Latest news of the domain name industry

Recent Posts

ICANN Brussels trending topics: security and control

Kevin Murphy, June 21, 2010, Domain Policy

Security and politicking over control of the domain name system’s critical functions emerged as key memes during the opening ceremony of ICANN’s 38th public meeting this morning, here in Brussels.

In a speech that addressed a few controversial topics, ICANN president Rod Beckstrom responded unapologetically to those who had criticised the fairly alarmist tone of his remarks about DNS security at ICANN 37, three months ago.

Directly addressing his Nairobi comments, Beckstrom said:

You may disagree with what I said, and openness to different viewpoints is what makes our community strong. Some have asked why I said what I did. Simple. I said it because I believe it is the truth. And more than twenty years of experience in risk management have taught me that in addressing highly complex systems, it is better to be more concerned about risk than less.

The ccTLD constituency – led by .uk and .au – had been concerned about Beckstrom’s warning in Nairobi, which was made at a meeting of the Governmental Advisory Committee, because they risked giving governments reason to interfere with their country’s ccTLD.

Beckstrom’s keynote addressed the risk of too much government control over the DNS, embodied currently in rumblings about another International Telecommunications Union power grab, with a call to action for all those who support ICANN’s model.

We must face the fact that governments control these institutions. Given the serious proposals for an alternative to our bottom-up, multi-stakeholder model, we must redouble our efforts to support it if we are to protect the global public interest. All our stakeholders must step up to the plate and defend our common interest.

We will of course work closely with the Governmental Advisory Committee. But we need the active involvement of all stakeholders. We need your help, through every means available to you, to counter the misinformation and ensure that governments understand what is at stake when these issues are debated in the UN General Assembly later this year.

Beckstrom’s sentiments on security were echoed by both European Council President Herman Van Rompuy and, in a recorded address, European Commissioner for competition Neelie Kroes.

Kroes, in particular, seemed keen to marry the ideas of security risks and control over the internet’s crucial policy-making functions.

I am hopeful that the expiry of the IANA contract next year will be turned into an opportunity for more international cooperation servicing the global public interests.

But don’t misunderstand me. The internet’s day to day functioning works well, and I’m the first to say that if it isn’t broken don’t fix it. We all have an interest that this wonderful platform for innovation, entrepreneurship and free expression works perfectly well at a technical level. It is a great adventure that must continue to flourish. Yet, does it mean all is well in the cyber world?

Take the issue of security and resilience. We need to fight against spam, identity theft, phishing and other evolving types of crime on the internet. Both the public and private sectors have a joint obligation to act. And that approach has to go hand in hand with ensuring the internet itself is not vulnerable to any large-scale failure, whether as a result of an accident of a deliberate attack.

As I type, Beckstrom is hosting a panel discussion with Whit Diffie, Paul Mockapetris, Steve Crocker and Dan Kaminsky on DNS vulnerabilities in front of a packed audience.

Red Bull wins court case but loses UDRP

Kevin Murphy, June 8, 2010, Domain Policy

Energy drink maker Red Bull has somehow managed to lose a UDRP complaint over the domain name taurusrubens.com, despite having already won a lawsuit against its current registrant.

“Taurus Rubens” was the name of an air show slash performance art piece sponsored by Red Bull, performed at Salzburg airport in August 2003. There’s a clip here on YouTube.

The day before the show, an Austrian man named Reinhard Birnhuber registered taurusrubens.com and rubenstaurus.com and parked them with his ISP.

Two years later, when Red Bull got wise to the registrations, it offered Birnhuber €500 for them. He countered with a demand for a whopping €1 million.

That was in March 2005. One month later, Red Bull secured an Austrian trademark on the term “Taurus Rubens”. It then filed a UDRP complaint with WIPO.

Judging from that WIPO decision, it’s pretty clear that Birnhuber’s registrations were not entirely innocent.

Not only did he ask a ludicrous price for the domains, he also admitted to knowing about the air show when he registered them, he already owned redbullbag.com, and he gave a bunch of reasons about his plans for developing the domains that WIPO didn’t buy.

Nevertheless, because Red Bull had acquired its trademark rights years after the registrations, apparently just so it had standing under the UDRP rules, WIPO dismissed the complaint.

So Red Bull sued in an Austrian commercial court instead, and won.

Birnhuber appealed, and lost.

The court ruled that he had registered the domains in bad faith and that he should turn them over to Red Bull.

But he has apparently so far refused to do so. So Red Bull this year filed a second UDRP complaint with WIPO, asking for the domains to be transferred to it.

And, bizarrely, Red Bull lost.

WIPO this week denied the company’s complaint on the grounds that the the Austrian court’s ruling is irrelevant under UDRP rules, and that the 2005 WIPO decision should stand.

Here’s a Google translation of the relevant bits:

The panel can see in the above circumstances, no new facts or actions that would warrant a new assessment of the case. In this respect, the complainant fails to recognize that not only “new actions” to the resumption of proceedings are necessary, but this also has to be relevant.

The correct legal result is more than the enforcement of that ruling in Austria, especially as the present legal request (transfer of the domain name) covers with the sentencing order of the Austrian court. Since both parties are domiciled in Austria, is likely a priori, no specific enforcement problems arise. WIPO panels can so far do not replace the state authorities.

So, does Birnhuber get his €1 million? I doubt it. But right now he still owns taurusrubens.com.

Council of Europe wants ICANN role

Kevin Murphy, June 7, 2010, Domain Policy

The Council of Europe has decided it wants to play a more hands-on role in ICANN, voting recently to try to get itself an observer’s seat on the Governmental Advisory Committee.

The Council, which comprises ministers from 47 member states, said it “could encourage due consideration of fundamental rights and freedoms in ICANN policy-making processes”.

ICANN’s ostensibly technical mission may at first seem a bit narrow for considerations as lofty as human rights, until you consider areas where it has arguably failed in the past, such as freedom of expression (its clumsy rejection of .xxx) and privacy (currently one-sided Whois policies).

The Council voted to encourage its members to take a more active role in the GAC, and to “make arrangements” for itself to sit as an observer on its meetings.

It also voted to explore ways to help with the creation of a permanent GAC secretariat to replace the current ad hoc provisions.

The resolution was passed in late May and first reported today by IP Watch.

The Council of Europe is a separate entity to the European Union, comprising more countries. Its biggest achievement was the creation of the European Court of Human Rights.

How a company hacked the .eu sunrise to register generic domains

Kevin Murphy, June 6, 2010, Domain Policy

An Austrian company exploited a loophole in EurID’s .eu sunrise period to register dozens of generic .eu domain names, according to the European Court of Justice.

An outfit by the name of Internetportal und Marketing GmbH noticed back in 2005 that European Union regulations covering the .eu launch said that trademarks containing “special characters” could be claimed under the .eu sunrise.

If your trademark contained characters not compatible with normal DNS, such as $ or #, you could ignore those characters when you applied for your trademark as a .eu sunrise period domain.

So, with ingenuity I have to grudgingly admire, Internetportal registered 33 trademarks in Sweden that comprised generic dictionary terms interspersed with those special characters.

By applying under the sunrise period, rather than during the landrush or open registration periods, the company could eliminate most of its competitors for the domain.

Crafty.

The ECJ case concerned the domain reifen.eu – meaning “tyre” “or “tire” in German – but the company apparently also applied to register 180 other generic domains using the same method.

Internetportal registered the trademark “&R&E&I&F&E&N&”, knowing that the ampersands would be ignored by EurID’s policy when it applied for reifen.eu.

It did in fact win the domain, and others, during the sunrise, on the back of its Swedish trademarks.

Unfortunately, a man named Richard Schlicht who held a (later) Benelux trademark on the term “reifen” filed a Alternative Dispute Resolution procedure over the registration in 2006 and won.

Internetportal appealed, and it eventually made its way to ECJ. But Europe’s highest court decided last week that reifen.eu had indeed been registered in bad faith and in violation of the rules.

There’s loads of stuff in the ruling to excite IP lawyers, but as far as I can tell it boils down to one basic common-sense precedent: if you register a trademark purely for the purposes of securing a domain name in a sunrise period, you’re out of luck, at least in Europe.

Given that pretty much all the dictionary terms under .eu have already gone, and that the sunrise period ended years ago, I doubt the finding will have a great deal of immediate practical impact.

But a more general point holds, for those considering applying for a new TLD: if there are loopholes in your sunrise period rules, you can guarantee they will be exploited.

ICANN’s Draft Applicant Guidebook v4 – first reactions

Kevin Murphy, June 1, 2010, Domain Policy

As you probably already know, ICANN late yesterday released version 4 of its Draft Applicant Guidebook, the bible for new top-level domain registry wannabes.

Having spent some time today skimming through the novel-length tome, I can’t say I’ve spotted anything especially surprising in there.

IP interests and governments get more of the protections they asked for, a placeholder banning registries and registrars from owning each other makes its first appearance, and ICANN beefs up the text detailing the influence of public comment periods.

There are also clarifications on the kinds of background checks ICANN will run on applicants, and a modified fee structure that gets prospective registries into the system for $5,000.

DNSSEC, security extensions for the DNS protocol, also gets a firmer mandate, with ICANN now making it clearer that new TLDs will be expected to implement DNSSEC from launch.

It’s still early days, but a number of commentators have already given their early reactions.

Perennial first-off-the-block ICANN watcher George Kirikos quickly took issue with the fact that DAG v4 still does not include “hard price caps” for registrations

[The DAG] demonstrates once again that ICANN has no interests in protecting consumers, but is merely in cahoots with registrars and registries, acting against the interests of the public… registry operators would be open to charge $1000/yr per domain or $1 million/yr per domain, for example, to maximize their profits.

Andrew Allemann of Domain Name Wire reckons ICANN should impose a filter on its newly emphasised comment periods in order to reduce the number of form letters, such as those seen during the recent .xxx consultation.

I can’t say I agree. ICANN could save itself a few headaches but it would immediately open itself up to accusations of avoiding its openness and transparency commitments.

The Internet Governance Project’s Milton Mueller noted that the “Draconian” text banning the cross-ownership of registries and registrars is basically a way to force the GNSO to hammer out a consensus policy on the matter.

Everyone knows this is a silly policy. The reason this is being put forward is that the VI Working Group has not succeeded in coming up with a policy toward cross-ownership and vertical integration that most of the parties can agree on.

I basically agree. It’s been clear since Nairobi that this was the case, but I doubt anybody expected the working group to come to any consensus before the new DAG was drafted, so I wouldn’t really count its work as a failure just yet.

That said, the way it’s looking at the moment, with participants still squabbling about basic definitions and terms of reference, I doubt that a fully comprehensive consensus on vertical integration will emerge before Brussels.

Mueller lays the blame squarely with Afilias and Go Daddy for stalling these talks, so I’m guessing he’s basing his views on more information than is available on the public record.

Antony Van Couvering of prospective registry Minds + Machines has the most comprehensive commentary so far, touching on several issues raised by the new DAG.

He’s not happy about the VI issue either, but his review concludes with a generally ambivalent comment:

Overall, this version of the Draft Applicant Guidebook differs from the previous version by adding some incremental changes and extra back doors for fidgety governments and the IP interests who lobby them. None of the changes are unexpected or especially egregious.

DAG v4 is 312 pages long, 367 pages if you’re reading the redlined version. I expect it will take a few days before we see any more substantial critiques.

One thing is certain: Brussels is going to be fun.