Latest news of the domain name industry

Recent Posts

Moniker gets a new CEO

Kevin Murphy, February 21, 2014, Domain Registrars

KeyDrive has appointed Bonnie Wittenburg, Key-System USA executive vice president, as the new CEO of sister registrar Moniker.

She replaces Craig Snyder, who was CEO of Moniker and SnapNames and remains CEO of SnapNames. Wittenburg keeps her EVP roles at Key-Systems.

“Through her expanded role she will drive cooperation and develop a synergistic relationship between the KeyDrive members,” the company said in a statement.

The KeyDrive stable also includes Key-Systems, NameDrive and KS Registry.

Wittenberg is a 15-year veteran of the domain name industry, with previous stints at Network Solutions and Iron Mountain.

MarkMonitor infiltrated by Syrian hackers targeting Facebook

Kevin Murphy, February 6, 2014, Domain Registrars

The corporate brand protection registrar MarkMonitor was reportedly hacked yesterday by the group calling itself the Syrian Electronic Army, in an unsuccessful attempt to take out Facebook.

While MarkMonitor refused to confirm or deny the claims, the SEA, which has been conducting a campaign against high-profile western web sites for the last couple of years, tweeted several revealing screenshots.

One was a screen capture of a DomainTools Whois lookup for facebook.com, which does not appear to have been cached by DomainTools.

Another purported to be a cap of Facebook’s control panel at the registrar.

The SEA tweeted more caps purporting to show it had access to domains belonging to Amazon and Yahoo!.

In response to an inquiry, MarkMonitor rather amusingly told DI “we do not comment on our clients — including neither confirming nor denying whether or not a company is a client.”

This despite the fact that the company publishes a searchable database of its clients on its web site.

The attackers were unable to take down Facebook itself because the company has rather wisely chosen to set its domain to use Verisign’s Registry Lock anti-hijacking service.

Registry Lock prevents domains’ DNS settings being changed automatically via registrar control panels. Instead, registrants need to provide a security pass phrase over the phone.

Directi joins Domain.com family in $100m deal

Kevin Murphy, January 29, 2014, Domain Registrars

Endurance International, the holding company behind brands such as Domain.com and HostGator has closed the acquisition of top ten registrar Directi and some related companies.

The acquisition, which was announced last September is worth between $100 million and $110 million — $25.5 million in cash and the rest in shares and a promissory note.

The deal includes Directi properties BigRock (a registrar), ResellerClub (the reseller-focused registrar), LogicBoxes (the registrar management service) and webhosting.info.

It does not include Radix Registry, the company that applied for 31 new gTLDs, 28 of which applications are still active.

Directi CEO Bhavin Turakhia “has agreed to be closely involved in the integration of the two companies”, but it doesn’t sound like he’s taking on a permanent role at Endurance.

Endurance may not be a familiar brand in and of itself, but its businesses include Bluehost, HostGator, Domain.com, FatCow, iPage and Mojo Marketplace.

EU body tells ICANN that 2013 RAA really is illegal

Kevin Murphy, January 29, 2014, Domain Registrars

A European Union data protection body has told ICANN for a second time — after being snubbed the first — that parts of the 2013 Registrar Accreditation Agreement are in conflict with EU law.

The Article 29 Data Protection Working Party, which is made up of the data protection commissioners in all 28 EU member states, reiterated its claim in a letter (pdf) sent earlier this month.

In the letter, the Working Party takes issue with the part of the RAA that requires registrars to keep hold of customers’ Whois data for two years after their registrations expire. It says:

The Working Party’s objection to the Data Retention Requirement in the 2013 RAA arises because the requirement is not compatible with Article 6(e) of the European Data Protection Directive 95/46/EC which states that personal data must be:

“kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected”

The 2013 RAA fails to specify a legitimate purpose which is compatible with the purpose for which the data was collected, for the retention of personal data of a period of two years after the life of a domain registration or six months from the relevant transaction respectively.

Under ICANN practice, any registrar may request an opt out of the RAA data retention clauses if they can present a legal opinion to the effect that to comply would be in violation of local laws.

The Working Party told ICANN the same thing in July last year, clearly under the impression that its statement would create a blanket opinion covering all EU-based registrars.

But a week later ICANN VP Cyrus Namazi told ICANN’s Governmental Advisory Committee that the Working Party was “not a legal authority” as far as ICANN is concerned.

The Working Party is clearly a bit miffed at the snub, telling ICANN this month:

The Working Party regrets that ICANN does not acknowledge our correspondence as written guidance to support the Waiver application of a Registrar operating in Europe.

the Working Party would request that ICANN accepts the Working Party’s position as appropriate written guidance which can accompany a Registrar’s Data Retention Waiver Request.

It points out that the data protection commissioners of all 28 member states have confirmed that the letter “reflects the legal position in their member state”.

ICANN has so far processed one waiver request, made by the French registrar OVH, as we reported earlier this week.

Weirdly, the written legal opinion used to support the OVH request is a three-page missive by Blandine Poidevin of the French law firm Jurisexpert, which cites the original Working Party letter heavily.

It also cites letters from CNIL, the French data protection authority, which seem to merely confirm the opinion of the Working Party (of which it is of course a member).

EU registrars seem to be in a position here where in order to have the Working Party’s letter taken seriously by ICANN, they have to pay a high street lawyer to endorse it.

First European registrar to get Whois data opt-out

Kevin Murphy, January 28, 2014, Domain Registrars

ICANN plans to give a French registrar the ability to opt out of parts of the 2013 Registrar Accreditation Agreement due to data privacy concerns.

OVH, the 14th-largest registrar of gTLD domains, asked ICANN to waive parts of the RAA that would require it to keep hold of registrant Whois data for two years after it stops having a relationship with the customer.

The company asked for the requirement to be reduced to one year, based on a French law and a European Union Directive.

ICANN told registrars last April that they would be able to opt-out of these rules if they provided a written opinion from a local jurist opining that to comply would be illegal.

OVH has provided such an opinion and now ICANN, having decided on a preliminary basis to grant the request, is asking for comments before making a final decision.

If granted, it would apply to “would apply to similar waivers requested by other registrars located in the same jurisdiction”, ICANN said.

It’s not clear if that means France or the whole EU — my guess is France, given that EU Directives can be implemented in different ways in different member states.

Throughout the 2013 RAA negotiation process, data privacy was a recurring concern for EU registrars. It’s not just a French issue.

ICANN has more details, including OVH’s request and links for commenting, here.