Latest news of the domain name industry

Recent Posts

ICANN cancels Fridays. Bad for transparency.

Kevin Murphy, May 2, 2012, Domain Policy

ICANN’s next public meeting, and all its public meetings thereafter, will be a day shorter than usual, following a decision to cancel the regular Friday morning program.

No Friday means no public meeting of the board of directors.

While the move is being characterized as an effort to enhance the effectiveness of ICANN’s board – a particular concern, frequently voiced, of chairman Steve Crocker – it’s also a perplexing shift away from ICANN’s core tenet of transparency.

One of the effects could be to mask dissent on the board.

From now on, it appears that all of ICANN’s top-level decision-making will happen in private.

Instead of wrapping up each public meeting with a board session at which resolutions get voted on, each meeting will instead be book-ended by less formal “community sessions”.

During these sessions, the board will apparently report to attendees about what it has been doing since the last meeting and what it plans to do before the next meeting.

Crocker said in a statement:

We believe that the removal of the Friday public Board meeting and its replacement with two Board community sessions will improve the effectiveness of both the Board and the staff and increase the time that the Board has to interact with the community.

That may well be true — time will tell — but let’s look at what the ICANN community is almost certainly losing.

First, there will be no more transcripts of board meetings at all.

Today, only the public meetings have published recordings and transcripts. Intersessional meetings are minuted, but not transcribed. If recordings are made, they are not published.

Killing off transcripts completely is a pretty obvious step backwards for an organization committed by its bylaws to “operate to the maximum extent feasible in an open and transparent manner”.

Second, if there is dissent on the board, it will be essentially shielded from the community’s view for some time after the fact.

Take, for example, the approval of the new gTLD program or the approval of ICM Registry’s .xxx contract – the two most controversial decisions ICANN made in 2011.

In both cases, certain directors read prepared statements into the record harshly criticizing the majority view.

In March 2011, for example, George Sadowsky stated that ICM’s purported community support for .xxx was “illusory” and that approving the TLD could lead to DNS Balkanization.

And with new gTLDs last June, Mike Silber abstained in the belief that the program was incomplete and that the vote had been scheduled “based on artificial and ego-driven deadlines”.

In both cases, the ICANN community heard the dissenting views – in person, webcast, recorded and transcribed – moments before the vote actually took place.

With no public board meetings, it seems likely that in future that we’re going to have to wait a week to read the voting record for any given resolution and a month or more to read directors’ statements.

Under ICANN’s bylaws, the voting record, which breaks down who voted for and against resolutions, is contained in a preliminary report that is not published for seven days after the vote.

Also under the bylaws, directors’ voting statements are not published until the minutes of the meeting are approved at the board’s next meeting, typically one to two months later.

If the new procedures had been in effect last year, the statements of Sadowsky and Silber would not have been published for over a month after they were made.

With that in mind, it’s clear that killing off the public board meetings could in no way be seen as a positive step for transparency at ICANN.

It’s true that these meetings have for several years been pure theater, but it was theater with value.

New gTLDs now a month behind schedule

Kevin Murphy, April 28, 2012, Domain Policy

ICANN has announced yet another delay in its new generic top-level domains program.

Last night’s much-anticipated update on its efforts to deal with the fallout of the TLD Application System security bug merely deferred resolution of the problem for a week. Again.

The whole program is now essentially a month behind schedule.

Chief operating office Akram Atallah said in a statement:

ICANN will notify all applicants within the next seven business days whether our analysis shows they were affected by the technical glitch in the TLD application system.

Shortly after the notification process has been completed, we will announce the schedule for reopening the application system and completing the application period. We are mindful of the need to allow sufficient time during the reopening period for applicants to confirm the completeness of their submissions.

The seven business days for applicant notifications takes us to May 8.

It’s not clear whether TAS would reopen immediately after this, but I suspect we’re probably looking at a buffer of at least a day or two between the end of notifications and TAS coming back online.

ICANN has previously said that TAS will be open for five business days, to enable applicants to finish off their applications. This brings us to, at the very earliest, May 15.

The Big Reveal of the list of applications, I estimate, will come one to two weeks after that.

We’re essentially looking at a late May or early June finish to a process that should have ended in late April.

As a result, the entire timetable for evaluating, approving and delegating new gTLDs will likely also be pushed out by a month.

For applicants, the anticipated November 12 date for the completion of the first-batch Initial Evaluation phase is now likely to come some time in mid-December instead.

Unhelpfully, the deadlines for filing objections and requesting Extended Evaluation for first-batch applicants is now likely to fall around about January 1, 2013.

That’s assuming we do not see any more delays, of course, which I think would be optimistic.

Cops seize 36 carder domains

Kevin Murphy, April 26, 2012, Domain Policy

The FBI and UK Serious Organised Crime Agency have seized 36 domain names that were allegedly being used to sell compromised credit card information.

As well as seizing the domains and a number of computers, SOCA said it has arrested two men “suspected of making large scale purchases of compromised data” from the sites.

The sites all used what SOCA calls “automated vending cart” software to process the sale of credit card information. Judging by the video below, some of the operations were fairly professional.

One of the seized domains was cvvplaza.com. SOCA provided the following video which really has to be seen to be believed.

I wonder if the spokesmodel had any idea what she was getting into when she accepted this gig.

While the full list of domains was not released, a SOCA spokesperson said the breakdown by TLD was as follows:

.name – 2
.net – 11
.biz – 4
.us – 5
.com – 11
.org – 3

These are all TLDs whose registries are based in the United States, so I’m guessing the US authorities did the actual seizing.

ANA demands TAS bug probe

Kevin Murphy, April 25, 2012, Domain Policy

Never one to miss the chance for a bit of trouble-making, the Association of National Advertisers has demanded a full independent probe into ICANN’s TLD Application System bug.

Writing to ICANN today, ANA president Bob Liodice has pointed to the TAS outage – now in its 13th day – as an example of why the new gTLD program needs to be scaled back.

“Doesn’t this situation demonstrate the need for a pilot project/test roll-out of the new Top Level Domain process to resolve any such problems before a major roll-out?” he asks.

In a press release, he added:

We are urgently requesting that the Department of Commerce and its National Telecommunications and Information Administration (NTIA) exercise their oversight of ICANN and encourage ICANN to engage an independent IT expert to fully investigate this serious and inadequately explained vulnerability.

The ANA has of course been the loudest objector to the program, forming the Coalition For Responsible Internet Domain Oversight last year to lobby against the gTLD expansion.

Liodice’s latest letter puts 10 questions to ICANN, several quite sensible and precisely the kinds of things I plan to ask just as soon as ICANN changes its mind about doing media interviews.

But it also asks for the release of information ICANN has already provided or has said it intends to provide, such as the number of affected TAS users or the date of the first reported incident.

The ANA also does not appear to be aware that the ICANN board new gTLD subcommittee recently passed a resolution calling for more work on the defensive registration problem.

Liodice notes that ICANN has not responded to its demands for a “Do Not Sell” list that would enable brand owners to block others from registering their trademarks in the DNS.

You can read the letter in PDF format here.

ICANN currently plans to provide its next big update on the TAS outage before the end of Friday.

ICANN vows to fight TAS bug “monkey business”

Kevin Murphy, April 20, 2012, Domain Policy

ICANN chief security officer Jeff Moss has pledged to fully disclose what new gTLD application data was leaked to which users via the TLD Application System security bug.

Talking to ICANN media chief Brad White in a video interview, Moss said:

We’re putting everyone on notice: we know what file names and user names were displayed to what people who were logged in and when. We want to do this very publicly because we want to prevent any monkey business. We are able to reconstruct what file names and user names were displayed.

ICANN has been going through its logs and will know “very specifically” what data was visible to which TAS users, he said.

The bug, he confirmed, was related to file deletions:

Under certain circumstances that were hard to replicate users that had previously deleted files could end up seeing file names of users that had uploaded a file… Certain data was being revealed to users that were not seeking data, it was just showing up on their screen.

The actual contents of the files uploaded to TAS were not visible to unauthorized users, he confirmed. There are also no reasons to believe any outside attacks occurred, he said.

He refused to reveal how many applicants were affected by the vulnerability, saying that ICANN has to first double-check its data in order to verify the full extent of the problem.

The interview reveals that the bug could manifest itself in a number of different ways. Moss said:

The problem has several ways it can express itself… we would solve it one way and it would appear another way, we would solve it another way and it would appear a third way. At some point we were just uncomfortable that we understood the core issue and that’s when we took the system offline.

TAS was taken down April 12, just 12 hours before the new gTLD application window closed.

ICANN has been providing daily updates ever since, and has promised to reveal tonight when TAS will reopen for business, for how long, and whether April 30 Big Reveal day has been postponed.

Applicants first reported the bug March 19, but ICANN did not realize the extent of the problem until later, Moss said.

In hindsight now we realized the 19th was the first expression of this problem, but at the time the information displayed made no sense to the applicant, it was just random numbers… at that point there were no dots to connect.

Here’s the video: