Latest news of the domain name industry

Recent Posts

The Amazon is burning. Is this good news for .amazon?

Kevin Murphy, August 26, 2019, Domain Policy

With the tide of international opinion turning against Brazil due to the ongoing forest fires in the Amazon, could we see governments change their tune when it comes to Amazon’s application for .amazon?

A much higher number of forest fires than usual are currently burning in the region, largely in Brazil, which critics led by environmentalists and French president Emmanuel Macron have blamed on relaxed “slash and burn” farming policies introduced by new Brazilian president Jair Bolsonaro.

The rain forest is an important carbon sink, said to provide 20% of the world’s oxygen. The more of it is lost, the harder it is to tackle climate change, the argument goes.

It’s been an important topic at the Macro-hosted G7 summit, which ends today. Even the bloody Pope has weighed in.

Arguably, the stakes are nothing less than the survival of human civilization and life on Earth itself.

And this is a story about domain names. Sorry. This is a blog about domain names. My hands are tied.

Amazon the company has been fighting governments over its application for .amazon, along with the Chinese and Japanese translations, for over six years.

ICANN’s Governmental Advisory Committee was responsible for killing off .amazon in 2013 after it decided by consensus that Amazon’s application should not proceed.

That decision was only reached after the US, under the Obama administration, decided to abstain from discussions.

The US had been protecting Amazon by blocking GAC consensus, but changed its tune partly in order to throw a bone to world leaders, including then-president of Brazil Dilma Rousseff, who were outraged by CIA analyst Edward Snowden’s revelations of widespread US digital espionage.

After ICANN dutifully followed the GAC advice and rejected Amazon’s gTLD applications, Amazon appealed via the Independent Review Process and, in 2017, won.

The IRP panel ruled that the GAC’s objection had no clear grounding in public policy that could be gleaned from the record. It told ICANN to re-open the applications and evaluate them objectively.

Ever since then, the GAC’s advice to ICANN has been that it must “facilitate a mutually acceptable solution” between Amazon and the eight nations of the Amazon Cooperation Treaty Organization.

ICANN has been doing just that, or at least attempting to, for the last couple of years.

But the two parties failed to come to an agreement. ACTO wants to have essential veto power over Amazon’s use of .amazon, whereas Amazon is only prepared to offer lists of protected names, a minority position in any policy-setting body, and some sweeteners.

In May this year, ICANN’s board of directors voted to move .amazon along towards delegation, noting that there was “no public policy reason” why it should not.

In June, the government of Colombia filed a Request for Reconsideration with ICANN, demanding it reevaluate that decision.

The RfR was considered by ICANN’s Board Accountability Measures Committee at its meeting August 14, but its recommendation has not yet been published. I’m expecting it to be posted this week.

There’s still opportunity for the GAC to cause mischief, or act as a further delay on .amazon, but will it, in light of some country’s outrage over Brazil’s policy over the rain forest?

One could argue that if the nation that has the largest chunk of Amazon within its borders seems to have little regard to its international importance, why should its claim to ownership of the string “amazon” get priority over a big brand that has offered to protect culturally significant words and phrases?

Remember, as the example of the US in 2012/13 shows us, it only takes one government to block a GAC consensus. If Brazil or Peru continue to pursue their anti-Amazon path, could France throw a spanner in the works, smoothing .amazon’s road to delegation?

Anything’s possible, I suppose, but my feeling is that most governments back ACTO’s position largely because they’re worried that they could find themselves in a similar position of having to fight off an application for a “geographic” string in the next gTLD application round.

ICANN names new directors, replaces Facebook exec

Kevin Murphy, August 20, 2019, Domain Policy

ICANN’s Nominating Committee has picked two new directors to join the board of directors this November.

They are: Mandla Msimang, a South African technology policy consultant, and Ihab Osman, a serial director who ran Sudan’s ccTLD two decades ago but whose main current gig appears to be managing a Saudi Arabian dairy company.

Dutch domain industry figure Maarten Botterman, who had a stint heading Public Interest Registry, has been reappointed for his second three-year term.

But Tunisian Khaled Koubaa, head of public policy for North Africa at Facebook, who joined the board with Botterman in 2016 and also previously worked for PIR, is not being asked to return.

Msimang and Osman replace Koubaa and Cherine Chalaby, the current Egyptian-born chair, who after nine years on the board is term-limited.

Basically, it’s two Africans out, two Africans in.

In a statement, NomCom chair Damon Ashcraft noted that the committee had received 56 applications from Africa, more than any other region. Only two applications were received from North Americans.

This is perhaps unsurprising. NomCom had been duty-bound to pick at least one African, in order to maintain ICANN’s bylaws-mandated geographic balance, but there were no spots available for North Americans.

Replacing one male director with one female may also go some way to appease critics — including the ICANN board itself — who have claimed that the board needs to be more gender balanced.

The switch means that, after November, the eight NomCom appointees on the board will be evenly split in terms of gender. However, only seven out of the total 20 directors will be women.

The other directors are selected by ICANN’s various supporting organizations and advisory committees.

NomCom received applications from 42 women and 85 men this year.

ICANN has not yet published the official bios for the two new directors, but here’s what the internets has to say about about them.

Mandla Msimang. Msimang’s career appears to show her playing both hunter and gamekeeper in the South African telecommunications market, first working for the national regulator, and later for leading mobile phone operator Cell C. In 2007 she founded Pygma Consulting, a boutique IT consultancy, which she still runs.

Ihab Osman. Osman’s day job appears to be general manager of NADEC New Businesses, a unit of Nadec, a foods company partly owned by the Saudi government. He’s also president of the US-Sudan Business Council, which seeks to promote trade between the two countries. He has a long career in telecommunications, and from 1997 until 2002 was in charge of Sudan’s .sd ccTLD.

Both new directors will take their seats at the end of ICANN’s annual general meeting in Montreal this November.

There’s no word yet on who’s taking over as chair.

Registrars could be held liable for US gun violence

Kevin Murphy, August 20, 2019, Domain Policy

A US presidential candidate has come out in support of amending the law to make domain name companies liable when customers use their services to incite violence.

Beto O’Rourke, a former member of Congress, stated last week that he wants to amend the Communications Decency Act to hold providers of “domain name servers” liable “where they are found to knowingly promote content that incites violence”.

He’s believed to be the first among the swarm of 2020 Democratic presidential hopefuls to lay out a plan to combat online hate speech.

The proposed amendments to Section 230 of the CDA are part of a sweeping package of reforms O’Rourke is proposing in order to tackle gun violence and domestic terrorism in the US.

He comes from El Paso, Texas, which was the target of a race-based terrorist attack a couple of weeks ago.

He’s also pushing for stricter gun controls, such as compulsory licensing and training.

But I’m not going to get into that stuff here. This is a blog about domain names. I’m British, so you can probably guess what my opinion on guns is.

In terms of online content, O’Rourke’s plan seems primarily aimed at getting the big social media platforms to more heavily moderate the content produced by their users.

But it specifically calls out domain name companies also:

Beto would require large internet platforms to adopt terms of service to ban hateful activities, defined as those that incite or engage in violence, intimidation, harassment, threats, or defamation targeting an individual or group based on their actual or perceived race, color, religion, national origin, ethnicity, immigration status, gender, gender identity, sexual orientation or disability. These companies also would be required to put in place systems designed to identify and act on content violating the terms of service. Platforms must be transparent when they block content and provide for an appeal process in order to guard against abuse.

Beto supports amending Section 230 of the CDA to remove legal immunity from lawsuits for large social media platforms that fail to change their terms of service and put in place systems as described above. Informational service providers of all sizes, including domain name servers and social media platforms, also would be held liable where they are found to knowingly promote content that incites violence.

Should registrars be worried about this?

If the legal test was that registrars “knowingly promote content that incites violence”, that seems like a pretty high bar.

I’m not convinced even Epik, which has come under fire for providing domain services to the likes of Stormfront and 8chan — both of which O’Rourke cites in his policy — “knowingly promotes” incitements to violence.

That’s not to say that registrars couldn’t find themselves prosecuted or sued anyway, of course.

O’Rourke is not a current front-runner in the Democrat presidential pack. While still in the race, he’s towards the bottom of the top 10, polls suggest.

What O’Rourke’s policy statement does suggest is that the regulation of online speech could become a significant issue in the 2020 election, and that the domain name industry in the US could find itself a political football in an extremely divisive game.

Can NameCheap reverse .org price cap scrap?

Kevin Murphy, July 25, 2019, Domain Policy

NameCheap has taken it upon itself to fight ICANN’s decision to remove price increase caps on .org. But does it stand a snowball’s chance in hell of winning?

The registrar has filed a Request for Reconsideration with ICANN, appealing the organization’s signing of a Registry Agreement with Public Interest Registry that allows PIR to raise prices by however much it wants, more or less whenever that it wants.

NameCheap, which had over 390,000 .org domains under management at the last count, says it is fighting for 700-odd of its customers whose comments, filed with ICANN, were allegedly not taken into account when the decision was made, along with registrars and everyone else that may be adversely impacted by unfettered .org price increases.

NameCheap thinks its business could be harmed if price increases are uncapped, with customers perhaps letting their domains expire instead of renewing. It’s RfR states:

The decision by ICANN org to unilaterally remove the price caps when renewing legacy TLDs with little (if any) evidence to support the decision goes against ICANN’s Commitments and Core Values, and will result in harm to millions of internet users throughout the world.

Unrestricted price increases for legacy TLDs will stifle internet innovation, harm lesser served regions and groups, and significantly disrupt the internet ecosystem. An incredible variety of public comments was submitted to ICANN from all continents (except Antarctica) imploring ICANN to maintain the legacy TLD price caps — which were completely discounted and ignored by ICANN org.

Before the new contract was signed, PIR was limited to a 10% increase in its .org registry fee every year. It didn’t always exercise that right, and has said twice in recent months that it still has no plans to increase its prices.

The new contract — which has already been signed and is in effect — was subjected to a public comment period that attracted over 3,200 comments, almost all of them expressing support for maintaining the caps.

Despite not-for-profit PIR’s protestations, many commenters came from the position that giving PIR the power to increase its fee without limit would very possibly lead to price gouging.

That ICANN allegedly “ignored” these comments is the key pillar of NameCheap’s RfR case.

The public comment period was a “sham”, the registrar claims.

But is this enough to make ICANN change its mind and (somehow) unsign the .org contract?

There are three ways, under ICANN’s bylaws, to win an RfR.

Requestors can show that the board or staff did something that contradicts “ICANN’s Mission, Commitments, Core Values and/or established ICANN policy(ies)”

They also win if they can show the decision was was taken “without consideration of material information” or with “reliance on false or inaccurate relevant information”.

It’s quite a high bar, and most RfRs are rejected by the Board Accountability Mechanisms Committee, which is the court of first instance for reconsideration requests.

Requestors rarely show up with sufficient new information sufficiently persuasive to kick the legs from under ICANN’s original decision, and the question of something contradicting ICANN’s core principles is usually a matter of interpretation.

For example, in this case, NameCheap is arguing that failing to side with the commenters who disagreed with the removal of price caps amounts to a breach of ICANN’s Core Value to make all decisions in consultation with stakeholders:

The ICANN org will decide whether to accept or reject public comment, and will unilaterally make its own decisions — even if that ignores the public benefit or almost unanimous feedback to the contrary, and is based upon conclusory statements not supported by the evidence. This shows that the public comment process is basically a sham, and that ICANN org will do as it pleases in this and other matters.

But one of ICANN’s stated reasons for approving the contract was to abide by its Core Value to depend “on market mechanisms to promote and sustain a competitive environment in the DNS market”. It doesn’t want to be a price regulator, in other words.

So we have a clash of Core Values here. It will be pretty easy for ICANN’s lawyers — who drafted the contract and will draft the resolutions of the BAMC and the full board — to argue that the Core Values were respected.

I think NameCheap is going to have a hard time here.

Even if it were to win, how on earth does one unsign a contract? As far as I can tell, ICANN has no termination rights that would apply here.

Where the RfR will certainly succeed is to force the ICANN board itself to take ownership, on the record, of the .org contract decision.

As ICANN explained to DI earlier this month, while the board was very much kept in the loop on the state of negotiations, it was senior staff that made all the calls on the new contract.

But an RfR means that the BAMC, which comprises five directors, will first have to raise their hands to confirm the .org decision was kosher.

NameCheap will then get a chance to file a rebuttal before the BAMC decision is handed to the full ICANN board for a confirmatory vote.

While the first two board discussions of the .org contract were not minuted, the bylaws contain an interesting feature related to RfRs that I’d never noticed before today:

If the Requestor so requests, the Board shall post both a recording and a transcript of the substantive Board discussion from the meeting at which the Board considered the Board Accountability Mechanisms Committee’s recommendation.

I sincerely hope NameCheap invokes this right, as I think it’s pretty important that we get some additional clarity on ICANN’s thinking here.

Airline hit with $230 million GDPR fine

Kevin Murphy, July 8, 2019, Domain Policy

British Airways is to be fined £183.39 million ($230 million) over a customer data breach last year, by far the biggest penalty to be handed out under the General Data Protection Regulation to date.

This story is not directly related to the domain name industry, but it does demonstrate that European data protection authorities are not messing about when it comes to GDPR enforcement.

About 500,000 BA customers had their personal data — including full payment card details — stolen by attackers between June and September last year, the UK Information Commissioner’s Office said today..

It is believed that they obtained the data not by hacking BA’s database, but rather by inserting a script hosted by third-party domain that executed whenever a customer transacted with the site, allowing credentials to be captured in real time.

The ICO said its decision to fine $183.39 million — which amounts to more than 1.5% of BA’s annual revenue — is preliminary and can be appealed by BA.

Under GDPR, which came into effect in May 2018, companies can be fined up to 4% of revenue.

The biggest pre-GDPR fine is reportedly the £500,000 penalty that Facebook was given due to the Cambridge Analytica scandal.

GDPR is of course of concern to the domain industry due to the ongoing attempts to make sure Whois databases are compliant with the laws.