Latest news of the domain name industry

Recent Posts

Plural gTLDs to be banned over confusion concerns

Kevin Murphy, July 10, 2018, Domain Policy

Singular and plural versions of the same word are likely to be banned as coexisting gTLDs in future.

The ICANN community working group looking at rules for subsequent application rounds reckons having both versions of the same word online — something that is happening with more than 30 gTLDs currently — leads to “consumer confusion” and should not be permitted.

It’s one of the surprisingly few firm recommendations in the Initial Report on the New gTLD Subsequent Procedures Policy Development Process, which says:

If there is an application for the singular version of a word and an application for a plural version of the same word in the same language during the same application window, these applications would be placed in a contention set, because they are confusingly similar. An application for a single/plural variation of an existing TLD would not be permitted.

It adds that the mere addition of an S should not be disqualifying; .news would not be considered the plural of .new, for example.

Interestingly, the recommendation is based on advice received from existing registries, many of which fought for singular/plural coexistence during the 2012 round and already operate many such string pairs.

According to my database, these are the 15 plural/singular English string pairs (there are more if you include other languages) currently live in the DNS root:

.careers/.career
.photo/.photos
.work/.works
.cruise/.cruises
.review/.reviews
.accountant/.accountants
.loan/.loans
.auto/.autos
.deal/.deals
.gift/.gifts
.fan/.fans
.market/.markets
.car/.cars
.coupon/.coupons
.game/.games

Some of them are being managed by the same registries; others by competitors.

It’s tempting to wonder whether the newfound consensus that these pairs are confusing represents an attempt by 2012-round registries to slam the door behind them, if for no other reason than to avoid chancers trying to extort money from them by applying for plural or singular versions of other strings they currently manage.

But at an ICANN policy level, the plurals issue was indeed a gaping hole in the 2012 round.

All such clashes were resolved by String Confusion Objections, but only if one of the applicants chose to file such an objection.

These rulings mostly came down on the side of coexistence, but sometimes did not — .kid, .pet and .web were among those placed in direct contention with plural equivalents following aberrant SCO decisions.

Euro-Whois advice still as clear as mud

Kevin Murphy, July 6, 2018, Domain Policy

European privacy chiefs have again weighed in to the ongoing debate about GDPR and Whois, offering another thin batch of vague advice to ICANN.

The European Data Protection Board, in its latest missive (pdf), fails to provide much of the granular “clarity” ICANN has been looking for, in my view.

It does offer a few pieces of specific guidance, but it seems to me that the general gist of the letter from EDPB chair Andrea Jelinek to ICANN CEO Goran Marby is basically: “You’re on your own buddy.”

If the question ICANN asked was “How can we comply with GDPR?” the answer, again, appears to be generally: “By complying with GDPR.”

To make matters worse, Jelinek signs off with a note implying that the EDPB now thinks that it has given ICANN all the advice it needs to run off and create a GDPR-compliant accreditation system for legitimate access to private Whois data.

The EDPB is the body that replaced the Article 29 Working Party after GDPR came into effect in May. It’s made up of the data protection authorities of all the EU member states.

On the accreditation discussion — which aims to give the likes of trademark owners and security researchers access to Whois data — the clearest piece of advice in the letter is arguably:

the personal data processed in the context of WHOIS can be made available to third parties who have a legitimate interest in having access to the data, provided that appropriate safeguards are in place to ensure that the disclosure is proportionate and limited to that which is necessary and the other requirements of GDPR are met, including the provision of clear information to data subjects.

That’s a fairly straightforward statement that ICANN is fine to go ahead with the creation of an accreditation model for third parties, just as long as it’s quite tightly regulated.

But like so much of its advice, it contains an unhelpful nested reference to GDPR compliance.

The letter goes on to say that logging Whois queries should be part of these controls, but that care should be taken not to tip off registrants being investigated by law enforcement.

But it makes no effort to answer Marby’s questions (pdf) about who these legit third-parties might be and how ICANN might go about identifying them, which is probably the most important outstanding issue right now.

Jelinek also addresses ICANN’s lawsuit against Tucows’ German subsidiary EPAG, and I have to disagree with interpretations of its position published elsewhere.

The Register’s Kieren McCarthy, my Chuckle Brother from another Chuckle Mother, reckons the EDPB has torpedoed the lawsuit by “stating clearly that it cannot force people to provide additional ‘admin’ and ‘technical’ contacts for a given domain name”.

Under my reading, what it actually states is that registrants should be able to either use their own contact data, or anonymized contact information identifying a third party, in these records.

The EDPB clearly anticipates that admin and technical contacts can continue to exist, as long as they contain non-personal contact information such as “admin@example.com”, rather than “kevin@example.com”.

That’s considerably more in line with ICANN’s position than that of Tucows, which wants to stop collecting that data altogether.

One area where EDPB does in fact shoot down ICANN’s new Whois policy is when it comes to data retention.

The current ICANN contracts make registrars retain data for two years, but the EDPB notes that ICANN does not explain why or where that number comes from (I hear it was “pulled out of somebody’s ass”).

The EDPB says that ICANN needs to “re-evaluate the proposed data retention period of two years and to explicitly justify and document why it is necessary”.

Finally, the EDPB weighs in on the issue of Whois records for “legal persons” (as opposed to “natural persons”). It turns out their Whois records are not immune to GDPR either.

If a company lists John Smith and john.smith@example.com in its Whois records, that’s personal data on Mr Smith and therefore falls under GDPR, the letter says.

That should provide a strong incentive for registries and registrars to stop publishing potentially personal fields, if they’re still doing so.

New gTLD fees could be kept artificially high

Kevin Murphy, July 6, 2018, Domain Policy

More windfalls for ICANN? It’s possible that application fees for new gTLDs could be artificially propped up in order to discourage gaming.

In the newly published draft policy recommendations for the next new gTLD round, ICANN volunteers expressed support for keeping fees high “to deter speculation, warehousing of
TLDs, and mitigating against the use of TLDs for abusive or malicious purposes”.

It’s one of the ideas posed in the the Initial Report on the New gTLD Subsequent Procedures Policy Development Process, published this week.

It recommends that ICANN continues to price its application fees on a revenue-neutral basis, but with one big exception.

The report notes that there’s support for an “application fee floor” — a minimum fee threshold that would not be crossed no matter how cheap application processing actually becomes:

there might be a case where a revenue neutral approach results in a fee that is “too low,” which could result in an excessive amount of applications (e.g., making warehousing, squatting, or otherwise potentially frivolous applications much easier to submit), reduce the sense of responsibility and value in managing a distinct and unique piece of the Internet, and diminish the seriousness of the commitment to owning a TLD.

The subgroup looking at fees was “generally supportive” of the notion of a floor, the report says.

If the fee floor were used, excess funds would have to be pumped into efforts such as “universal acceptance”, the ongoing outreach project that hopes to persuade developers to ensure their software supports all TLDs.

It could also be used to support applications from the poorer regions of the world.

I wonder how much of a deterrent to warehousing an artificially high application fee would be; deep-pocketed Google and Amazon appear to have warehoused dozens of TLDs they applied for in the 2012 round.

The application fee in 2012 was $185,000 per string, priced on a “cost recovery” basis. The idea was that ICANN shouldn’t use the fees to subsidize its regular operations and vice versa.

But with roughly one third of that amount earmarked for unexpected contingencies — basically a legal defense fund — ICANN currently has close to $100 million in unspent fees sitting idle in a dedicated bank account.

The Initial Report also discusses whether application fees should be varied based on application type, as well as posing dozens of other questions for the community on the rules for the next round of new gTLDs.

Comment here.

First-come, first-served for new gTLDs? Have your say

Kevin Murphy, July 6, 2018, Domain Policy

Should new gTLDs be allocated on a first-come, first-served basis? That’s a possibility that has not yet been ruled out by the ICANN community.

The ICANN working group currently writing policy for the next round of gTLD applications has published its first draft for public comment, and FCFS is one option still on the table.

The Initial Report on the New gTLD Subsequent Procedures Policy Development Process outlines six possible paths for the new gTLD program, and the group wants to hear your feedback.

The six options presented range from a 2012-style one-off application round, followed again by a potentially interminable series of reviews, to full-on FCFS from day one.

With neither of those extremes particularly appealing, the working group seems to be erring towards one of the four other choices.

ICANN could, for example, announce two or three more rounds, with firm dates for each perhaps separated by a year or two, followed by a long breather period.

Or it could kick of an endless series of application periods, perhaps happening at the same time every year.

Or it could conduct one or more rounds before implementing full FCFS.

The report lists many of the pros and cons of these various options.

For example, FCFS could lead to scrappy applications, gTLD warehousing, capture by ICANN insiders, and disadvantages to community applicants, but it could also reduce the cost of acquiring a gTLD by eliminating expensive auction-based contention resolution.

Conversely, the round-based structure could cause scaling problems for ICANN, could face unanticipated delays, and may not be responsive to applicants’ business needs, the report says.

The working group could not reach consensus on which model should be used, but it noted that there was no appetite for either immediate FCFS or another 2012-style effort. Its report states:

The Working Group recommends that the next introduction of new gTLDs shall be in the form of a “round.” With respect to subsequent introductions of the new gTLDs, although the Working Group does not have any consensus on a specific proposal, it does generally believe that it should be known prior to the launch of the next round either (a) the date in which the next introduction of new gTLDs will take place or (b) the specific set of criteria and/or events that must occur prior to the opening up of the subsequent process. For the purposes of providing an example, prior to the launch of the next round of new gTLDs, ICANN could state something like, “The subsequent introduction of new gTLDs after this round will occur on January 1, 2023 or nine months following the date in which 50% of the applications from the last round have completed Initial Evaluation.”

The question of how to balance rounds and, potentially, FCFS, is one of many, many questions posed in the 310-page initial report. You can comment here.

Expect more coverage of this monster from DI shortly.

ICANN heads to Cancun for Spring Break boondoggle

Kevin Murphy, June 26, 2018, Domain Policy

ICANN has named the three venues for its 2020 public meetings. They are Cancun, Kuala Lumpur and Hamburg.

The first meeting of the year, the so-called Community Forum, will be held March 7 to 12 at the Cancun International Convention Center.

Cancun is pretty horrific at the best of times, but the March dates place ICANN 67 in peak Spring Break — the time of year when American university students descend on Cancun by their thousands to take advantage, to excess, of Mexico’s more reasonable drinking age laws.

Don’t expect to keep your T-shirts dry.

Meeting two, the more modest Policy Forum, will see ICANN head to Malaysia, specifically the Kuala Lumpur Convention Center, from June 22 to 25. The local chapter of the Internet Society is hosting.

Finally, the AGM will be held in Hamburg, Germany, where eco, DENIC and the local city council will host at the Congress Center.

Before 2020, we still have Barcelona later this year, and Kobe, Marrakech (again) and Montreal (again) in 2019. The Panama City policy forum is going on right now.

ICANN’s rules require it to rotate its meeting locations around the five major geographic regions.