Latest news of the domain name industry

Recent Posts

Hundreds of words and acronyms banned from .au, domains frozen

Kevin Murphy, February 8, 2018, Domain Policy

auDA has added hundreds of words, phrases and acronyms to its list of strings that are banned in .au and locked domains containing those strings.

There were only about 40 strings on the old banned list; now it’s closer to 300.

auDA has added to the list the names of brands protected by direct legislation, such as “Australian Motorcycle Grand Prix” and “Australian Defence Force Reserves”.

Also, phrases such as “What a Great Place for the Great Race” and “Commonwealth games Bronze”.

But what will be most concerning for non-cybersquatter .au registrants will be the acronyms and dictionary words that have been added.

These include the word “university” and acronyms such as “ran”, “adi” and “ara”, which could quite easily appear as substrings of legitimate words such as “grandma”, “radio” and “karate”.

Registrants of domains that exactly match the newly banned strings will find themselves unable to renew those domains, according to an auDA FAQ:

All words, phrases or acronyms on the list at Schedule A have been blocked from registration at the Registry. If you believe that you should be able to renew the domain name, you will need to demonstrate to your Registrar and auDA that you have Ministerial consent to use the domain name or your use of the domain name does not attract the restriction.

If there’s only a partial, substring match, registrants won’t be able to transfer the domain to a different registrant, according to the FAQ:

auDA has placed a lock on domain names that contain words, phrases or acronyms which appear on the list in Schedule A to prevent the transfer of these names to third parties. auDA will remove the lock where registrants can provide the requisite consent, or demonstrate that the use of the domain name does not attract the restriction.

The list was expanded following an auDA policy review that looked at what words are protected under Australian legislation.

The review itself acknowledged that the banned list is a bit of a blunt instrument, as in many cases it’s not the string that is banned but rather the use of the string.

Presumably, if you own “karate.com.au” it will be fairly straightforward to show you’re not infringing the rights of the Australian Regular Army.

The registry’s advice to registrants who believe their names are affected is to lawyer up:

Registrants are encouraged to check whether their domain name/s contain any words, abbreviations, acronyms or phrases appearing on the Schedule. If a name appears on the Schedule, registrants should seek independent legal advice on appropriate action. auDA cannot provide legal advice.

The new list of banned words can be found here. I’ve taken a screen capture of the old list from Google’s cache of January 20, here.

Full $185,000 refunds offered to risky new gTLD applicants

Kevin Murphy, February 8, 2018, Domain Policy

ICANN is to offer applicants for three new gTLDs identified as too risky to go live full refunds of their application fees.

Its board of directors acknowledged at its weekend retreat that it has no intention of delegating .corp, .home and .mail, and that each applicant should be able to get their entire $185,000 application fee back.

The applicants will have to withdraw their applications in order to get the refund.

Ordinarily, withdrawing an application would only qualify the applicants for a partial refund.

The ICANN board said in its resolution that it “does not intend to delegate the strings .CORP, .HOME, and .MAIL in the 2012 round of the New gTLD Program”.

It added that “the applicants were not aware before the application window that the strings .CORP, .HOME, and .MAIL would be identified as high-risk, and that the delegations of such high-risk strings would be deferred indefinitely.”

The three strings are considered risky because they already receive vast amounts of “name collision” traffic, largely from DNS queries that leak out from private networks.

There’s a concern that delegating any of them would create a big security risk in terms of confidential data leakage and stuff just generally breaking.

It’s been six years since the last new gTLD application window was open, and some applicants for the strings abandoned their bids years ago.

There are five remaining .corp applicants (and one withdrawal), five for .mail (two withdrawals) and ten for .home (one withdrawal).

The refunds will be taken from ICANN’s separate new gTLD program budget so presumably will not have an impact on its current operating budget woes.

The board noted that technically it did not have to give full refunds, under the terms of the Applicant Guidebook, but that it was doing so in the interest of “fairness”.

This may come as little comfort to applicants whose money has been tied up in limbo for the last six years.

dotgay lawyer insists it is gay enough for .gay gTLD

Kevin Murphy, February 6, 2018, Domain Policy

What do Airbnb, the Stonewall riots and the 2016 Orlando nightclub shooting have in common?

They’re all cited in a lengthy, somewhat compelling memo from a Yale law professor in support of dotgay LLC’s argument that it should be allowed to proceed with its .gay gTLD application unopposed by rival applicants.

The document (pdf), written by William Eskridge, who has decades of publications on gay rights under his belt, argues that dotgay’s Community Priority Evaluation and the subsequent review of that evaluation were both flawed.

At the crux of the dispute is whether the word “gay” can also be used to describe people who are transgender, intersex, and “allied” straight — dotgay says it can, but the Economist Intelligence Unit, which carried out the CPE, disagreed.

dotgay scored 10 out of 16 points on its CPE, four shy of a passing grade. An acceptance of dotgay’s definition of the “gay” community could have added 1 to 4 extra points to its score.

The company also lost a point due to an objection from a gay community center, despite otherwise broad support from gay-oriented organizations.

Eskridge spends quite a lot of time on the history of the word “gay”, from Gertrude Stein and Cary Grant using it as a wink-wink code-word in less-tolerant times, via the 1969 Stonewall riots, to today’s use in the media.

The argument gets a bit grisly when it is pointed out that some of the 49 people killed in the 2016 mass shooting at the Pulse nightclub in Orlando, Florida — routinely described as a “gay” club in the media — were either transgender or straight.

My research associates and I read dozens of press and Internet accounts of this then-unprecedented mass assault by a single person on American soil. Almost all of them described Pulse as a “gay bar,” the situs for the gay community. But, like the Stonewall thirty-seven years earlier, Pulse was a “gay bar” and a “gay community” that included lesbians, bisexual men and women, transgender persons, queer persons, and allies, as well as many gay men.

Eskridge argues that EIU erred by applying an overly strict definition of the applied-for string with dotgay, but not with successful community applicants for other strings.

For example, he argues, a manufacturer of facial scrubs would qualify for a “.spa” domain, and Airbnb and the Orient Express train line would qualify for “.hotel” domains under that applicant’s definition of its community, even though it could be argued that they do not fit into the narrow categories of “spas” and “hotels”.

Similarly, a transgender person may not consider themselves “gay” and a straight person certainly would not, but both might feel a part of the broader “gay community” when they get shot at a gay nightclub.

It’s an unpleasant way to frame the argument, but in my view it’s compelling nevertheless.

Eskridge also thinks that dotgay should have picked up an extra point or two in the part of the CPE dealing with community support.

It dropped one point there because the Q Center, a community center for LGBTQ people in Portland, Oregon, sent a letter objecting to the dotgay application (an objection apparently later revoked, then reinstated).

Eskridge spend some time questioning the Q Center’s bona fides as a big-enough organization to warrant costing dotgay a point, noting that it was the only member of a 200-strong umbrella organization, CenterLink, to object. CenterLink itself backed the bid.

He then goes on to cite articles seemingly showing that Q Center was in the midst of some kind of liberal paranoia meltdown — accused of racial insensibility and “transphobia” — and allegations of mismanagement at about the same time as it was objecting to dotgay’s application.

He also insinuates that Q’s base in Portland is suspicious because it’s also where rival applicant Top Level Design is based.

In summary, Eskridge reckons the EIU CPE and FTI Consulting’s subsequent investigation were both flimsy in their research, unfairly applying criteria to .gay that they did not apply to other strings, and that dotgay should have picked up enough points to pass the CPE.

It’s important to remember that this is not a case of ICANN getting decide whether the gTLD .gay gets to exist — it’s going to exist one way or the other — but rather whether the winning registry is selected by auction or not.

If dotgay wins either by getting another CPE or winning the auction then .gay will be restricted to only vetted members of the “gay” community. This could mean less homophobic abuse in .gay domains but probably also less opportunity for self expression.

If it goes to Top Level Design, MMX or Donuts, it will be open to all comers. That could increase cyber-bulling with .gay domains, but would remove barriers to entry to those who would otherwise be excluded from registering a domain.

ICANN has had .gay on hold for years while the dispute over the CPE has worked itself out, and it now has a piece of paper from FTI declaring the result hunky-dory. I doubt there’s any appetite to reopen old wounds.

My feeling is that we’re looking at an auction here.

CPE probe: “whitewash” or “fig leaf”?

Kevin Murphy, January 31, 2018, Domain Policy

A few weeks ago, when I was reporting the conclusions of a probe into ICANN’s new gTLD program, I wrote a prediction on a piece of paper and placed it into a sealed envelope.*

I wrote: “They’re gonna call this a whitewash.”

And I was correct! Ta-dah! I’m here all week.

The lawyer for applicants for .music and .gay gTLDs has written to ICANN to complain that a purportedly independent review of the Community Evaluation Process was riddled with errors and oversights and should not be trusted.

In a letter on behalf of dotgay LLC, Arif Ali calls the report a “whitewash”. In a letter on behalf of DotMusic, he calls it a “fig leaf”.

Both companies think that the CPE probe was designed to give ICANN cover to proceed with auctions for five outstanding gTLD contention sets, rather than to get to the bottom of perceived inconsistencies in the process.

Both of Ali’s clients applied for their respective gTLDs as “community” applicants, trying to avoid auctions by using the Community Priority Evaluation process.

During their CPEs, both carried out by the Economist Intelligence Unit, neither applicant scored highly enough to win the exclusive right to .gay or .music, meaning the next stage was to auction the strings off to the highest bidder.

After repeated complaints from applicants and an Independent Review Process finding that ICANN lacked transparency and that staff may have had inappropriate influence over the EIU, ICANN hired FTI Consulting to look into the whole CPE process.

FTI’s report was finally delivered late last year, clearing ICANN on all counts of impropriety and finding that the EIU’s evaluations had been consistent across each of the applications it looked at.

The remaining gTLDs affected by this are .music, .gay, .hotel, .cpa, and .merck.

ICANN’s board of directors is due to meet to discuss next steps this weekend, but Ali says that it should “critically evaluate the [FTI] Report and not accept its wholesale conclusions”. He wrote, on behalf of DotMusic:

The report reveals that FTI’s investigation was cursory at best; its narrow mandate and evaluation methodology were designed to do little more than vindicate ICANN’s administration of the CPE process.

It is evident that FTI engaged in a seemingly advocacy-driven investigation to reach conclusions that would absolve ICANN of the demonstrated and demonstrable problems that afflicted the CPE process.

Among the applicants’ list of complaints: their claim that FTI did not interview affected applicants or take their submissions seriously, and the fact that ICANN was less than transparent about who was conducting the probe and what its remit was.

The same letter quotes ICANN chair Cherine Chalaby, then vice-chair, saying in a January 2017 webinar that he had observed inconsistencies in how the CPEs were carried out; inconsistencies FTI has since found did not occur.

That should be enough to provoke discussion when the board meets to discuss this and other issues in Los Angeles on Saturday.

* I didn’t actually do this of course, I just thought about it, but you get my point.

US and EU call for Whois to stay alive

Kevin Murphy, January 31, 2018, Domain Policy

Government officials from both sides of the Atlantic have this week called on ICANN to preserve Whois as it currently is, in the face of incoming EU privacy law, at least for a select few users.

The European Commission wrote to ICANN to ask for a “pragmatic and workable solution” to the apparent conflict between the General Data Protection Regulation and the desire of some folks to continue to access Whois as usual.

Three commissioners said in a letter (pdf) that special consideration should be given to “public interests” including “ensuring cybersecurity and the stability of the internet, preventing and fighting crime, protecting intellectual property and copyright, or enforcing consumer protection measures”.

David Redl, the new head of the US National Telecommunications and Information Administration, echoed these concerns in a speech at the State of the Net conference in Washington DC on Monday.

Redl said that the “preservation of the Whois service” is one of NTIA’s top two priorities at the moment. The other priority is pressing for US interests in the International Telecommunications Union, he said.

Calling Whois “a cornerstone of trust and accountability for the Internet”, Redl said the service “can, and should, retain its essential character while complying with national privacy laws, including the GDPR.”

“It is in the interests of all Internet stakeholders that it does,” he said. “And for anyone here in the US who may be persuaded by arguments calling for drastic change, please know that the US government expects this information to continue to be made easily available through the Whois service.”

He directly referred to the ability of regular internet users to access Whois for consumer protection purposes in his speech.

The European Commission appears to be looking at a more restrictive approach, but it did offer some concrete suggestions as to how GDPR compliance might be achieved.

For example, the commissioners’ letter appears to give tacit approval to the idea of “gated” access to Whois, but called for access by law enforcement to be streamlined and centralized.

It also suggests throttling as a mechanism to reduce abuse of Whois data, and makes it clear that registrants should always be clearly informed how their personal data will be used.

The deadline for GDPR compliance is May this year. That’s when the ability of EU countries to start to levy fines against non-compliant companies, which could run into millions of euros, kicks in.

While ICANN has been criticized by registries and registrars for moving too slowly to give them clarity on how to be GDPR-compliant while also sticking to the Whois provisions of their contracts, its pace has been picking up recently.

Two weeks ago it called for comments on three possible Whois models that could be used from May.

That comment period ended on Monday, and ICANN is expected to publish the model upon which further discussions will be based today.