Latest news of the domain name industry

Recent Posts

Government anger over two-letter domains

Kevin Murphy, March 16, 2017, Domain Policy

ICANN’s Governmental Advisory Committee has clashed with its board of directors over the lack of protections for two-letter domain names that match country codes.

The board has now formally been urged to reconsider its policy to allow registries to sell these names, after angry comments and threats from some GAC members.

Governments from Brazil, Iran, China and the European Union are among at least 10 angered that the names are either not adequately protected or only available for exorbitant prices,

The debate got very heated at ICANN 58 here in Copenhagen on Wednesday morning, during a public session between the GAC and the board, with Iran’s outspoken GAC rep, Kavous Arasteh, almost yelling at Chris Disspain, the board’s point man on the topic.

Arasteh even threatened to take his concerns, if not addressed, to the International Telecommunications Union when it convenes for a plenipotentiary next year.

“Your position is not acceptable. Rejected categorically,” he said.

“The multistakeholder process was not easily accepted by many countries. Still people have difficulty with that,” he said. “We have a plenipotentiary coming in 2018, and we will raise the issue if the matter is not resolved… It is not always commercial, government also has some powers, and we exercise our powers.”

Invoking the ITU is a way to turn a relatively trivial disagreement into an existential threat to ICANN, a typical negotiating tactic of governments that don’t get what they want from ICANN.

The relatively trivial disagreement in this case is ICANN’s decision to allow gTLD registries to release all previously reserved two-letter strings.

In November, ICANN approved a policy that released all two-letter strings on the proviso that registrants have to assert that they will not pass themselves off as affiliated with the countries concerned.

Registries also were given a duty to investigate — but not necessarily act upon — governmental complaints about confusion.

ICANN thinks that this policy is perfectly compliant with the GAC’s latest official advice, supplied following the Helsinki meeting last June, which asked ICANN to:

urge the relevant Registry or the Registrar to engage with the relevant GAC members when a risk is identified in order to come to an agreement on how to manage it or to have a third-party assessment of the situation if the name is already registered.

Disspain patiently pointed out during Wednesday’s session that governments have no legal rights to their ccTLD strings at the second level, and that most of the complaining governments don’t even protect two-letter strings in their own ccTLDs.

But some GAC reps disagreed.

China stated (via the official interpreter): “We believe the board doesn’t have the right or the mandate to decide whether GAC members have the right over two-character domain names.”

While no government spoke in favor of the ICANN policy on Wednesday, the complaining governments do appear to be in a minority of the GAC.

Despite this, they seem to have been effective in swaying fellow committee members to issue some stern new advice. The Copenhagen communique, published last night (pdf), reads:

a. The GAC advises the ICANN Board to:

I. Take into account the serious concerns expressed by some GAC Members as contained in previous GAC Advice

II. Engage with concerned governments by the next ICANN meeting to resolve those concerns.

III. Immediately explore measures to find a satisfactory solution of the matter to meet the concerns of these countries before being further aggravated.

IV. Provide clarification of the decision-making process and of the rationale for the November 2016 resolution, particularly in regard to consideration of the GAC advice, timing and level of support for this resolution.

ICANN is being compelled to retroactively revisit a policy that was issued in compliance with previous GAC advice, it seems.

The next ICANN meeting is being held in Johannesburg in June, so the clock is ticking.

Two-letter domains are valuable properties even in new gTLDs. With each expected to sell for thousands, two-letter names are likely to be a multimillion dollar windfall for even moderately sized portfolio registries.

In rare public session, ICANN approves sexual harassment policy

Kevin Murphy, March 11, 2017, Domain Policy

ICANN’s board of directors this afternoon approved an anti-harassment policy designed to protect community members from unwanted sexual attention.

It’s the policy inspired by the now infamous Cheesesandwichgate incident at the Marrakech meeting a year ago.

But general counsel John Jeffrey noted that there have been multiple similar complaints to the Ombudsman over the last year or so, possibly as a result of increased awareness that such complaints are possible.

While the text of the resolution has not yet been published, I believe it’s approving a lightly modified version of the policy draft outlined here.

That draft sought to ban activities such as “sexually suggestive touching” and “lewd jokes” at ICANN meetings. A laundry list of characteristics (such as race, gender, disability) were also given special protection.

What’s possibly more interesting than the new policy itself is the manner in which the policy was approved.

It was the first time in goodness knows how many years — definitely over 10, and I’m tempted to say over 15, but nobody seems to know for sure — that the ICANN board has deliberated on a resolution in public.

By “in public” I mean the 30-minute session was live-streamed via Adobe Connect from an undisclosed location somewhere at ICANN 58, here in Copenhagen. An in-person live audience was not possible for logistical reasons, I’m told.

Apart from the first few years of ICANN’s existence, its public board meetings have usually been rubber-stamping sessions at the end of the week-long meeting, based on discussions that had gone on behind closed doors days earlier.

So today’s session was a significant attempt to increase transparency that is likely to be welcomed by many.

Unfortunately, its existence could have been communicated better.

For the first 15 minutes, there were no more than 19 people in the Adobe room, and I believe I may have been the only one who was not ICANN staff or board.

After I tweeted about it, another 10 or so people showed up to listen.

Given that increased board transparency is something many sections of the community have been clamoring for for years, one might have expected a bigger turnout.

While the meeting had been prominently announced, it was not listed on the official ICANN 58 schedule, so had failed to make it onto the to-do lists of any of the iCal slaves pottering around the venue.

The session itself came across to me as a genuine discussion — not stage-managed or rehearsed as some had feared.

Directors raised issues such as the possible increased workload on the Ombudsman, the fact that the current Ombudsman (or Ombudsperson, as some directors referred to him) is male, and the availability of female staff members to receive “sensitive” complaints.

Today’s open session is part of a “pilot” and is due to be followed up on Sunday with another, which will discuss ICANN’s fiscal 2018 operating plan and budget.

Again, turning up to watch in person will not be possible, but the 90-minute session will be streamed live at 0745 UTC here.

The first in the pilot program, which even I missed, was in Brussels in September.

Schneider quits as chair of GAC

Kevin Murphy, March 11, 2017, Domain Policy

ICANN’s Governmental Advisory Committee is looking for a new chair.

Incumbent Thomas Schneider intends to leave the role before his current two-year term expires, he told GAC members assembled here at the ICANN 58 public meeting in Copenhagen this afternoon.

Schneider said that his boss at the Swiss government agency at which he works recently retired and that he has been appointed his successor.

From April, he’ll become vice director of the Federal Office of Communication, responsible for international affairs, he said.

The increased workload, including organizing the next Internet Governance Forum in Geneva, means he will no longer be able to devote his time to chairing the GAC, he said.

Schneider’s first two-year term as GAC chair started at the beginning of 2015. He was reelected to the position for a second term last November.

His replacement will be elected at the ICANN 60 meeting in Abu Dhabi this coming October, at which point Schneider will hand over the reins.

Papac named ICANN’s first complaints officer

Kevin Murphy, March 10, 2017, Domain Policy

ICANN has named its first-ever complaints officer.

It’s Krista Papac, a long-time domain industry participant who’s been working for ICANN, most recently as director of registry services and engagement, since 2013.

She’s previously worked for the registries Verisign, ARI (now part of Neustar) and data escrow agent Iron Mountain.

Her job will be to “provide a centralized mechanism to track complaints received about the ICANN organization” and is “an additional way for the ICANN organization to be accountable for and transparent about its performance”.

Her input will come largely from existing accountability mechanisms — the Ombudsman, Requests for Reconsideration, the Independent Review Process, and the contractual compliance department.

She’ll report to general counsel John Jeffrey.

The hire, and the reporting line, has already proved somewhat controversial.

Domain investor trade group the Internet Commerce Association today said that it was skeptical that a complaints officer reporting to the general counsel could be effective.

ICA added in a blog post that, while it has no beef with Papac, it had concerns that an insider had been hired into the role.

How can any individual who has worked for years within ICANN’s [Global Domains Division] be expected to cast prior experience and relationships aside to thoroughly and dispassionately investigate a complaint brought against GDD actions generally, or those of a specific member of the GDD staff?

Papac’s new role follows Jamie Hedlund’s internal move from head of government relations to VP of contractual compliance and consumer safeguards, in January.

Donuts took down 11 domains for Hollywood last year

Kevin Murphy, February 28, 2017, Domain Policy

Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.

The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.

The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.

Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.

For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.

“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.

Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:

Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.

Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.

The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”

It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.

Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.

The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.

Sanchez beats Greenberg to ICANN board seat

Kevin Murphy, February 27, 2017, Domain Policy

Mexican intellectual property lawyer León Felipe Sánchez Ambía has been selected to become a member of the ICANN board of directors by the At-Large, comfortably beating his opponent in a poll this weekend.

Sanchez took 13 votes (65%) to 10-year At-Large veteran Alan Greenberg’s 7, in a vote of At-Large Advisory Committee members and Regional At Large Organization chairs.

He’ll take the seat due to be vacated in November by Rinalia Abdul Rahim, who will leave the board after one three-year term.

He’s currently head of the IP practice and a partner at Fulton & Fulton in Mexico City. According to his bio:

He is co-lead for the Mexican chapter of Creative Commons and advisor to different Government bodies that include the Digital Strategy Coordination Office of the Mexican Presidency, the Special Commission on Digital Agenda and IT of the Mexican House of Representatives and the Science and Technology Commission of the Mexican Senate.

He drafted the Internet Users Rights Protection Act for Mexico and has been very active on issues like Anti-Counterfeit Trade Agreement (ACTA), Stop Online Privacy Act (SOPA), Trans-Pacific Partnership Agreement (TPPA) and other local initiatives of the same kind, always advocating to defend users’ and creators’ rights in order to achieve a balance between regulation and freedom.

Sanchez is certainly the less experienced of the two short-listed men when it comes to length of involvement in the ICANN community, but he’s a member of the ALAC and is deeply involved as a volunteer in ICANN accountability work following the IANA transition.

The At-Large was recently criticized in a report (pdf) for the perception that it is “controlled by a handful of ICANN veterans who rotate between the different leadership positions”.

Sanchez’s appointment to the board may have an effect on that perception.

The selection of another (white, male) North American to the board, replacing an Asian woman, will of course create more pressure to increase geographic and gender diversity on the other groups within ICANN that select board members.

A written Q&A between the two candidates and At-Large members can be found here.

Now the DNA backpedals on “Copyright UDRP”

Kevin Murphy, February 27, 2017, Domain Policy

The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.

The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.

The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.

The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.

PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.

It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.

The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.

The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.

In the statement, the DNA says:

some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.

While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.

Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.

The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.

In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:

While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.

In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.

The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.

The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.

PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

Losers would either have their domain suspended or, like UDRP, seized by the complainant.

The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.

But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.

The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.

The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.

I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.

Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.

Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.

Copyright ADRP may not be dead yet, but its future does not look bright.

UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.

The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.

As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.

The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.

However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.

“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.

The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.

Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.

Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.

PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.

No other registry has publicly stated similar plans to my knowledge.

The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

.africa to finally go live after judge denies injunction

Kevin Murphy, February 10, 2017, Domain Policy

A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.

Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.

The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.

Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.

Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.

Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.

An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.

Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:

The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages

He balanced this against the harm of NOT delegating .africa:

The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.

So what now?

ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”

As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.

Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.

If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.

Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.

While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.

You can read Halm’s ruling here (pdf).