consider pertinent information before it passed a resolution.

In Colombia’s case, it argues that the board ignored an April 7 letter (since published in PDF format here) its Governmental Advisory Committee representative sent that raises some interesting questions about how Amazon proposes to operate its TLDs.

Because .amazon is meant to be a highly restricted “dot-brand” gTLD, it would presumably have to incorporate Specification 13 into its ICANN registry agreements.

Spec 13 releases dot-brands from commitments to registrar competition and trademark protection in exchange for a commitment that only the brand itself will be able to own domains in the TLD.

But Colombia points out that Amazon’s proposal (pdf) to protect ACTO governments’ interests would give the eight countries and ACTO itself “beneficial ownership” over a single domain each (believed to be names such as co.amazon, .br.amazon, etc).

If this means that Amazon would not qualify for Spec 13, it could follow that ICANN’s board made its decision to continue processing .amazon on faulty assumptions, Colombia argues.

Colombia points to the case of .sas, a dot-brand that is apparently shared by two companies that have the same brand, as a possible model for shared management of .amazon.

RfRs are handled by ICANN’s Board Accountability Mechanisms Committee.

BAMC took just a couple of days to rule out (pdf) Colombia’s request for “urgent reconsideration”, which would reduce its regular response time from 90 days to 7 days.

The committee said that because the .amazon applications were being placed back on-hold as part of normal procedure during consideration of an RfR, no harm could come to Colombia that would warrant “urgent” reconsideration.

According to ICANN’s spokesperson, under its bylaws the latest the board can respond to Colombia’s request is October 28.

At a GAC session at the ICANN 65 meeting in Marrakech, taking place right now, several ACTO governments have just spent over an hour firmly and publicly protesting ICANN’s actions surrounding .amazon.

They’re still talking as I hit “publish” on this post.

In a nutshell, they believe that ICANN has ignored GAC advice and reneged on its commitment to help Amazon and ACTO reach a “mutually acceptable solution”.

ICANN launches cash-for-kids scheme

ICANN will hand over cash to help community members cover their childcare commitments, the organization announced yesterday.

If you show up to an ICANN public meeting with an ankle-biter under 12 years of age, ICANN will give you up to $750 to cover the cost of babysitting.

You’ll have to show receipts, and ICANN will not cover stuff like travel, lodging, tourism or other costs that parents would have during the normal course of owning a kid.

Only volunteer community members will qualify, not staffers. The full list of rules can be found here.

While the announcement may seem unusual, it does not come out of the blue. There have been a number of public calls, from a handful of single parents, for ICANN to lay on some kind of on-site childcare services over the last several years.

It isn’t doing that, however. Good grief, imagine the optics if ICANN accidentally killed a kid…

Instead, it will only give parents a list of nearby childcare providers, which it will not formally vet or recommend, and let them make their own minds up.

The program is a pilot, and will run at the next three meetings in Montreal, Cancun and Kuala Lumpur.

Time for some more ICANN salary porn

ICANN has filed its tax return for its fiscal 2018, so it’s once again that time of the year in which the community gets to salivate over how much its top staffers get paid.

The latest form 990, covering the 12 months to June 30, 2018, shows that the top 21 ICANN employees were compensated to the tune of $10.3 million, an average of $492,718 each.

That’s up about 4% from $9.9 million in the previous year, an average across the top 21 staffers of $474,396 apiece.

These numbers include base salary, bonuses, and benefits such as pension contributions.

Employee compensation overall increased from $60 million to $73.1 million.

The biggest earner was of course CEO Göran Marby, who is now earning more than his immediate predecessor Fadi Chehadé but a bit less than last-but-one boss Rod Beckstrom.

Marby’s total compensation was $936,585, having received a bonus of almost $200,000 during the year. His base salary was $673,133.

The number of staffers receiving six-figure salaries increased from 159 in fiscal 2017 to 183 — about 44% of its estimated end-of-year headcount.

Towards the end of the reported year, as ICANN faced a budget crunch, many members of the ICANN community had called on the organization to rein in its spending on staff.

ICANN says it targets compensation in the 50th to 75th percentile range for the relevant industry.

The top five outside contractors in the year were:

• Jones Day, ICANN’s go-to law firm. It received $5.4 million, down from $8.7 million in 2017.
• Zensar Technologies, the IT consultancy that develops and supports ICANN software. It received $3.7 million.
• IIS, the Swedish ccTLD registry, which does pre-delegation testing for new gTLDs. It received $1.3 million.
• Iron Mountain, the data escrow provider. It received $1.1 million.
• Infovity, which provides Oracle software support. It received $1 million.

The return shows that ICANN made a loss of $23.9 million in the year, on revenue that was down from $302.6 million to $136.7 million.

The primary reason for this massive decrease in revenue was the $135 million Verisign paid for the rights to run .web, at an ICANN last-resort auction, in ICANN’s fiscal 2017.

The tax form for 2018 can be found here (pdf) and 2017’s can be found here (pdf).