Latest news of the domain name industry

Recent Posts

Airline hit with $230 million GDPR fine

Kevin Murphy, July 8, 2019, Domain Policy

British Airways is to be fined £183.39 million ($230 million) over a customer data breach last year, by far the biggest penalty to be handed out under the General Data Protection Regulation to date.

This story is not directly related to the domain name industry, but it does demonstrate that European data protection authorities are not messing about when it comes to GDPR enforcement.

About 500,000 BA customers had their personal data — including full payment card details — stolen by attackers between June and September last year, the UK Information Commissioner’s Office said today..

It is believed that they obtained the data not by hacking BA’s database, but rather by inserting a script hosted by third-party domain that executed whenever a customer transacted with the site, allowing credentials to be captured in real time.

The ICO said its decision to fine $183.39 million — which amounts to more than 1.5% of BA’s annual revenue — is preliminary and can be appealed by BA.

Under GDPR, which came into effect in May 2018, companies can be fined up to 4% of revenue.

The biggest pre-GDPR fine is reportedly the £500,000 penalty that Facebook was given due to the Cambridge Analytica scandal.

GDPR is of course of concern to the domain industry due to the ongoing attempts to make sure Whois databases are compliant with the laws.

.amazon frozen AGAIN as endless government games continue

Kevin Murphy, June 25, 2019, Domain Policy

Amazon’s application for the .amazon gTLD has yet again been frozen, after a South American government invoked ICANN’s appeals process.

The bid, as well as applications for the Chinese and Japanese versions, were returned to “on-hold” status at the weekend, after Colombia filed a formal Request for Reconsideration, an ICANN spokesperson confirmed to DI.

“The processing toward contracting of the .AMAZON applications has been halted pending the resolution of Request 19-1, per ICANN organization’s normal processes,” the spokesperson said.

This means the applications could remain frozen for 135 days, until late October, while ICANN processes the request. It’s something that has happened several times with other contested gTLDs.

Colombia filed RfR 19-1 (pdf) on June 15. It demands that ICANN reverses its board’s decision of May 15, which handed Amazon a seemingly decisive victory in its long-running battle with the eight governments of the Amazon Cooperation Treaty Organization.

ACTO’s members believe they should have policy control over .amazon, to protect the interests of their citizens who live in the region they share.

To win an RfR — something that hardly ever happens — a complainant has to show that the ICANN board failed to consider pertinent information before it passed a resolution.

In Colombia’s case, it argues that the board ignored an April 7 letter (since published in PDF format here) its Governmental Advisory Committee representative sent that raises some interesting questions about how Amazon proposes to operate its TLDs.

Because .amazon is meant to be a highly restricted “dot-brand” gTLD, it would presumably have to incorporate Specification 13 into its ICANN registry agreements.

Spec 13 releases dot-brands from commitments to registrar competition and trademark protection in exchange for a commitment that only the brand itself will be able to own domains in the TLD.

But Colombia points out that Amazon’s proposal (pdf) to protect ACTO governments’ interests would give the eight countries and ACTO itself “beneficial ownership” over a single domain each (believed to be names such as co.amazon, .br.amazon, etc).

If this means that Amazon would not qualify for Spec 13, it could follow that ICANN’s board made its decision to continue processing .amazon on faulty assumptions, Colombia argues.

Colombia points to the case of .sas, a dot-brand that is apparently shared by two companies that have the same brand, as a possible model for shared management of .amazon.

RfRs are handled by ICANN’s Board Accountability Mechanisms Committee.

BAMC took just a couple of days to rule out (pdf) Colombia’s request for “urgent reconsideration”, which would reduce its regular response time from 90 days to 7 days.

The committee said that because the .amazon applications were being placed back on-hold as part of normal procedure during consideration of an RfR, no harm could come to Colombia that would warrant “urgent” reconsideration.

According to ICANN’s spokesperson, under its bylaws the latest the board can respond to Colombia’s request is October 28.

At a GAC session at the ICANN 65 meeting in Marrakech, taking place right now, several ACTO governments have just spent over an hour firmly and publicly protesting ICANN’s actions surrounding .amazon.

They’re still talking as I hit “publish” on this post.

In a nutshell, they believe that ICANN has ignored GAC advice and reneged on its commitment to help Amazon and ACTO reach a “mutually acceptable solution”.

ICANN launches cash-for-kids scheme

Kevin Murphy, June 19, 2019, Domain Policy

ICANN will hand over cash to help community members cover their childcare commitments, the organization announced yesterday.

If you show up to an ICANN public meeting with an ankle-biter under 12 years of age, ICANN will give you up to $750 to cover the cost of babysitting.

You’ll have to show receipts, and ICANN will not cover stuff like travel, lodging, tourism or other costs that parents would have during the normal course of owning a kid.

Only volunteer community members will qualify, not staffers. The full list of rules can be found here.

While the announcement may seem unusual, it does not come out of the blue. There have been a number of public calls, from a handful of single parents, for ICANN to lay on some kind of on-site childcare services over the last several years.

It isn’t doing that, however. Good grief, imagine the optics if ICANN accidentally killed a kid…

Instead, it will only give parents a list of nearby childcare providers, which it will not formally vet or recommend, and let them make their own minds up.

The program is a pilot, and will run at the next three meetings in Montreal, Cancun and Kuala Lumpur.

Time for some more ICANN salary porn

Kevin Murphy, June 3, 2019, Domain Policy

ICANN has filed its tax return for its fiscal 2018, so it’s once again that time of the year in which the community gets to salivate over how much its top staffers get paid.

The latest form 990, covering the 12 months to June 30, 2018, shows that the top 21 ICANN employees were compensated to the tune of $10.3 million, an average of $492,718 each.

That’s up about 4% from $9.9 million in the previous year, an average across the top 21 staffers of $474,396 apiece.

These numbers include base salary, bonuses, and benefits such as pension contributions.

Employee compensation overall increased from $60 million to $73.1 million.

The biggest earner was of course CEO Göran Marby, who is now earning more than his immediate predecessor Fadi Chehadé but a bit less than last-but-one boss Rod Beckstrom.

Marby’s total compensation was $936,585, having received a bonus of almost $200,000 during the year. His base salary was $673,133.

The number of staffers receiving six-figure salaries increased from 159 in fiscal 2017 to 183 — about 44% of its estimated end-of-year headcount.

Towards the end of the reported year, as ICANN faced a budget crunch, many members of the ICANN community had called on the organization to rein in its spending on staff.

ICANN says it targets compensation in the 50th to 75th percentile range for the relevant industry.

The top five outside contractors in the year were:

  • Jones Day, ICANN’s go-to law firm. It received $5.4 million, down from $8.7 million in 2017.
  • Zensar Technologies, the IT consultancy that develops and supports ICANN software. It received $3.7 million.
  • IIS, the Swedish ccTLD registry, which does pre-delegation testing for new gTLDs. It received $1.3 million.
  • Iron Mountain, the data escrow provider. It received $1.1 million.
  • Infovity, which provides Oracle software support. It received $1 million.

The return shows that ICANN made a loss of $23.9 million in the year, on revenue that was down from $302.6 million to $136.7 million.

The primary reason for this massive decrease in revenue was the $135 million Verisign paid for the rights to run .web, at an ICANN last-resort auction, in ICANN’s fiscal 2017.

The tax form for 2018 can be found here (pdf) and 2017’s can be found here (pdf).

Four presidents slam .amazon decision

Kevin Murphy, May 28, 2019, Domain Policy

The leaders of four of the eight governments of the Amazon region of South America have formally condemned ICANN’s decision to move ahead with the .amazon gTLD.

In a joint statement over the weekend, the presidents of Peru, Colombia, Ecuador and Bolivia, said they have agreed to “to join efforts to protect the interests of our countries related to geographical or cultural names and the right to cultural identity of indigenous peoples”.

These four countries comprise the Andean Community, an economic cooperation group covering the nations through which the Andes pass, which has just concluded a summit on a broad range of issues.

The presidents said they have “deep concerns” about ICANN’s decision to proceed towards delegating .amazon to Amazon the company, over the objections of the eight-nation Amazon Cooperation Treaty Organization.

ICANN is “setting a serious precedent by prioritizing private commercial interests over public policy considerations of the States, such as the rights of indigenous peoples and the preservation of the Amazon in favor of humanity and against global warming”, they said (via Google Translate).

ACTO had been prepared to agree to Amazon running .amazon, but it wanted effective veto power on the TLD’s policy-setting committee and a number of other concessions that Amazon thought would interfere with its commercial interests.

As it stands, Amazon has offered to block thousands of culturally sensitive domains and to give the ACTO nations a minority voice in its policy-making activities.

ICANN will soon open these proposed commitments to public comment, and will likely decide to put .amazon into the root not too long thereafter.

ICANN plans return to Cancun in 2021

Kevin Murphy, May 7, 2019, Domain Policy

ICANN has named the locations of two of its 2021 public meetings.

Notably, it will return to Cancun, Mexico, in the March for ICANN 70, just one year after hosting ICANN 67 there.

In both years, the dates appear to coincide with some US universities’ “Spring Break” academic holiday, which sees many college students descend on Cancun to take advantage to excess of Mexico’s more liberal drinking laws.

In June 2021, ICANN will head to the Hague in the Netherlands, perhaps also known for its more liberal attitude to inebriants, for its mid-year policy meeting.

It’s already named Seattle, home to several domain companies, as its choice for the final meeting of 2021.

Under ICANN’s system of dividing up the world into regions for the purpose of meetings rotation, Mexico counts as Latin America rather than North America.

Governments demand Whois reopened within a year

Kevin Murphy, April 29, 2019, Domain Policy

ICANN’s government advisers wants cops, trademark owners and others to get access to private Whois data in under a year from now.

The Governmental Advisory Committee wants to see “considerable and demonstrable progress, if not completion” of the so-called “unified access model” for Whois by ICANN66 in Montreal, a meeting due to kick off November 4 this year.

The demand came in a letter (pdf) last week from GAC chair Manal Ismail to her ICANN board counterpart Cherine Chalaby.

She wrote that the GAC wants “phase 2” of the ongoing Expedited Policy Development Process on Whois not only concluded but also implemented “within 12 months or less” of now.

It’s a more specific version of the generic “hurry up” advice delivered formally in last month’s Kobe GAC communique.

It strikes me as a ludicrously ambitious deadline.

Phase 2 of the EPDP’s work involves deciding what “legitimate interests” should be able to request access to unredacted private Whois data, and how such requests should be handled.

The GAC believes “legitimate interests include civil, administrative and criminal law enforcement, cybersecurity, consumer protection and IP rights protection”.

IP interests including Facebook want to be able to vacuum up as much data as they want more or less on demand, but they face resistance from privacy advocates in the non-commercial sector (which want to make access as restrictive as possible) and to a lesser extent registries and registrars (which want something as cheap and easy as possible to implement and operate that does not open them up to legal liability).

Ismail’s letter suggests that work could be sped up by starting the implementation of stuff the EPDP group agrees to as it agrees to it, rather than waiting for its full workload to be complete.

Given the likelihood that there will be a great many dependencies between the various recommendations the group will come up with, this suggestion also comes across as ambitious.

The EPDP group is currently in a bit of a lull, following the delivery of its phase 1 report to ICANN, which is expected to approve its recommendations next month.

Since the phase 1 work finished in late February, there’s been a change of leadership of the group, and bunch of its volunteer members have been swapped out.

Volunteers have also complained about burnout, and there’s been some pressure for the pace of work — which included four to five hours of teleconferences per week for six months — to be scaled back for the second phase.

The group’s leadership has discussed 12 to 18 months as a “realistic and desirable” timeframe for it to reach its Initial Report stage on the phase 2 work.

For comparison, it published its Initial Report for phase 1 after only six stressful months on the job, and not only have its recommendations not been implemented, they’ve not even been approved by ICANN’s board of directors yet. That’s expected to happen this Friday, at the board’s retreat in Istanbul.

With this previous experience in mind, the chances of the GAC getting a unified Whois access service implemented within a year seem very remote.

Karklins beats LaHatte to chair ICANN’s Whois privacy team

Kevin Murphy, April 25, 2019, Domain Policy

Latvian diplomat and former senior WIPO member Janis Karklins has been appointed chair of the ICANN working group that will decide whether to start making private Whois records available to trademark owners.

Karklins’ appointment was approved by the GNSO Council last week. He beat a single rival applicant, New Zealand’s Chris LaHatte, the former ICANN Ombudsman.

He replaces Kurt Pritz, the former ICANN Org number two, who quit the chair after it finished its “phase one” work earlier this year.

Karklins has a varied resume, including a four-year stint as chair of ICANN’s Governmental Advisory Committee.

He’s currently Latvia’s ambassador to the United Nations in Geneva, as well as president of the Arms Trade Treaty.

Apparently fighting for Latvia’s interests at the UN and overseeing the international conventional weapons trade still gives him enough free time to now also chair the notoriously intense and tiring Expedited Policy Development Process on Whois, which has suffered significant burnout-related volunteer churn.

But it was Karklins’ one-year term as chair of the general assembly of WIPO, the World Intellectual Property Organization, that gave some GNSO Council members pause.

The EPDP is basically a big bloodless ruck between intellectual property lawyers and privacy advocates, so having a former WIPO bigwig in the neutral hot seat could be seen as a conflict.

This issue was raised by the pro-privacy Non-Commercial Stakeholders Group during GNSO Council discussions last week, who asked whether LaHatte could not also be brought on as a co-chair.

But it was pointed out that it would be difficult to find a qualified chair without some connection to some interested party, and that Karklins is replacing Pritz, who at the time worked for a new gTLD registry and could have had similar perception-of-conflict issues.

In the end, the vote to confirm Karklins was unanimous, NCSG and all.

The EPDP, having decided how to bring ICANN’s Whois policy into compliance with the General Data Protection Regulation, is now turning its attention to the far trickier issue of a “unified access model” for private Whois data.

It will basically decide who should be able to request access to this data and how such a system should be administered.

It will not be smooth sailing. If Karklins thinks international arms dealers are tricky customers, he ain’t seen nothing yet.

ICANN to approve new UDRP provider

Kevin Murphy, April 25, 2019, Domain Policy

ICANN is set to approve a new UDRP provider at a board of directors meeting next week.

May 3, the board will approve the Canadian International Internet Dispute Resolution Centre as its sixth approved provider and the second based in North America.

The resolution to approve its now year-old application is on the consent agenda for next week’s meeting, meaning the decision to approve has basically already been made.

CIIDRC is a division of the British Columbia International Commercial Arbitration Centre, a non-profit set up by the BC government in the 1980s.

It’s been exclusively handling cybersquatting disputes over .ca domain names since 2002, under a deal with local registry CIRA.

The organization reckons it will be ready to start accepting complaints within a few months of approval, and could handle up to 200 cases per month.

It had a roster of 26 panelists in rotation at the time it applied to ICANN for UDRP approval, many of whom also provide their expertise to other UDRP providers such as WIPO and NAF.

Amazon tells power-hungry governments to get stuffed

Kevin Murphy, April 23, 2019, Domain Policy

Amazon has rejected attempts by South American governments to make the would-be gTLD .amazon “jointly owned”.

In a letter to ICANN last week, Amazon VP of public policy Brian Huseman finally publicly revealed the price Amazon is willing to pay for its dot-brand, but said members of the Amazon Cooperation Treaty Organization are asking for way too much power.

It turns out three of ACTO’s eight national government members have proposed solutions to the current impasse, but Amazon has had to reject them all for commercial and security reasons. Huseman wrote (pdf):

Some member states require that we jointly own and manage the .AMAZON TLDs. Some require that we give the member states advance notice and veto authority over all domain names that we want to register and use—for both trademarked terms as well as generic words. Some suggest a Governance Committee can work only if it has governance that outweighs Amazon’s voice (i.e. the Governance Committee has a representative from one of each of the eight member states, while Amazon has one); and some want to use .AMAZON for their own commercial purposes.

From Huseman’s description, it sounds like the ACTO nations basically want majority control (at least in terms of policy) of .amazon and the Chinese and Japanese translations, applications for which have been essentially frozen by ICANN for years.

Huseman told ICANN that Amazon cannot comply.

If the company were to give eight South American governments advanced notice and veto power over .amazon domains it planned to register, it would make it virtually impossible to contain its business secrets prior to the launch of new services, he said.

The governments also want the right to block certain unspecified generic strings, unrelated to the Amazon region, he wrote. Amazon can’t allow that, because its range of businesses is broad and it may want to use those domains for its own commercial purposes.

Amazon has offered to block up to 1,500 strings per TLD that “represent the culture and heritage of the Amazonia region”.

Nine .amazon domains would be set aside for actual usage, one for ACTO and one each for its members, “that have primary and well-recognized significance to the culture and heritage of the region”, but they’d have to use those domains non-commercially.

The proposal seems to envisage that the countries would select their two-letter country code as their freebie domain. Brazil could get br.amazon, for example.

They could also select the names of Amazonian indigenous peoples’ groups or “the specific terms OTCA, culture, heritage, forest, river, and rainforest, in English, Dutch, Portuguese, and Spanish.”

They would not to be allowed to use third-level domains, other than “www”.

The governments would have up to two years to populate the list of 1,500 banned terms. The strings would have to have the same “culture and heritage” nexus, and Amazon would get veto power over whether the proposed strings actually meet that test.

As the whole policy would be enshrined as a Public Interest Commitment in the .amazon registry contract with ICANN, ACTO members would be able to protest such rejections using the PIC Dispute Resolution Policy.

Amazon would also get veto power over the content of the web sites at the domains used by the governments. They’d have to be basically static sites, and all user-generated content would be strictly verboten.

It’s a power struggle, with little evident common ground once you get down into the details, and it’s likely going to be up to ICANN to decide whether Amazon’s proposal is sufficient to overrule the ACTO and Governmental Advisory Committee concerns.

ICANN had set a deadline of April 21 to receive the proposal. The timetable it has previously set out would see its board of directors make a decision (or punt it back to Amazon) at the Marrakech public meeting in late June.

However, board chair Cherine Chalaby has told ACTO that if it wants to negotiate a joint proposal with Amazon, it can still do so. ICANN would need to receive this revised proposal by June 7, he said.