Latest news of the domain name industry

Recent Posts

This is how stupid the GAC’s new gTLDs advice is

Kevin Murphy, May 9, 2013, Domain Policy

For the last few weeks I’ve been attempting to write a sensible analysis of the Governmental Advisory Committee’s advice on new gTLDs without resorting to incredulity, hyperbole or sarcasm.

I failed, so you’ll have to read this instead.

I’m sorry, but the GAC’s Beijing communique (pdf) just has too much stupid in it to take seriously.

As a quick reminder, the bulk of the GAC’s advice was taken up by a list of hundreds of applied-for strings, in 12 categories, that “are likely to invoke a level of implied trust from consumers”.

The GAC said that any string on the list should be subject to more stringent regulation than others, turning their registries into data security regulators and creating an obligation to partner with “relevant regulatory, or industry self-­regulatory, bodies”.

The GAC, having advised the creation of these unexpected obligations, decided that it wasn’t its responsibility to figure out whether any of them would be feasible to implement.

That’s apparently up to ICANN to figure out.

But that’s not the most infuriating part of the advice. The most infuriating part is the list of strings it provided, which by the GAC’s own admission was unhelpfully “non-exhaustive”.

When one performs a cursory analysis of the list, and compares it to the strings that did not make it, the dumb just accumulates.

My spies tell me that the GAC worked into the early hours on a few occasions during the Beijing meeting in order to put this advice together, and some might say it’s unfair to expect its members to have read and formed consensus opinions on all 1,930 original new gTLD applications.

But the GAC wasn’t expected to read them all, nor did it. Its job was originally conceived of as commenting on the strings alone, and that appears to be what it ultimately did limit itself to.

I think it’s fair to try to get some insight into the GAC’s collective thought process by looking at the “Category 1” strings that it did put on the list and those that it did not.

Not because I think there’s a coherent thought process at work here, but because I think there isn’t.

Remember, the GAC had nine months to come up with its list. This article was written in an afternoon.

Here’s my list of bizarre inconsistencies, failed reality checks and pure dumb I found in the Beijing communique.

It’s non-exhaustive.

Destroy all pirates!

The GAC is clearly a bit worried that people might use new gTLDs to offer pirated and counterfeited goods (like they do in existing TLDs), so it has placed a few dozen content-related strings on its list.

The intellectual property list is one of the longest of the 12 categories in the Beijing communique.

But it could be longer.

I wonder why, for example, the GAC doesn’t consider .stream a threat to copyright? Streaming sites are frequent targets of takedown notices.

Why does .hiphop get a mention but not .country, a gTLD specifically designed for country music lovers?

Why are .photography, .photo, .photos, .pictures and .pics not on the list? Image theft is pandemic online, enabled by default in browsers (no P2P required) and utterly trivial to execute.

And if .tours is considered a problem, why not .events, or .tickets?

We’re talking about sectors with abuse potential here, and ticketing is considered worthy of legislation in many places. Here in England you can get a £5,000 fine for reselling a ticket to a football match.

Why is .tours even on the intellectual property list? It could just as easily refer to organized vacations or guide services provided by museums. Or the French city of the same name, for that matter.

Why aren’t our friends in Tours getting the same GAC love as Spa and Date — towns in Belgium and Japan — which have caused the delay of advice on .spa and .date respectively?

And why are .free, .gratis and .discount considered intellectual property problems?

How is the .free registry supposed to follow the GAC’s demand that it partner with “relevant regulatory, or industry self­‐regulatory, bodies” for free stuff? Does “.free” even have an “implied level of trust”?

Is the GAC’s goal to kill off the bid by the back door?

Goodbye .free, you couldn’t guarantee that there wouldn’t be piracy in your TLD so your application is forfeit? A potentially cool TLD, sacrificed on the altar of Big Copyright?

Don’t even get me started on .art…

Won’t somebody think of the children?!

The GAC did not say why the “children” category exists, but I assume it’s about ensuring that the content in TLDs such as .kids and .school is suitable for “kids” (pick your own definition, the GAC doesn’t have one).

It goes without saying that any TLD that is obliged to follow child-friendly rules will be saddled with a commercial death sentence, as the US government already knows full well.

The GAC didn’t include .family on the list for some reason, but it did inexplicably include .game and .games.

In the last game I played, my character stabbed a guy in the neck with a broken bottle, stole his clothes and threw his body off a cliff. Gaming is a predominantly adult pastime nowadays.

Suggesting that .games sites need to be child-friendly is just as stupid as saying .movie or .book sites need to be child-friendly.

I’m sure GAC chair Heather Dryden is far too sensible and grown-up to play games, but I’d be surprised if not a single member of the committee owns an Xbox. One of them should have pointed this nonsense out.

If the GAC is not saying this — if it’s merely saying the .games registry should work cooperatively with the gaming industry — then why is .games in the “Children” category?

The GAC Diet

Another couple dozen strings are listed under the “health and fitness” category, ranging from the not-unreasonable, such as .doctor, to the terrifically broad, such as .diet and .care.

Really? .care?

Donuts, the .care applicant, has to partner with some kind of medical register in order to sell a TLD that could just as easily be used for customer support by a company that sells shoes?

And .diet? If the GAC is concerned about internet users getting dodgy dieting advice from a disreputable .diet registrant, why not also issue advice against .eat and .food?

If .fitness is a problem, why isn’t .yoga?

Why isn’t the GAC bothered by .tattoo and .ink? Where I live, you need to be a licensed professional in order to stick people with an inky needle.

For that matter, why aren’t .beauty and .salon a problem? Pretty much every beauty salon I’ve walked past in the last couple of years wants to inject toxins into my face for a fee.

If we’re already saying games are for kids, that free equals fake, and that tours can be pirated, it doesn’t seem like too unreasonable a leap to to regulate .beauty too.

You feed beefburgers to swans

There’s a provision in the Beijing communique saying that every string on the GAC’s list must force its registrants “to comply with all applicable laws, including those that relate to… organic farming.”

So why the hell doesn’t .farm appear on the list?!?

Really, it doesn’t. I’ve triple-checked. It’s not there. According to the GAC’s advice, a .bingo registrant has to abide by organic farming laws but a .farm registrant does not.

Some professions are more equal than others

For all of the “Category 1” strings the GAC has advised against, the headline argument is this:

Strings that are linked to regulated or professional sectors should operate in a way that is consistent with applicable laws.

But there are plenty of strings that are “linked to regulated or professional sectors” that don’t merit a mention in the communique.

Alcohol, for example. The sale of booze is regulated pretty much everywhere — in some places it’s illegal — but .pub and .bar don’t make it to the GAC’s advice. Neither does .vodka.

If the GAC wants .weather to have strict controls — with no abuse scenario I can think of — why not a couple of TLDs that could, potentially, be used to sell alcohol over the internet?

What of construction? There may have been advice against .engineer, but .construction, .building, .contractors and .build got a pass. Why? Governments everywhere regulate the building industry tightly.

Here in the UK, if you want a plumber to come over and tinker with your heating you’d better hope they’re on the Gas Safe Register, but .plumber doesn’t show up in the Beijing communique.

Why not? An abusive .dentist registrant could mess up my teeth, but he’ll need an expensive surgery to do it in. An abusive .plumber, on the other hand, can come over and blow up my house with no such outlay.

Taxis are regulated in most big cities, but .taxi and .limo escaped GAC advice. Hell, even porn is strictly controlled in many countries, but .porn got a pass.

I could go on.

Anyway…

You might think I’m being petty, but remember: the GAC got the list of applied-for strings last June the same as everybody else. It had plenty of time to get its advice list right.

The GAC has a big responsibility in the multi-stakeholder process and by presenting advice that appears half-assed at best it makes it look like it doesn’t take that responsibility seriously.

I know it does, but it doesn’t appear that way.

Demand Media slates GAC’s new gTLDs demands

Kevin Murphy, May 9, 2013, Domain Policy

Demand Media has become the first new gTLD applicant to put its head above the parapet and tell ICANN that its latest batch of Governmental Advisory Committee advice is unworkable.

While its comment on the GAC’s Beijing communique is very diplomatically worded, it’s obvious that Demand reckons most of the “safeguard” advice it contains would be difficult, if not impossible, to implement.

The company has urged ICANN to refuse to adopt the advice, saying:

the spirit and actual letter of the GAC Advice related to these additional safeguards comes in a manner and form that is completely antithetical and contrary to ICANN’s bottom-up, multi-stakeholder, consensus-driven policy development process. Because the proposed safeguards, if implemented, would effectively change how new gTLDs are managed, sold, distributed, registered, operated, and used in the marketplace, the GAC Advice is tantamount to making “top-down,” dictatorial, non-consensus, policy which undermines the entire ICANN model. If ICANN chose to adopt any one of these three safeguards, ICANN itself would lose all legitimacy.

Demand seems to agree with many of the points raised in this DI post from a few weeks ago related to the GAC’s demand that hundreds of new gTLD registries should compel their registrants to stick to data security standards when they handle sensitive financial or healthcare data.

The GAC’s advice is extremely broad here and pays scant attention to the innumerable implementation questions raised. As such, Demand says in its comment (filed by applying subsidiary United TLD Holdco):

United TLD believes applicable laws and recognized industry standards should be developed and implemented by appropriate legislative, law enforcement and industry expert bodies and should not be developed by the registry operator.

It also takes issue with the GAC’s demand for registry operators to “establish a working relationship with the relevant regulatory body including developing a strategy to mitigate abuse.”

The company points out that many TLDs listed in the Beijing communique will have multiple uses, and even if there is a regulatory body for a subsection of registrants, it may not cover all.

For example, should a software engineer (an unregulated profession) have to agree to abide by rules developed for civil engineers when they register a .engineer domain name?

it would be inappropriate, and impossible, to find a “relevant regulatory body” with whom to establish a relationship related to the use of .ENGINEER. Additionally, what if the relevant regulatory body simply declined to work with a registry operator or does not respond to requests for collaboration?

The Demand comment is full of examples of problems such as this.

In broader terms, however, the registrar and applicant is utterly opposed to the GAC’s insistence that “certain” unspecified gTLDs representing regulated sectors should be forced, in effect, to transform into tightly restricted sponsored gTLDs.

The GAC wants these applicants to forge tight links with regulatory and self-regulatory bodies and vet each registrant’s credentials before allowing domains to be registered.

Demand said:

applicants, including United TLD, submitted their new gTLD applications believing that that they would be operating, managing and distributing generic TLDs. These three Safeguards completely change the nature of the new TLDs from being generic and widely available, to being “sponsored” TLDs restricted only to those individuals who must prove their status or credentials entitling them to register domain names with certain extensions. These three Safeguards are patently adverse to the core purpose of the new gTLD program and ICANN’s mission generally which is to promote consumer choice and competition.

While Demand is the first application to slam the GAC advice as a whole (a few others have submitted preliminary comments on specific subsets of advice), I’m certain it won’t be the last.

That said, .secure applicant Artemis Internet submitted what is possibly the most amusing example of “sucking up” I’ve ever seen in an ICANN public comment period.

The company actually requests to be added to the list of strings covered by the GAC advice on the grounds that its application was so gosh-darn wonderful it already planned to do all that stuff anyway.

I expect, by the time the comment period closes next Tuesday the prevailing mood from applicants will be more Demand and less Artemis.

ICANN to consider GAC Advice next week

Kevin Murphy, May 3, 2013, Domain Policy

ICANN’s board of directors is to discuss its response to the Governmental Advisory Committee’s sweeping new gTLDs advice at a meeting next week.

The New gTLD Program Committee has “Plan for responding to the GAC advice issued in Beijing” on its May 8 agenda. It’s the only specific topic listed for discussion at the meeting.

The GAC’s Beijing communique proposed a radical overhaul of the new gTLD approval process, with new anti-abuse requirements for all applicants and strict restrictions on 517 specific applications.

Due the breadth of the GAC’s advice, there are major procedural questions in play that could change the timeline of the new gTLD program, in addition to the substantial questions related to applications.

The document is currently open for public comment, with a close date for first-stage comments of May 14.

It’s not clear whether comments filed before May 8 will be made available to the board committee.

New Domain Name Association names interim board

Kevin Murphy, April 24, 2013, Domain Policy

The formative Domain Name Association has started calling itself the Domain Name Association and is moving closer to a proper launch under the guidance of an interim board of directors.

This is the trade group that started getting together in January, kick-started by Google, and launched a one-page web site at WhatDomain.org in March.

Right now, ARI Registry Services CEO Adrian Kinderis is acting as chair of the interim board.

The rest of the board comprises: Jon Nevett (Donuts), Elizabeth Sweezey (FairWinds), Rob Hall (Momentous), Jeff Eckhaus (Demand Media), Statton Hammock (Demand Media), and Job Lawrence (Google).

According to a presentation Kinderis gave at a meeting of ICANN execs and industry leaders in New York yesterday, the DNA will be a non-profit, independent organization funded by membership fees.

Membership will be open to registries, registrars, resellers, back-end providers and individual consultants.

The mission is to: “Promote the interests of its members by advocating the use, adoption, and expansion of domain names as the primary tool for users to navigate the Internet.”

The finer details of scope, marketing, governance and funding are still being worked out, but if you’re in the industry you can probably expect an invitation to join before too long.

It’s actually not the only industry trade group forming at the moment.

Judging by presentations given in Beijing two weeks ago, the Brand Registry Group is thinking about coming together as a trade association as well as a constituency within ICANN’s policy-making structure.

Could this be ICANN’s most important public comment period ever?

Kevin Murphy, April 24, 2013, Domain Policy

How much power should governments have over the domain name industry? Should the industry be held responsible for the actions of its customers? Are domain names the way to stop crime?

These are some of the questions likely to be addressed during ICANN’s latest public comment period, which could prove to be one of the most important consultations it’s ever launched.

ICANN wants comments on governmental advice issued during the Beijing meeting two weeks ago, which sought to impose a broad regulatory environment on new gTLD registries.

According to this morning’s announcement:

[ICANN’s Board New gTLD Committee] has directed staff to solicit comment on how it should address one element of the advice: safeguards applicable to broad categories of New gTLD strings. Accordingly, ICANN seeks public input on how the Board New gTLD Committee should address section IV.1.b and Annex I of the GAC Beijing Communiqué.

Annex 1 of the Beijing communique is the bit in which the GAC told ICANN to impose sweeping new rules on new gTLD registries. It’s only a few pages long, but that’s because it contains a shocking lack of detail.

For all new gTLDs, the GAC wants ICANN to:

  • Apply a set of abuse “safeguards” to all new gTLDs, including mandatory annual Whois accuracy audits. Domain names found to use false Whois would be suspended by the registry.
  • Force all registrants in new gTLDs to provide an abuse point of contact to the registry.
  • Make registries responsible for adjudicating complaints about copyright infringement and counterfeiting, suspending domains if they decide (how, it’s not clear) that laws are being broken.

For the 385 gTLD applications deemed to represent “regulated or professional sectors”, the GAC wants ICANN to:

  • Reject the application unless the applicant partners with an appropriate industry trade association. New gTLDs such as .game, .broadway and .town could only be approved if they had backing from “relevant regulatory, or industry self-­regulatory, bodies” for gaming, theater and towns, for example.
  • Make the registries responsible for policing registrants’ compliance with financial and healthcare data security laws.
  • Force registries to include references to organic farming legislation in their terms of service.

For gTLD strings related to “financial, gambling, professional services, environmental, health and fitness, corporate identifiers, and charity” the GAC wants even more restrictions.

Essentially, it’s told ICANN that a subset of the strings in those categories (it didn’t say which ones) should only be operated as restricted gTLDs, a little like .museum or .post are today.

It probably wouldn’t be possible for a poker hobbyist to register a .poker domain in order to blog about his victories and defeats, for example, unless they had a license from an appropriate gambling regulator.

Attempting to impose last-minute rules on applicants appears to reverse one of the GAC’s longstanding GAC Principles Regarding New gTLDs, dating back to 2007, which states:

All applicants for a new gTLD registry should therefore be evaluated against transparent and predictable criteria, fully available to the applicants prior to the initiation of the process. Normally, therefore, no subsequent addition selection criteria should be used in the selection process.

The Beijing communique also asks ICANN to reconsider allowing singular and plural versions of the same string to coexist, and says “closed generic” or “exclusive access” single-registrant gTLDs must serve a public interest purpose or be rejected.

There’s a lot of stuff to think about in the communique.

But ICANN’s post-Beijing problem isn’t whether it should accept the GAC’s advice, it’s to first figure out what the hell the GAC is actually asking for.

Take this bit, for example:

Registry operators will require that registrants who collect and maintain sensitive health and financial data implement reasonable and appropriate security measures commensurate with the offering of those services, as defined by applicable law and recognized industry standards.

This one paragraph alone raises a whole bunch of extremely difficult questions.

How would registry operators identify which registrants are handling sensitive data? If .book has a million domains, how would the registry know which are used to sell books and which are just reviewing them?

How would the registries “require” adherence to data security laws? Is it just a case of paying lip service in the terms of service, or do they have to be more proactive?

What’s a “reasonable and appropriate security measure”? Should a .doctor site that provides access to healthcare information have the same security as one that merely allows appointments to be booked? What about a .diet site that knows how fat all of its users are? How would a registry differentiate between these use cases?

Which industry standards are applicable here? Which data security laws? From which country? What happens if the laws of different nations conflict with each other?

If a registry receives a complaint about non-compliance, how on earth does the registry figure out if the complaint is valid? Do they have to audit the registrant’s security practices?

What should happen if a registrant does not comply with these laws or industry standards? Does its domain get taken away? One would assume so, but the GAC, for some reason, doesn’t say.

The ICANN community could spend five years discussing these questions, trying to build a framework for registries to police security compliance, and not come to any consensus.

The easier answer is of course: it’s none of ICANN’s business.

Is it ICANN’s job to govern how web sites securely store and transmit healthcare data? I sure hope not.

And those are just the questions raised by one paragraph.

The Beijing communique as a whole is a perplexing, frustrating mess of ideas that seems to have been hastily cobbled together from a governmental wish-list of fixes for perceived problems with the internet.

It lacks detail, which suggests it lacks thought, and it’s going to take a long time for the community to discuss, even as many affected new gTLD applicants thought they were entering the home stretch.

Underlying everything, however, is the question of how much weight the GAC’s advice — which is almost always less informed than advice from any other stakeholder group — should carry.

ICANN CEO Fadi Chehade and chair Steve Crocker have made many references recently to the “multi-stakeholder model” actually being the “multi-equal-stakeholder model”.

This new comment period is the first opportunity the other stakeholders get to put this to the test.