Government to regulate UK-related domain names
The UK government is to trigger a law that would allow it to take control of .uk, .wales, .cymru, .scot and .london if their registries get thoroughly abused and they fail to do anything about it.
The Department for Science, Innovation and Technology said today it is to activate (or “commence”) the parts of the Digital Economy Act of 2010 that give it the power to appoint a new manager for any “UK-related” TLDs.
DSIT would only be able to exercise these powers if the registry in question had let DNS abuse or cybersquatting run amok and failed to follow government orders to fix it. I don’t believe any of the affected registries are currently in such a state.
The government has now launched a consultation, running until the end of August, to get industry and public feedback on its definitions of abuse and what it called “unfair domain use”, meaning cybersquatting.
Nominet, which runs .uk, .wales and .cymru, said in a statement:
The proposed prescribed requirements are consistent with Nominet’s current voluntary procedures, which Government has made clear it believes Nominet operates in a perfectly satisfactory manner. As the Government has had a reserve power to “step in” ever since the DEA was introduced, the purpose of the new provisions is to give Government a formal mechanism to do so, should it ever be required. Our understanding is that Government is enacting these provisions now to ensure the UK meets international best practice on governance of country code top-level domains in line with key global trading partners and future global trading commitments.
Based on my first read, I expect registries and registrars will think it looks generally pretty palatable. It seems DSIT has followed ICANN and the industry’s lead in terms of what qualifies as abuse, and Nominet said in a statement tonight that all three affected registries have been meeting with DSIT to craft the consultation.
Domain investors may take issue with the precise wording of the cybersquatting definition, however.
The definitions of abuse cover the industry standard five bases: malware, phishing, botnets, pharming and spam (insofar as it facilitates any of the other four) and cybersquatting is defined thus:
the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names. This includes ‘typosquatting’, when an end user takes advantage of common misspellings made by Internet users who are looking for a particular site or a particular provider of goods or services, in order to obtain some benefit.
Domainers will notice the document talks about “bad faith registration”, whereas UDRP talks about bad faith “registration and use”, which is sometimes an important edge-case distinction in cybersquatting disputes. Nominet’s DRS uses bad faith registration “or” use.
Where the consultation gets vague, and the potential for debate arises, is when it talks in general, high-level terms about how dispute resolution procedures should be designed.
Failure to deal with child sexual abuse material, as defined in the Convention on the Rights of the Child, in an affected TLD could also result in the government appointing a new registry.
The four gTLDs affected by the legislation all are considered geographic under ICANN rules and had to secure local government support when they applied for their strings. ICANN has a contractual right to terminate them if that government says so.
After the consultation is complete, DSIT intends to make its definitions law through secondary legislation.
This post was updated shortly after publication to add Nominet comments.
ICANN Ombudsman quits
Herb Waye has quit as ICANN’s independent Ombudsman, according to ICANN.
His last day will be September 30 and ICANN is already looking for his replacement, the Org said in a statement.
While the announcement includes a glowing quote from board chair Tripti Sinha it does not contain a quote from Waye and no reason was given for his departure.
Waye has been in the Ombudsman’s office for 16 years, the last seven as the Ombudsman itself.
The Ombudsman is a structurally independent office that deals with issues of fairness within the ICANN community. It’s one way community members can complain about each other and ICANN itself.
Most the work is handled confidentially, so it’s difficult to say exactly what it is the Ombudsman does for their money, but the last few years’ Ombudsman annual reports show the office typically receives a couple hundred complaints a year, maybe a couple dozen of which are actually within its jurisdiction.
Complaints cover issues such as abusive discourse, harassment, and contractual compliance.
Some of the most visible Ombudsman work has related to sexual harassment complaints at ICANN public meetings. Some female community members have stated that they would feel uncomfortable reporting sexual harassment to a male Ombudsman.
I’d be very surprised if the next Ombudsman is not a woman.
ICANN actually CHANGES Verisign’s .net contract after public comments
ICANN has decided to make a change to the upcoming new version of Verisign’s .net registry agreement in response to public comments, but it’s not the change most commenters wanted.
In the near-unprecedented nod to the public comment process, the Org says it’s agreed with Verisign to change two instances of upper-case “S” in the term “Security and Stability” to lower case.
That’s it.
Some commenters had wrung their hands over the fact that the .net contract includes upper-case “Security and Stability” as defined terms, in contrast to the lower-case “security and stability” found in other gTLD contracts.
Based on a strict reading, this could in some circumstances give Verisign an excuse to avoid implementing ICANN Consensus Policies, commenters including the Business Constituency and Intellectual Property Constituency noted,
It appears that this was an oversight by ICANN and Verisign rather that some kind of nefarious plot. In its public comments analysis and summary (pdf), ICANN writes:
We acknowledge however that the capitalization of the “s” could in theory potentially lead to different interpretations of the applicability of certain future Consensus Policies under Section 3.1(b)(iv)(1) for the .NET RA.
Because in this instance it was not the intent of ICANN org nor Verisign to limit in this manner the applicability of Consensus Policy topics for which uniform or coordinated resolution is reasonably necessary to facilitate the interoperability, security and/or stability of the Internet or DNS, ICANN org and Verisign have mutually agreed to update Section 3.1(b)(iv)(1) of the .NET RA to the lower case “s.”
So there we have it: a rare instance of a public comment period accomplishing something and a confirmed victory for accountability and transparency!
Most of the comments had focused on Verisign’s ability to raise prices and a clause that some domainers thought would allow censorial government regimes to seize domains, but ICANN said that’s all fine.
The looooong road to urgently hiring ICANN’s next CEO
ICANN expects to appoint its next CEO about a year from now, up to 18 months after Göran Marby quit, despite impressing on job-hunters the need to act with speed or risk ICANN’s very existence.
After about 16 “listening sessions” with pretty much every part of the ICANN community over the last three months, the board of directors has approved a 10-page job description for the role.
The document pretty much prays for the Second Coming, at one point calling for a “servant leader” — an oxymoron arguably originating with the words of Jesus H Christ Himself and recently echoed by King Charles III during his coronation.
The new boss will have to be a global visionary with reams of experience managing large, big-budget technical organizations; an impeccably ethical open book; an international diplomat; a compassionate, empathetic nerd; a consensus-building polyglot; a disinterested ICANN insider.
The job description acknowledges that “few, if any” candidates will tick all the boxes, but it’s still setting itself a pretty high bar.
The fact that it takes half a year to write a job ad for a role that’s already been held by nine people over the last quarter century is baffling enough, but the recruitment process itself hasn’t even started yet.
ICANN now says it will put out a request for proposals for executive recruitment companies to manage the hiring process. It doesn’t expect to start interviewing candidates until the start of next year.
The actual appointment should come in the second quarter 2024, ICANN says. Whether the next chief will be available to start immediately is of course unknowable. In the meantime, interim CEO Sally Costerton will carry on filling the role.
You might expect the hiring process to get faster as ICANN gets older, better-resourced and more experienced, but it’s actually months slower than on the last few occasions a new CEO has been sought.
It was 10 months between Rod Beckstrom announcing he was quitting in 2011 and Fadi Chehadé being named heir apparent. After he announced he was out in 2015, it was nine months before Marby was crowned.
We’re now looking at potentially twice as long a runway between CEOs, and a job description that unironically calls for leadership amidst a “rapidly evolving” governance space, addressing the “the need to ‘get things done'” and ICANN’s need to “act with urgency” to manage emerging technological threats that could Balkanize the namespace and threaten ICANN’s very raison d’etre.
Rwanda picked for ICANN meeting
ICANN is inviting its community to Kigali, Rwanda, for its ICANN 80 public meeting.
The shorter “Policy Forum” meeting, the same format as the one that took place in Washington DC this month, will start from June 10 next year at the Kigali Convention Centre, ICANN’s board decided last week.
It’s the first time ICANN has visited Africa since before the Covid-19 pandemic and the first time Rwanda will have hosted a meeting.
ICANN has hosted meetings in Africa on 12 occasions over the last 25 years, in seven countries — Morocco, Egypt, Tunisia, Kenya, Ghana, Senegal and South Africa.
ICANN’s practice is to rotate meetings through each of its five geographic regions, but it rarely happens in a strict order and obviously the pandemic shook up scheduling.
Rwanda and questions about its safety and human rights record have been in the news here in the UK for the last couple of years due to the British government’s plan to deport illegal migrants there.
But the UK and US authorities class Rwanda as safe, as long as you stay away from contested border regions. Visas appear to be free upon arrival for all travelers, regardless of origin.
Governments call for ban on gTLD auctions
Governments are calling for a ban on new gTLD contention sets being settled via private auctions, a practice that allowed many tens of millions of dollars to change hands in the last application round.
ICANN’s Governmental Advisory Committee said in its ICANN 77 communique that it formally advises ICANN: “To ban or strongly disincentivize private monetary means of resolution of contention sets, including private auctions.”
Private auctions typically see the losers split the winner’s winning bid among themselves. The GAC endorsed the At-Large Advisory Committee’s recommendation that applicants should be forced to ICANN-run “last resort” auctions, where ICANN gets all the money, instead.
The concern is that companies with no intention of actually operating a gTLD will file applications purely in order to have a tradeable asset that can be sold to competing applicants for a huge profit.
In the 2012 round, 224 contention sets were settled in private, often via auctions. ICANN not only allowed but encouraged the practice.
For example, publicly listed portfolio registry Minds + Machines disclosed tens of millions of income from losing private auctions, some of which was reinvested into winning auctions for gTLDs that it did intend to run.
Another applicant, Nu Do Co, did not win a single auction it was involved in, with the exception of the ICANN-run “last resort” auction for .web, where its winning $135 million bid was secretly funded by Verisign.
In the case of .web, rival bidders urged NDC to go to private auction until almost the last moment, eager to get a piece of the winning bid. It remains the subject of legal disputes to this day.
The current GNSO “SubPro” policy recommendations do not include a ban on private settlements, instead saying that applicants should affirm that they have a “bona fide” intent to operate the TLD, under penalty of unspecified sanctions if they lie.
The recommendations include a set of suggested red flags that ICANN should look out for when trying to determine whether an applicant is game the system, such as the number of applications filed versus contention sets won.
It’s pretty vague — the kind of thing that would have to be ironed out during implementation — and the ICANN board of directors has yet to formally approve these specific recommendations.
The GAC’s latest advice also has concerns about the “last resort” auctions that ICANN conducts, which see ICANN place the winning bid in a special fund, particular with regards non-commercial applicants.
The GAC advised ICANN: “To take steps to avoid the use of auctions of last resort in contentions between commercial and non-commercial applications; alternative means for the resolution of such contention sets, such as drawing lots, may be explored.”
Some previous ways to mitigate contention gaming include Vickrey auctions, where every applicant submits a high bid at the time of application and the applicant with the highest bid pays ICANN the amount of the second-highest bid.
Bidding before one even knows whether the gTLD string will be subject to contention is seen as a way to dissuade applicants from applying for strings they don’t really want.
ICANN directors said repeatedly at ICANN 77 last week that the Org will be hiring an auctions expert to investigate the best way to handle auctions and reduce gaming.
Closed generics and IDNs debates are big drag on new gTLDs
As ICANN 77 officially kicks off in Washington DC today, the issues of closed generics and IDNs have already emerged as big drag factors on the launch of the next new gTLD application round.
During a day-long “day zero” session yesterday, the community heard that the absolute fastest the GNSO will be able to make policy on closed generics is 96 weeks — over 22 months — using its “expedited” Policy Development Process.
Meanwhile, making policy on internationalized domain names — mainly, how to handle string similarity conflicts in non-Latin scripts — is not expected to be done until March 2026 at the earliest. And that’s through an “expedited” PDP that has already been running for over two years.
The predicted closed generics timetable (on page 16 of this PDF presentation) is actually relatively aggressive compared to the two previous EPDPs (on post-GDPR Whois policy) that the GNSO has previously completed.
It only calls for 36 weeks — about eight months — for the actual working group deliberations, for example, compared to the 48 weeks the equally controversial Whois EPDP took a few years ago.
But the expected duration prompted some criticism yesterday from those wondering why, for example, a “call for volunteers” needs to take as long as three months to carry out.
The timetable was written up prior to the publication over the weekend of a draft framework for closed generics (pdf), which lays out a few dozen principles that should be taken into account in subsequent EPDP work.
With what looks like a certain amount of wheel-reinvention, the document describes a points-based system for determining whether an applicant is worthy of a closed generic. It seems to be based quite a lot on the process used to assess “Community” applications in the 2012 round.
The framework was created in private over the last six months by a cross-community group of 14 people from the GNSO and Governmental Advisory Committee. Chatham House rules applied, so we don’t know exactly whose opinions made it into the final draft. But it exists now, and at first glance it looks like a decent starting point for a closed generics policy.
The major issue is that the work, at its core, is about predicting and preemptively shutting down all the ways devious corporate marketing people might try to blag themselves a closed generic for competitive or defensive purposes, rather than for the public interest, and I’m not sure that’s possible.
Discussion on closed generics will continue this week at ICANN 77, including a session that starts around about the same time I’m hitting publish on this article.
Everyone hates Verisign’s new .net deal
The public has commented: Verisign’s .net registry contract should not be renewed in its currently proposed form.
ICANN’s public comment period for the renewal closed yesterday and attracted 57 submissions, most of which either complained about Verisign being allowed to raise its prices or expressed fears about domains being seized by governments.
The proposed contract retains the current pricing structure, in which Verisign is allowed to raise the price of a .net domain by 10% a year. They currently cost $9.92, meaning they could reach $17.57 by the time the contract ends.
The Internet Commerce Association, some of its supporters, Namecheap, the Registrars Stakeholder Group, the Cross-Community Working Party on ICANN and Human Rights (CCWP-HR), and TurnCommerce all oppose the price increases.
The RrSG said the price provisions “are without sufficient justification or an analysis of its potentially substantial impact on the DNS”.
These commenters and others who did not directly oppose the increases, including the At-Large Advisory Committee and consultant Michael Palage, called for ICANN to conduct an economic analysis of the domain name market.
The Business Constituency was the only commenter to openly support the increases, though its comment noted that it is opposed in principle to ICANN capping prices at all.
The Intellectual Property Constituency did not express a view on pricing, but called for greater transparency into the side-deal that sees ICANN get an extra $4 million a year for unspecified security-related work. ICANN has never revealed publicly how this money is spent.
In terms of the number of submissions, the biggest concern people seem to have is that the proposed contract contains language obliging Verisign to take down domains to comply with “applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction”.
This language is already in the .com contract, but before ICANN clarified this on April 26 several concerned registrants had made comments opposing its inclusion.
Notably, the founder of the controversial troll forum kiwifarms.net, which has been kicked out of registrars after being linked to suicides, submitted his own “ICANN should be destroyed” comment.
Several commenters also noted that the definition of “security and stability” in the .net contract differs to the Base Registry Agreement that almost all other registries have signed in such a way that it is feared that Verisign would not have to abide by future ICANN Consensus Policies under certain circumstances.
As several commenters note, the usual protocol following an ICANN public comment period is for ICANN to issue a summary report, pay lip service to having “considered” the input, and then make absolutely no changes at all.
This time, some commenters held out some hope that ICANN’s new, surprisingly sprightly and accommodating leadership may have a different approach.
The comments can be read here.
ICANN just put a date on the next new gTLD round
ICANN has just penciled in a date for the next round of new gTLD applications for the first time, but it’s already upsetting some people who think it’s not aggressive enough.
Org has released its draft Implementation Plan for the next round, which would see it launch in May 2026, three years from now.
The date seems to have been set from the top. The plan refers to “the Board’s desire to launch the next round by May 2026”.
The plan sets out the timeline by which community members will work with staff to turn the community’s policy recommendations into the rules and procedures for accepting and processing gTLD applications.
This cross-community Implementation Review Team will write the next Applicant Guidebook — the new gTLD’s program’s Holy Quran.
The plan covers the 98 policy recommendations already approved by the ICANN board of directors, it will be updated when or if the board approves the 38 recommendations currently considered “pending”.
The work would be split into eight “modules”, corresponding to the sections of the AGB, and the IRT would tackle each in turn, meeting mostly via Zoom for a couple hours once a week.
The modules would be split into about 40 topics, each covering a group of related recommendations, and each topic would be discussed for two meetings, with Org-drafted text undergoing first and second “readings” by the IRT.
The first module would take seven months to complete, timed from this month, and each subsequent module would take three to four months after the completion of the preceding module, according to the draft plan.
Above and beyond that timetable, the IRT has certain external dependencies, such as the work being done with governments on the “closed generics” issue, the plan notes.
After the AGB is published, ICANN would need to carry out other work, such as subjecting the AGB to public comment, then marketing the program for four months, before an application window would open.
The timeline has been received negatively by pretty much everyone on the IRT expressing a view on mailing list or Zoom chatter so far, with some asking why the modules have to be tackled sequentially rather than in parallel work tracks.
Some have also pointed out that an IRT lasting over two years risks participant attrition, a frequent problem with ICANN’s interminable policy-making work.
The IRT comprises dozens of volunteers from all sections of the community, though the most-engaged tend to be the lawyers and consultants who stand to make money advising large enterprises on their dot-brand applications.
.web delay likely after Verisign rival files ICANN appeal
The .web gTLD appears unlikely to see the light of day any time soon, after the Afilias spin-off that came second to Verisign in the $135 million auction in 2016 kicked off another appeals process.
Altanovo, which is made up of bits of Afilias left over when Identity Digital acquired the company, has asked ICANN to enter a Cooperative Engagement Process, according to ICANN’s records.
The CEP is a form of mediation companies can force ICANN into when they have beef. It’s designed to avoid the relative expense of a full-on Independent Review Process. They usually result in an IRP anyway.
Altanovo made its request the same day ICANN announced that its board of directors had decided to take .web off hold and resume registry contract negotiations with Verisign, following Altanovo’s original, unsuccessful IRP.
Verisign yesterday said the move amounted to an “abuse of process” and “baseless procedural maneuvering”, likely to lead to “delay for delay’s sake”.
IRPs typically last years and cost many hundreds of thousands of dollars in panel fees, not counting each party’s lawyer fees.
Altanovo believes that Verisign broke ICANN’s new gTLD program rules when it bid for .web via a secret intermediary. Verisign has countered that its rival, then Afilias, broke the rules by trying to negotiate a private deal during the auction’s “black out” period.
Recent Comments