Latest news of the domain name industry

Recent Posts

US unhappy with ICANN, urges more delay to many new gTLDs

Kevin Murphy, February 8, 2014, Domain Policy

The US government is not pleased with ICANN’s rather liberal interpretation of Governmental Advisory Committee advice on new gTLDs and wants more talks about “safeguards”.

Not only that, but it wants to start talking to ICANN about extending safeguards applicable to new gTLDs to old gTLDs, presumably including the likes of .com, too.

A letter to ICANN from Department of Commerce assistant secretary Larry Strickling, obtained by DI today, calls for more talks before ICANN finalizes its handling of the GAC’s Beijing communique.

Strickling notes, as DI has previously, that ICANN softened the meaning of the advice in order to smooth its implementation.

as can be the case when translating GAC Advice to contractual provisions, the NGPC [the ICANN board’s New gTLD Program Committee] made adjustments to the GAC Advice that the United States believes could cause enforcement problems and as such merits further discussion. The National Telecommunications and Information Administration (NTIA), on behalf of the United States, is planning to raise these concerns for discussion at the March GAC meeting in Singapore and requests that ICANN take this fact into account before moving forward with applications for strings impacted by the relevant portions of GAC advice

The letter (pdf) was sent February 4, just a day before the NGPC held a meeting — the results of which we do not yet know — that had the GAC Advice on its agenda.

The New gTLD Applicants Group had urged the NGPC to finally put the GAC Advice to rest, highlighting the “heavy burden that the delay in the implementation of GAC Category 1 Advice has imposed upon affected applicants” in a letter last week.

The Category 1 advice, you may recall, comprised eight “safeguards” mandating policies such as industry engagement and registrant authentication, applicable to at least 386 gTLD applications.

Back in November, ICANN announced how it planned to handle this advice, but changed its meaning to make it more palatable to ICANN and applicants.

Those changes are what Strickling is not happy with.

He’s particularly unhappy with changes made to the GAC’s demand for many gTLDs to be restricted to only card-carrying members of the industries the strings seem to represent.

The GAC said in Beijing:

At the time of registration, the registry operator must verify and validate the registrants’ authorisations, charters, licenses and/or other related credentials for participation in that sector.

In other words, you’d have to provide your doctor license before you could register a .doctor domain.

But ICANN proposed to implement it like this:

Registry operators will include a provision in their Registry-Registrar Agreements that requires Registrars to include in their Registration Agreements a provision requiring a representation that the Registrant possesses any necessary authorisations, charters, licenses and/or other related credentials for participation in the sector associated with the Registry TLD string.

The doctor under this policy would only require the doctor to check a box confirming she’s a doctor. As Strickling said:

The NGPC has changed the GAC-coveyed concept of “verification and validation” to “representation”

Requirements for registries to mandate adherence to government regulations on the protection of financial and healthcare data are also his targets for further discussion.

What all this boils down to is that, assuming ICANN paid heed to Strickling’s letter, it seems unlikely that NTAG will get closure it so desperately wants until the Singapore meeting in late March — a year after the original Beijing communique — at the earliest.

In other words, lots of new gTLD applicants are probably going to be in limbo for a bit longer yet.

But Strickling also has another bombshell to drop in the final sentence of the letter, writing:

In addition, we will recommend that cross community discussion begin in earnest on how the safeguards that are being applied to new gTLDs can be applied to existing gTLDs.

So it seems the GAC is likely to start pressing to retroactively apply its new gTLDs advice to legacy gTLDs too.

Registrant verification in .com? Stricter Whois checks and enforcement? That conversation has now started, it seems.

Yes, there is cybersquatting in new gTLDs

Kevin Murphy, February 6, 2014, Domain Policy

With new TLDs, comes cybersquatting. It’s inevitable. And it’s also true of the new gTLDs that hit general availability this week.

The question of what is or is not cybersquatting is best left to a judge or UDRP panel, of course, but I’ve already come across plenty of newly registered domains that I do not believe would pass the UDRP test.

Sifting through select Whois records of domains that were registered in Donuts’ first seven gTLDs over the last few days, and without leaving the A’s, I’ve found the likes of: adidas.clothing, americanapparel.clothing, akamai.guru, americanexpress.guru. appleservice.guru and accenture.ventures.

Delving a little deeper into .clothing, I see the likes of kanyewest.clothing, ralphlauren.clothing, kardashiankollection.clothing, lauraashley.clothin, michaeljordan.clothing and more.

One Los Angeles clothing store appears to have registered several .clothing domains matching brands it does not own, possibly unaware that such behavior is frowned upon.

While there could be legitimate uses of the names I’ve highlighted here, possibly, they all appear to me to be registered to people unaffiliated with the referenced brands or celebrities.

I found more that are registered behind Whois privacy services, where it’s not possible to tell whether the domain belongs to the brand or not. Domains such as ibm.guru and ibm.ventures use Whois privacy, yet resolve to the IBM web site.

Cases of obvious UDRP losses seem to be few and far between, however. The vast majority of domains registered in these new gTLDs this week seem to be straightforward generic terms.

While I’m using the UDRP sniff test to highlight domains I feel may be cybersquatting, there’s a new process in town when it comes to disputes: the faster, cheaper Uniform Rapid Suspension policy.

URS has a higher burden of proof — “clear and convincing evidence” of bad faith registration and use — and it’s not yet clear how panelists will handle these cases.

There’s only been one URS case to date, that of facebok.pw, in which the domain was suspended following a complaint by Facebook.

In that case, Facebook was able to show bad faith by presenting the panelist with a list of other typo domains the respondent had registered.

Cartier sues Nominet hoping to set global domain name take-down precedent

Kevin Murphy, January 22, 2014, Domain Policy

Luxury watchmaker Cartier has taken .uk registry Nominet to court, hoping to set a precedent that would enable big brands to have domain names taken down at a whim.

The company sued Nominet in a London court in October, seeking an injunction to force the registry to take down 12 domain names that at the time led to sites allegedly selling counterfeit watches.

We’ve only become aware of the case today after Nominet revealed it has filed its defense documents.

Judging by documents attached to Nominet’s court filings, Cartier sees the suit as a test case that could allow it to bring similar suits against other “less cooperative” registries elsewhere in the world.

In a letter submitted as evidence as part of Nominet’s defense, Richard Graham, head of digital IP at Cartier parent company Richemont International, said that he was:

seeking to develop a range of tools that can be deployed quickly and efficiently to prevent Internet users accessing websites that offer counterfeit goods… [and] looking to establish a precedent that can be used to persuade courts in other jurisdictions where the registries are less cooperative.

It’s worth noting that Richemont has applied for 13 dot-brands under ICANN’s new gTLD program and that Graham is often the face of the applications at conferences and such.

Pretty soon Richemont will also be a domain name registry. We seem to be looking at two prongs of its brand protection strategy here.

According to the company’s suit, the 12 domains in question all had bogus Whois information and were all being used to sell bogus Cartier goods.

None of them used a Cartier trademark in the domain — this is explicitly about the contents of web sites, not their domains names — and Cartier says most appeared to be registered to people in China.

Rather than submitting a Whois inaccuracy complaint with Nominet — which could have led to the domains being suspended for a breach of the terms of service — Cartier decided to sue instead.

Graham actually gave Nominet’s lawyers over a week’s notice that the lawsuit was incoming, writing his letter (pdf) on October 22 and filing the complaint (pdf) with the courts November 4.

Cartier seems to have grown frustrated playing whack-a-mole with bootleggers who cannot be traced and just pop up somewhere else whenever their latest web host is persuaded to cut them off.

Graham’s letter, which comes across almost apologetic in its cordiality when compared to the usual legal threat, reads:

Cartier therefore believes the most cost effective and efficient way to disrupt access to the Counterfeiting Websites operating in the UK is to seek relief from you, as the body operating the registry of .uk domain names.

Armed with the foreknowledge provided by the letter, Nominet reviewed the Whois records of the domains in question, found them lacking, and suspended the lot.

Ten were suspended before Cartier sued, according to Nominet. Another expired before the suit was filed and was re-registered by a third party. A fourth, allegedly registered to a German whose scanned identity card was submitted as evidence by Nominet, was suspended earlier this month.

As such, much of Nominet’s defense (pdf) relies upon what seems to be a new and obscure legal guideline, the “Practice Direction on Pre-Action Conduct”, that encourages people to settle their differences without resorting to the courts.

Nominet’s basically saying that there was no need for Cartier to sue, because it already has procedures in place to deal with counterfeiters using fake Whois data.

Also offered in the defense are the facts that suspending a domain does not remove a web site, that Nominet does not operate web sites, and the following:

Nominet is not at liberty under its Terms and Conditions of Domain Name Registration to suspend .uk domain names summarily upon mere receipt of a demand from someone unconnected with the domain name registrant.

That seems to me to be among the most important parts of the defense.

If Cartier were to win this case, it may well set a precedent giving registries (in the UK at least, at first) good reason to cower when they receive dodgy take-down orders from multibillion-dollar brands.

Indeed, that seems to be what Cartier is going for here.

Unfortunately, Nominet has a track record of at least accelerating the takedown of domains based on nothing more than third-party “suspicion”. Its defense actually admits this fact, stating:

Inaccurate identity and contact information generally leads to the suspension of a domain within three weeks. Where suspicions of criminality are formally confirmed by a recognised law enforcement agency, suspension may be very significantly expedited.

I wonder if this lawsuit would have happened had Nominet not been so accommodating to unilateral third-party take-down notices in the past.

In a statement to members today, a copy of which was sent to DI, Nominet encouraged internet users to report counterfeiting web sites to the police if and when they find them.

DotConnectAfrica files for ICANN independent review

Kevin Murphy, January 22, 2014, Domain Policy

Failed .africa gTLD applicant DotConnectAfrica has filed an Independent Review Process appeal against ICANN, it emerged today.

The nature of the complaint is not entirely clear, but in a press release DCA said it’s related to “ICANN Board decisions and actions taken with regard to DCA Trust’s application for the .africa new gTLD”.

It’s only the third time an IRP has been filed. The first two were related to .xxx; ICM Registry won its pioneering case in 2009 and Manwin Licensing settled its followup case last year.

DCA said that it’s an “amended” complaint. It turns out the first notice of IRP was sent October 23. ICANN published it December 12, but I missed it at the time.

I’d guess that the original needed to be amended due to a lack of detail. The “Nature of Dispute” section of the form, filed with the International Center for Dispute Resolution, is just a sentence long, whereas ICM and Manwin attached 30 to 60-page legal complaints to theirs.

The revised notice, which has not yet been published, was filed January 10, according to DCA.

DCA applied for .africa in the current new gTLD round, but lacked the government support required by the Applicant Guidebook for strings matching the names of important geographic regions.

Its rival applicant, South African ccTLD registry Uniforum, which does have government backing, looks set to wind up delegated, whereas ICANN has designated DCA’s bid as officially “Not Approved”.

DCA has been alleging a conspiracy — often involving DI — at almost every juncture of the process, even before it filed its application. Read more here, here and here.

To win an IRP, it’s going to have to show that it suffered “injury or harm that is directly and causally connected to the Board’s alleged violation of the Bylaws or the Articles of Incorporation”.

Nominet bans rape domains

Kevin Murphy, January 15, 2014, Domain Policy

Nominet has banned “rape” domains from the .uk space, following an independent review spurred by a newspaper article.

The company announced today that it is to adopt the recommendations of Lord Macdonald (pdf), who said domains that “signal or encourage serious sexual offences” should be deleted.

The policy applies retroactively and at least a dozen domains have already been suspended.

Nominet CEO Lesley Cowley said in a statement:

Even though we are only talking about a handful of domain names, we agreed that we do not want those domain names on the register – regardless of whether there was an associated website or content.

Under the new policy, Nominet will review all new domain name registrations within the first 48 hours. It said it will:

Institute a system of post-registration domain name screening, within 48 hours of registration, for domain names that appear to signal or encourage serious sexual offences. Where examples that meet these criteria are discovered, they will be suspended or de-registered.

It’s pretty vague at the moment, both in terms of what constitutes a “signal” and how the oversight process will be carried out. Nominet said it will reveal implementation details at a later date.

Importantly, there will be no pre-screening of domains for potentially offensive substrings. It will still be possible to register names if you’re a “therapist” or enjoy “grapes”.

Macdonald said in his report:

any process of pre-registration scrutiny is likely to be slow, technologically blunt, and have minimal useful impact. It would likely damage the credibility of the .uk space in the market place and it would bring few discernible advantages.

He seems to be envisaging a system of manual review, aided by keyword searches, that looks only for domains that seem to be unambiguously “egregious”. He wrote:

it is precisely because of the inadequacies of the screening technology that Nominet has available to it, and the utmost importance of avoiding unnecessary or mistaken interference with free expression rights, that any post registration screening process should be strictly designed to target only the most egregious examples

Keywords under scrutiny are likely to include “rape”, “incest”, “bestiality”, “paedophilia” and derivatives.

Macdonald noted that Nominet gets 20 – 25 registrations containing these strings per week, but that the “vast majority” were false positives that should not trigger a suspension.

The Macdonald report gives examples of existing domains that would be likely to trigger Nominet action, including rapeme.co.uk, rapemyteacher.co.uk and rapeporn.co.uk.

According to Whois records, all of the domains listed in the report have already been suspended by Nominet.

Macdonald wrote:

it is difficult to see any reasonable basis whatsoever upon which the registration of a domain name such as rapemyteacher.co.uk could be consistent with any reasonable terms of business that Nominet might draw up.

It’s not clear from archives whether many of these domains even led to sites with content. An Archive.org capture of rapeporn.co.uk from 2009 contains a short essay (looks like a hasty attempt to justify the domain to me) on why rape fantasy and actual rape are different.

I suspect that “rapemyteacher.co.uk” was supposed to be a joke, a play on the popular site RateMyTeachers.com.

However, in Macdonald’s view, it’s easily possible for Nominet to suspend these names without infringing anyone’s free speech rights under the European Convention on Human Rights and UK law.

He said that in some cases the domain name itself may be illegal, if it encourages others to commitment crimes. Incitement is a crime, after all.

But his report seems to envisage that the use of the word “rape” may be justifiable when used in a figurative sense not related to actual sexual violence. It would also not be banned in positive contexts such as rape victim support services.

He recommended against instituting bans on swearwords and racist terms for similar reasons.

The one thing missing from the report, and Nominet’s response to it so far, is any requirement for Nominet to disclose which domain names it has suspended under the new policy.

That would be an important oversight mechanism, in my view.

If Nominet is going to be deleting names based on an as-yet-undisclosed review process, wouldn’t free speech be served by at least telling the public what has been censored?

What if rapemyteacher.co.uk was supposed to be a parody of RateMyTeachers.com? Did Nominet just suspend a humor site for no good reason and without telling anyone but the registrant?

The Macdonald report was commissioned following an outraged Sunday Times article based on a blog post by anti-porn crusader John Carr, who wanted a ban on “depraved or disgusting words”.

Neither Carr, the Sunday Times, Nominet or Macdonald have ever presented any examples of “egregious” .uk domain names leading to content encouraging or glorifying sexual violence, nor have they ever said that they’ve seen one with their own eyes.

It’s possible that such domains do not exist.

The review and the new Nominet policy, I think it’s fair to say, has probably not protected a single man, woman, child, corpse or sheep from unwelcome interference. It was, I suspect, a waste of time and resources.

But at first look the policy, properly implemented, does not appear to present a huge risk of infringing free speech rights or throwing up vast numbers of false positives.