Latest news of the domain name industry

Recent Posts

No more free ride for ICANN Fellows?

Kevin Murphy, August 29, 2018, Domain Policy

Newcomers who get free travel to ICANN meetings will have to show they’re serious about participating in the community, under new rules.

ICANN is revamping its Fellowship program to ensure that it’s actually meetings its goals of increasing the pool of mugs knowledgeable volunteers that the community can draw on.

The program, designed to bring in people unable to afford their own in-person meeting attendance, had come in for criticism for not being sufficiently accountable, and perhaps a poor use of money in a time of budget pressure.

It’s not been easy to measure the ratio of valuable ICANN citizens it was creating versus freeloaders who abuse the system for a free busman’s holiday.

Among the key changes being introduced now are requirements for Fellows to attend a minimum number of session-hours per meeting, casually policed by seven “mentors” — selected from and appointed by each supporting organization and advisory committee.

The number of hours required doesn’t appear to be set in stone as yet, with ICANN saying it will work with mentors to arrive at a figure.

While ICANN admits it obviously can’t force Fellows to participate after their first meeting, it plans to make sure returning Fellows can provide documentary evidence that they have engaged on subsequent applications for the program.

The three-meetings-only rule will remain.

The request for post-meeting reports from Fellows will be piloted at the Barcelona meeting in October.

More information of program revamps can be found here.

Microsoft seizes “Russian election hacking” domains

Kevin Murphy, August 21, 2018, Domain Policy

Microsoft has taken control of six domains associated with a hacker group believed to be a part of Russian military intelligence, according to the company.

Company president Brad Smith blogged yesterday that Microsoft obtained a court order allowing it to seize the names, which it believes were to be used to attack institutions including the US Senate.

The domains in question look like they could be used in spear-phishing attacks. The are: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com.

Historical Whois records archived by DomainTools show they were registered last year behind WhoisGuard, the Panama-based privacy service. Now, of course, the Whois records are all redacted due to GDPR.

Smith said that Microsoft believes intended targets besides the Senate also include the International Republican Institute and the Hudson Institute, two conservative think-tanks.

The company believes, though it did not show evidence, that the domains were created by the group it calls “Strontium”.

Strontium is also known as “Fancy Bear”, among other names. It’s believed to be backed by the GRU, Russia’s intelligence agency.

It’s the same group alleged members of which Special Counsel Robert Mueller recently indicted as part of his investigation into Russian meddling in the 2016 US presidential election.

“We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group,” Smith said in his blog post.

He added that Microsoft does not know whether the domains have been used in an attack yet.

No Verf├╝gungsanspruch for ICANN in GDPR lawsuit

Kevin Murphy, August 7, 2018, Domain Policy

ICANN has lost its latest attempt to use the German courts to force Tucows to continue to collect Whois records the registrar thinks are unnecessary.

In an August 1 ruling, a translation of which (pdf) has been published by ICANN, the court ruled that no preliminary injunction (or “Verf├╝gungsanspruch”) was necessary, because ICANN has not shown it would suffer irreparable harm without one.

ICANN wants Tucows’ German subsidiary EPAG to carry on collecting the Admin-C and Tech-C fields of Whois, even though the registrar thinks that would make it fall foul of Europe’s new General Data Protection Regulation.

The organization has already had two adverse decisions at a lower court, and the appeals court‘s latest ruling does not change anything. The judge ruled:

The Applicant [ICANN] has already not demonstrated that a preliminary injunction is required in order to avoid substantial disadvantages. To the extent the Applicant submitted in its application that interim relief was necessary in order to avert irreparable harm by arguing that the data to be collected would otherwise be irretrievably lost, this is not convincing. The Defendant [EPAG] could at a later point collect this data from the respective domain holder by a simple inquiry, provided that an obligation in this regard should be established.

The court also declined to refer the case to the European Court of Justice, as ICANN had wanted, because nothing in the ruling required GDPR to be interpreted.

This a a blow, because the whole point of the lawsuit is for ICANN and registrars to get some clarity on what the hell GDPR actually requires when it comes to Whois.

ICANN said it is “considering its next steps, including possible additional filings before the German courts”, noting that the “main proceedings” of the case are still ahead of it.

auDA car crash continues as director quits over foreign members

Kevin Murphy, August 7, 2018, Domain Policy

auDA director Tim Connell has quit the board over its decision to admit almost a thousand new members from the industry side of the house.

Connell, the only remaining elected “Demand class” director, said he believes auDA will now be controlled by registrars and the new back-end registry, Afilias.

In his resignation letter (pdf), Connell said: “I fear this potentially hands control of auDA over to industry and could ultimately create the situation where the independent governing body is no longer independent.”

The new member influx, which saw the ranks swell from about 320 to over 1,300 in the space of a few weeks, was largely due to three large registrars and the back-end encouraging their staff to sign up for membership.

One registrar, CrazyDomains owner Dreamscape Networks, now apparently employs almost 40% of auDA’s members.

auDA, which seems to have nudged the companies towards this membership drive, is under pressure from the Australian government to grow and diversify its membership.

Chief critic Josh Rowe, himself a former director, has calculated, based on a non-public member list, that most of the new members are based outside of Australia, a fact alluded to by Connell in his letter.

Rowe and his fellow “Grumpies” used last month’s extraordinary auDA meeting to demand that the new membership applications be rejected on the grounds that the new members are not a part of the Australian internet community that auDA is constitutionally bound to serve.

But auDA chair Chris Leptos responded that they are members of the community by virtue of their employment.

Connell’s primary concern appears to be that the swollen member base is now heavily tilted in favor of the supply-side of the community.

He noted that an AUD 12 million marketing fund distributed to registrars in the wake of the migration to cheaper back-end Afilias could be seen as an attempt to bribe the industry to side with the auDA party line.

Grumpies have accused auDA of “cartel-like” behavior in this regard.

At the special meeting two weeks ago, motions to fire three directors including Leptos (over unrelated disagreements) were rejected due to near-unanimous opposition from the Supply-class members, despite an overall majority of voters supporting their removal.

The new members were not eligible to vote at that meeting, so the Supply-class was considerably smaller.

At the same meeting, Connell revealed that his Demand-class directorship had recently come into question due to the fact that he acted as an affiliate of a registrar.

He said he’d rectified that situation, and Leptos seemed happy with that the situation had been resolved.

Despite this, Connell says in his letter that he no longer feels that information he receives as a director is “accurate or complete”, suggesting continued tensions on the board.

For all these reasons, he said he was resigning immediately.

In a statement, auDA thanked Connell for his service and said a replacement will be sought within three months.

I’ve actually lost count of how many auDA directors have quit recently. I’ve reported on at least five, including the last chair, since I started covering the unrest there a little over a year ago.

New ICANN director named

Kevin Murphy, August 3, 2018, Domain Policy

A member of the root server community has been named to the ICANN board of directors.

The Nominating Committee yesterday revealed its three selections for the board, two of whom are already seated.

The new director is Tripti Sinha of the University of Maryland, where she heads the Advanced Cyber Infrastructure and Internet Global Services division, which manages the D-root server.

Sinha is currently co-chair of ICANN’s Root Server System Advisory Committee.

She will replace fellow North American George Sadowsky who, after joining the board in 2009 and being reselected twice, is term-limited and will be given his marching orders this October.

NomCom also reaffirmed current directors Lousewies van der Laan, a former Dutch politician, and Rafael “Lito” Ibarra, founder of the El Salvadorean ccTLD .sv.

New directors will take their seats at the conclusion of the ICANN 63 meeting in Barcelona in October.

NomCom’s other selections to various leadership positions at ICANN can be found here.