Latest news of the domain name industry

Recent Posts

ICANN execs helped African Union win .africa — report

Kevin Murphy, July 16, 2015, Domain Policy

Top ICANN executives helped the African Union Commission win the .africa gTLD on behalf of its selected registry, according to a report.

Kieren McCarthy at The Register scooped last night that Dai-Trang Nguyen, head of gTLD operations at ICANN, drafted the letter that the AU used to demonstrate governmental support for ZA Central Registry’s bid.

The basis of the report is the unredacted version of the Independent Review Process panel’s ruling in the DotConnectAfrica case.

McCarthy reports that the uncensored document shows ICANN admitting that Nguyen wrote the AU’s letter, but that “did not violate any policy” and that there was “absolutely nothing wrong with ICANN staff assisting the AUC.”

Apparently, the original AU-drafted letter did not meet the requirements of the Geographic Names Panel, generating a “Clarifying Question”, so the AU reached out to ICANN for help creating a letter that would tick the correct boxes.

The unredacted ruling also contains an allegation that ICANN told InterConnect — one of the three corporate members of the GNP — that the AU’s letter should be taken as representing all of its member states, El Reg reports.

DotConnectAfrica is expected to be shortly returned to the new gTLD application process, and then kicked out again due to its failure to meet the GNP’s criteria of support from 60% of African governments.

I’m in two minds about how damaging these new revelations are.

On the one hand, ICANN staff intervening directly in an Initial Evaluation for a contested gTLD looks incredibly bad for the organization’s neutrality.

One would not expect ICANN to draft, for example, a letter of support for a Community Priority Evaluation applicant.

I don’t think it changes the ultimate outcome for DCA, but it may have inappropriately smoothed the path to approval for ZACR.

On the other hand, the new gTLD program’s Applicant Guidebook actually contains a two-page “Sample Letter of Government Support” that governments were encouraged to print off on letterheaded paper, sign, and submit.

Giving governments assistance with their support letters was in fact baked into the program from the start.

So did the AUC get special treatment in this case, or did Nguyen just send over the AGB sample letter (or a version of it)? That may or may not become clear if and when McCarthy publishes the unredacted ruling, which he has indicated he hopes to do.

A related question might be: how did the AUC screw up its original letter so badly, given the existence of a compliant sample letter?

The optics are many times worse for ICANN because all this stuff was originally redacted, making it look like ICANN was trying to cover up its involvement.

But the redactions were not a unilateral ICANN decision.

ICANN, DCA and the IRP panel agreed after negotiation that some documents revealed during disclosure should be treated confidentially, according to this September 2014 order (pdf). References to these documents were redacted in all of the IRP’s documents, not just the ruling.

What the revelations certainly seem to show is another example of ICANN toadying up to governments, which really has to stop.

DotConnectAfrica still barking mad after IRP win

Kevin Murphy, July 13, 2015, Domain Policy

DotConnectAfrica thinks it is going to get the .africa gTLD, following its successful Independent Review Process case against ICANN.

In a press release today, the company hailed last week’s ruling as a “resounding victory”.

DCA CEO Sophia Bekele is quoted as saying:

Going forward, we now expect ICANN to accept the binding IRP outcome, refrain from any further plans to delegate .Africa to the ZA Central Registry who should now be removed immediately from the new gTLD program; and cooperate fully with DCA Trust to ensure that the IRP Panel ruling is implemented so that .Africa can be delegated to DotConnectAfrica Trust

That’s right, Bekele reckons the IRP win means ICANN has to kick rival .africa applicant ZACR — which has already signed a Registry Agreement for the string — out of the new gTLD program.

Needless to say, it doesn’t.

The IRP panel refused DCA’s demands that ZACR be kicked out, and by ruling against DCA on a number of other counts, it essentially signed its application’s death warrant.

Bekele goes on to make three startling assertions about the case that have little to no basis in the IRP panel’s ruling:

During the IRP, DotConnectAfrica Trust clearly established three major findings: that ZA Central Registry lacked any valid endorsements for the .Africa string that it applied for; and that the purported Governmental Advisory Committee Objection Advice against our .Africa application was not by consensus; and that the ICANN Board had seriously erred in accepting the GAC Advice. The truth has prevailed and we are absolutely happy with the IRP Panel decision.

“I also give thanks to God for helping to correct this act of victimization that was committed against DCA Trust,” she added.

I’m not making that up. She really said that.

In Bekele’s opinion, DCA “established” three major findings, but “alleged” would be a better word. The IRP panel largely disagreed with or ignored the claims.

First, there’s nothing in the IRP’s decision that shows ZACR “lacked any valid endorsement” for its .africa bid.

ZACR has the unambiguous support of the African Union and says on its web site it has backing from 78% of African nations. The IRP declaration doesn’t even mention these endorsements, let alone question them.

Second, the IRP panel does not say that the GAC’s advice against DCA’s application lacked consensus. It says it lacked fairness and transparency, but did not dispute that it had consensus.

Third, the IRP did not conclude that ICANN should not have accepted that GAC advice, just that it should have carried it a bit more due diligence.

Finally, there’s nothing in the IRP’s declaration that gives DCA a chance of winning the .africa gTLD. In fact, the panel specifically decided not to give DCA that chance.

The closest the panel came to addressing any of DCA’s myriad accusations of ICANN wrongdoing is described in its ruling:

DCA Trust has criticized ICANN for its various actions and decisions throughout this IRP and ICANN has responded to each of these criticisms in detail. However, the Panel, having carefully considered these criticisms and decided that the above is dispositive of this IRP, it does not find it necessary to determine who was right, to what extent and for what reasons in respect to the other criticisms and other alleged shortcomings of the ICANN Board identified by DCA Trust.

So what happens to .africa now?

ICANN’s board of directors will discuss the IRP declaration at its next meeting, July 28, so we don’t yet know for certain how things will proceed.

However, some things seem safe bets.

The IRP panel suggested that ICANN should continue to refrain from delegating .africa, which has been on hold since May 2014, to ZACR. I think it likely that ICANN will follow this recommendation.

It also seems possible that ICANN may decide to reconsider (that is, consider again, rather than necessarily overturn) its decision to accept the GAC’s consensus objection to DCA’s .africa bid.

The panel’s key criticism of ICANN was that it failed to seek a rationale from the GAC for its objection. So ICANN may decide to seek such a rationale before reconsidering the advice.

The panel also told ICANN that DCA’s application, which had been rejected, should re-enter the application process.

Assuming ICANN accepts this recommendation (and I think it will, given the political climate), the first step would to be for DCA to finish its Initial Evaluation. ICANN rejected the DCA bid, based on GAC advice, before the IE panels finalized their evaluation DCA’s application.

Part of the IE process is the Geographic Names Review, which determines whether a string is “geographic” under ICANN’s definition and whether the applicant has the necessary support — 60% of national governments in .africa’s case — to be allowed to proceed.

DCA does not have this support, and it knows that this means its application is on life support.

It had asked the IRP panel to rule that ICANN should either give it 18 months to try to gather support, or to rule that it already has the support, essentially trying to lawyer itself into a position where it had a shot of winning .africa.

But the panel rejected both of these demands.

While DCA seems to have given up trying to convince people that its 2009 letter of support from the AU is still valid, it still holds that a 2008 letter from the executive secretary of the United Nations Economic Commission for Africa shows the requisite 60% support.

I don’t know whether this letter was ever formally withdrawn, but UNECA is today listed as a ZACR supporter.

However, even if the Geographic Names Panel ruled that DCA had passed its 60% threshold, the application would still fail the geographic review.

The rules state that “there may be no more than one written statement of objection” from an affected government, and DCA received GAC Early Warnings from 16 national governments as well as the AU itself.

No matter what DCA says in its press releases now, its application is still doomed.

New gTLD program thrown into chaos as ICANN loses .africa case

Kevin Murphy, July 11, 2015, Domain Policy

ICANN has been opened up to a world of hurt after an independent panel of judges ruled that the organization broke its own bylaws when it kicked DotConnectAfrica’s .africa bid out of the new gTLD program.

The what-the-fuck ruling cuts to the very heart of how ICANN deals with advice from its Governmental Advisory Committee, which comes out of the case looking like a loose canon with far too much power to sway the ICANN board.

Witness testimony published in the panel’s opinion sheds humiliating light on the GAC’s self-defeating habit of supplying ICANN with deliberately vague advice, a practice described by its former chair under oath as “creative ambiguity”.

The ruling does not, however, give DCA a serious shot at winning the .africa gTLD, which has already been contracted to rival ZA Central Registry. More delay is, however, inevitable.

The Independent Review Panel said:

the Panel is of the unanimous view that certain actions and inactions of the ICANN Board (as described below) with respect to the application of DCA Trust relating to the .AFRICA gTLD were inconsistent with the Articles of Incorporation and Bylaws of ICANN.

It also unanimously ruled that ICANN should un-reject DCA’s application and allow it to continue through the application process and that ICANN should bear the full $600,000+ cost of the IRP, not including DCA’s legal fees.

It’s an important ruling, especially coming as ICANN seeks to extricate itself from US government oversight, because it implicitly calls on ICANN’s board to treat GAC advice with much less deference.

What’s the backstory?

DCA and ZACR have competing applications for .africa, which is a protected geographic string.

Under new gTLD program rules, only an applicant with support from over 60% of African national governments can be approved. ZACR’s support far exceeds this threshold, whereas DCA enjoys little to no government support at all.

The ICANN board’s New gTLD Program Committee rejected the DCA bid in June 2013, before its Initial Evaluation (which includes the Geographic Names Review) had been completed, based on the GAC’s April 2013 Beijing communique advice.

That advice invoked the GAC’s controversial (and vaguely worded) powers to recommend against approval of any application for any reason, as enshrined in the Applicant Guidebook.

A subsequent Request for Reconsideration (IRP lite) filed by DCA was rejected by ICANN’s Board Governance Committee.

An IRP is the last avenue community members have to challenge ICANN’s actions or inaction without resorting to the courts.

DCA filed its IRP complaint in October 2013 and amended it in January 2014, claiming ICANN broke its own bylaws by rejecting the DCA application based on GAC advice.

Despite the IRP, ICANN went ahead and signed a Registry Agreement with rival ZACR in the May and was just days away from delegating .africa when the IRP panel ordered the process frozen.

The case dragged on, partly because one of the original three-person panel died and had to be replaced, the delay causing much consternation among African GAC members.

What did the IRP panel finally rule?

Yesterday’s ruling avoided deciding on or even commenting on any of DCA’s crazy conspiracy theories, instead limiting itself to the question of whether ICANN’s board and committees acted with bylaws-mandated transparency, fairness and neutrality.

It found that the GAC itself did not act according to these principles when it issued its Beijing advice against DCA.

It found that ICANN did not “conduct adequate diligence” when it accepted the advice, nor did the BGC or NGPC when they were processing the RfR.

In light of the clear “Transparency” obligation provisions found in ICANN’s Bylaws, the Panel would have expected the ICANN Board to, at a minimum, investigate the matter further before rejecting DCA Trust’s application.

ICANN did not do that, the panel decided, so it broke its bylaws.

both the actions and inactions of the Board with respect to the application of DCA Trust relating to the .AFRICA gTLD were not procedures designed to insure the fairness required… and are therefore inconsistent with the Articles of Incorporation and Bylaws of ICANN.

Does this mean DCA gets .africa?

No. The IRP panel ruled that DCA’s application must re-enter the application process, presumably at the point it exited it.

DCA’s application never had a final Initial Evaluation result issued. If it were to re-enter IE today, it would certainly be failed by the Geographic Names Panel because it lacks the requisite support of 60% of African governments.

DCA wanted the panel to rule that it should have 18 months to try to secure the needed support, but the panel refused to do so.

The application is still as good as dead, but ICANN will need to go through the motions to actually bury it.

In the meantime, ZACR’s delayed delegation of .africa is to remain on hold.

How embarrassing is this for the GAC?

Hugely. Verbal testimony from Heather Dryden, who was GAC chair at the time of the Beijing meeting, highlights what I’ve been saying for years: GAC advice is regularly so vaguely written as to be useless, inconsistent, or even harmful.

Dryden told the panel at one point: “In our business, we talk about creative ambiguity. We leave things unclear so we don’t have conflict.”

The IRP panel took a dim view of Dryden’s testimony, writing that she “acknowledged during the hearing, the GAC did not act with transparency or in a manner designed to insure fairness.”

The ruling quotes large chunks of text from the hearing, during which Dryden was grilled about the GAC’s rationale for issuing a consensus recommendation against DCA.

Dryden responded by essentially saying that the GAC did not discuss a rationale, and that there was “deference” to the governments proposing consensus objections in that regard.

ARBITRATOR KESSEDJIAN: So, basically, you’re telling us that the GAC takes a decision to object to an applicant, and no reasons, no rationale, no discussion of the concepts that are in the rules?

[DRYDEN]: I’m telling you the GAC did not provide a rationale. And that was not a requirement for issuing a GAC —

HONORABLE JUDGE CAHILL: But you also want to check to see if the countries are following the right — following the rules, if there are reasons for rejecting this or it falls within the three things that my colleague’s talking about.

[DRYDEN]: The practice among governments is that governments can express their view, whatever it may be. And so there’s a deference to that. That’s certainly the case here as well.

This and other quoted sections of the hearing depict the GAC as a body that deliberately avoids substantive discussions and deliberately provides unclear advice to ICANN, in order to avoid offending its members.

Does this mean all GAC advice on new gTLDs is open to appeal now?

Maybe. There are numerous instances of the ICANN board accepting GAC advice without demanding an explanation from the GAC.

At a bare minimum, the applicant for .gcc, which was rejected in the same breath as .africa, now seems to have a case to appeal the decision. The applicant for .thai is in a very similar situation.

Amazon’s lawyers will no doubt also be poring over yesterday’s decision closely; its .amazon bid was also killed off by GAC advice.

But in the case of .amazon, it would be hard to argue it was a .africa-style summary execution. ICANN took extensive advice and delayed its decision for a long time before killing off that application.

The ruling essentially calls the part of the Applicant Guidebook that gives the GAC its strong advisory powers over new gTLD applications into question.

Literally hundreds of new gTLD applications were affected by the Beijing communique.

Anything else of note?

Yes.

First, large parts of the decision have been redacted. The redactions mostly appear to relate to sensitive documents disclosed between the parties (reading between the lines, I think some of them related to DCA’s purported support from a certain African government) that the panel ruled should remain private last September.

Second, the decision inexplicably quotes the ICANN bylaws text “MISSION AND CORE VALUES” as “MISSION AND CORE (Council of Registrars) VALUES”, in what appears to be a weird search-and-replace error by an unknown party. CORE (Council of Registrars) is of course a registry back-end provider with apparently no involvement in .africa whatsoever.

Third, it seems I’ve been elected Pope. I hereby select “Dave” as my Papal name and will commence my program of donating all Church assets to the poor forthwith.

ICANN dragged into Gamergate as Whois reform cast as misogynist threat

Kevin Murphy, July 2, 2015, Domain Policy

What do ICANN’s current Whois privacy reform proposals have to do with the “Gamergate” controversy?

Quite a lot, according to the latest group to slam the proposals as an enabler for “doxing… harassment… swatting… stalking… rape and death threats.”

The Online Abuse Prevention Initiative was formed in March by female software developers in the wake of a sexism slash online abuse scandal that continues to divide the video game community.

Led by Randi Harper, OAPI’s first public move was to today write to ICANN to complain about the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

The report, as previously reported, contains a minority opinion that would ban transactional e-commerce sites from using Whois privacy services.

OAPI said today that this posed a risk of “doxing” — the practice of publishing the home address and other personal information about someone with the aim to encourage harassment — and “swatting”, where people call up America’s notoriously trigger-happy cops to report violent crimes at their intended victim’s home address.

Harper, who was one of the targets of the Gamergate movement (Google her for examples of the vitriol) claims to have been a victim of both. The OAPI letter says she “was swatted based on information obtained from the WHOIS record for her domain.”

The letter, which is signed by groups including the Electronic Frontier Foundation, the National Network to End Domestic Violence, the National Council of Women’s Organizations, and dozens of noted digital rights voices, says:

We strongly oppose the Working Group’s proposal, which will physically endanger many domain owners and disproportionately impact those who come from marginalized communities. People perceived to be women, nonwhite, or LGBTQ are often targeted for harassment, and such harassment inflicts significant harm

Even the most limited definition of a “website handling online financial transactions for commercial purpose” will encompass a wide population that could be severely harmed by doxing, such as:

  • women indie game developers who sell products through their own online stores
  • freelance journalists and authors who market their work online
  • small business owners who run stores or businesses from their homes
  • activists who take donations to fund their work, especially those living under totalitarian regimes
  • people who share personal stories online to crowdfund medical procedures

To make things worse, the proposed definition of what constitutes “commercial purpose” could be expanded to include other types of activity such as running ads or posting affiliate links.

The letter does not directly refer to Gamergate, but some of the signatories are its most prominent victims and the allusions are clearly there.

Gamergate is described somewhere in its 9,000-word Wikipedia article as “part of a long-running culture war against efforts to diversify the traditionally male video gaming community, particularly targeting outspoken women.”

At its benign end, it was a movement for stronger ethics in video game journalism. At its malignant end, it involved quite a lot of male gamers sending abuse and violent threats to female players and developers.

The PPSAI report is open for comment until July 7. It has so far attracted over 10,000 emails, most of them rustled up by registrar letter-writing campaigns here and here.

Registrars open floodgate of Whois privacy outrage

Kevin Murphy, June 26, 2015, Domain Policy

A letter-writing campaign orchestrated by the leading domain registrars has resulted in ICANN getting hit with over 8,000 pro-privacy comments in less than a week.

It’s the largest volume of comments received by ICANN on an issue since right-wing Christian activists deluged ICANN with protests about .xxx, back in 2010.

The comments — the vast majority of them unedited template letters — were filed in response to the GNSO Privacy & Proxy Services Accreditation Issues (PPSAI) Working Group Initial Report.

That report attempts to bring privacy and proxy services, currently unregulated by ICANN, under ICANN’s contractual wing.

There are two problematic areas, as far as the registrars are concerned.

The first is the ability of trademark and copyright owners to, under certain circumstances, have the registrant of a privately registered name unmasked.

Upon receiving such a request, privacy services would have 15 days to obtain a response from their customer. They’d then have to make a call as to whether to reveal their contact information to the IP owner or not.

Possibly the most controversial aspect of this is described here:

Disclosure cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

In other words, the privacy services (in most cases, also the registrar) would be forced make a judgement on whether web site content is illegal, in the absence of a court order, before removing Whois privacy on a domain.

The second problematic area is an “additional statement” on domains used for commercial activity, appended to the PPSAI report, penned by MarkMonitor on behalf of Facebook, LegitScript, DomainTools, IP attorneys Smith, Gambreall & Russell, and itself.

Those companies believe it should be against the rules for anyone who commercially transacts via their web site to use Whois privacy.

Running ads on a blog, say, would be fine. But asking for, for example, credit card details in order to transact would preclude you from using privacy services.

The PPSAI working group didn’t even approach consensus on this topic, and it’s not a formal recommendation in its report.

Regardless, it’s one of the lynchpins of the current registrar letter-writing campaigns.

A page at SaveDomainPrivacy.org — the site backed by dozens of registrars big and small — describes circumstances under which somebody would need privacy even though they engage in e-commerce.

Home-based businesses, shelters for domestic abuse victims that accept donations, and political activists are all offered up as examples.

Visitors to the site are (or were — the site appears to be down right now (UPDATE: it’s back up)) invited to send a comment to ICANN supporting:

The legitimate use of privacy or proxy services to keep personal information private, protect physical safety, and prevent identity theft

The use of privacy services by all, for all legal purposes, regardless of whether the website is “commercial”

That privacy providers should not be forced to reveal my private information without verifiable evidence of wrongdoing

The content of the site was the subject of a sharp disagreement between MarkMonitor and Tucows executives last Saturday during ICANN 53. I’d tell you exactly what was said, but the recording of the relevant part of the GNSO Saturday session has not yet been published by ICANN.

Another site, which seems to be responsible for the majority of the 8,000+ comments received this week, is backed by the registrar NameCheap and the digital civil rights groups the Electronic Frontier Foundation and Fight For The Future.

NameCheap appears to be trying to build on the reputation it started to create for itself when it opposed the Stop Online Piracy Act a few years ago, going to so far as to link the Whois privacy reforms to SOPA on the campaign web site, which says:

Your privacy provider could be forced to publish your contact data in WHOIS or even give it out to anyone who complains about your website, without due process. Why should a small business owner have to publicize her home address just to have a website?

We think your privacy should be protected, regardless of whether your website is personal or commercial, and your confidential info should not be revealed without due process. If you agree, it’s time to tell ICANN.

The EFF’s involvement seems to have grabbed the attention of many reporters in the general tech press, generating dozens of headlines this week.

The public comment period on the PPSAI initial report ends July 7.

If it continues to attract attention, it could wind up being ICANN’s most-subscribed comment period ever.

Do geeks care about privacy more than Christians care about porn? We’ll find out in a week and a half.