Latest news of the domain name industry

Recent Posts

How the GAC could derail new TLDs in Singapore

Kevin Murphy, June 1, 2011, Domain Policy

The pieces are moving into place for what could be the final battle over new top-level domains between ICANN and its Governmental Advisory Committee, in Singapore later this month.

ICANN made few concessions to the GAC’s biggest concerns in the latest Applicant Guidebook, which begs the question of whether the United States will now be asked to play its trump card.

Earlier this week, European Commissioner Neelie Kroes made threatening noises in ICANN’s direction, saying that by approving the controversial .xxx domain over GAC advice, ICANN had showed that it cannot be trusted with new top-level domains.

If the ICANN board chooses to move forward [with .xxx] despite significant governmental concerns, what does this tell us for the next meeting in Singapore, which is widely expected to launch the next batch of TLDs? The concerns of governments in this process are not trivial, ranking from trademark protection to cooperation with law enforcement

The current Guidebook has not accepted (with some good reasons) many of the GAC’s requests on the issues of trademark protection and the governmental right to object to new TLD applications.

In a recorded address at the EuroDIG conference in Serbia this week, before the Guidebook was published, Kroes called for ICANN’s multistakeholder internet governance model to be “amended to better take into account the voice of governments”.

She said she is supported by colleagues in the EU and overseas, presumably referring to Lawrence Strickling, head of the NTIA, with whom she met last month to discuss .xxx and new TLDs.

In her speech, Kroes called for the United States to leverage its unique position of authority over ICANN to influence change at the organization:

The expiry of the IANA contract in September will be a unique opportunity to sharply focus on a set of minimum requirements for whichever organization will be designated to carry out the future IANA functions. Specifically, I feel that the new contract should include specific provisions to improve standards of corporate governance in the organization in charge.

…whichever will be the organization resp for naming and addressing resources, it should be required to demonstrate it has support of global internet community before it makes proposals to add any further top-level domains to the internet.

This is perhaps the most explicit outside call yet for the US to use the IANA contract both to get the GAC a louder voice at the ICANN table and to have the demands of the trademark lobby taken fully into account in the new TLDs program.

The US Trump Card

It’s no secret that the US has an ace up its sleeve, in the form of the soon-to-expire IANA contract.

IANA is responsible for the paperwork when updates are to be made to the DNS root, whether they are redelegating a ccTLD, changing name servers, or adding an entirely new TLD.

When a new TLD is approved, ICANN’s IANA department forwards the request to the NTIA, which reviews it before instructing VeriSign to add the TLD to the A-root.

IANA is currently a no-fee contract between the NTIA and ICANN. Theoretically, the NTIA could award the contract to whichever organization it chooses, after it expires.

This is unlikely to happen. But if it did, ICANN’s powers would be severely curtailed – another entity would be above it in the root’s chain of command.

Alternatively, the NTIA could amend the contract to impose conditions on ICANN, such as making it more accountable to the GAC. This is what Kroes appears to be pushing for.

Strickling himself said a month ago that he has not ruled out the option of using the IANA contract as “as a vehicle for ensuring more accountability and transparency” at ICANN.

There is another theory, however, which is currently doing the rounds.

As it currently stands, if ICANN approves the Applicant Guidebook in Singapore on June 20, the expected timetable has it accepting new gTLD applications as early as November.

By that time it would, presumably, have already renewed the IANA deal, and would still have its nominal powers to add new TLDs to the root.

But buried deep within the IANA contract (pdf) is a provision that allows the NTIA to unilaterally extend its term by six months – from September 30, 2011 to March 31, 2012.

If the NTIA were to exercise this option, it could put a serious question mark over ICANN’s ability to start accepting new TLD applications this year.

With no guarantee that its authority to add new TLDs to the root would be renewed, would risk-averse ICANN be happy to go ahead and accept tens of millions of dollars in application fees?

It seems unlikely.

I’ve little doubt that this scenario will have been discussed by the NTIA and its allies. It would look better politically for the US if it had the support of the GAC before making such a play.

Since the GAC seems to want to buy time for further talks on new TLDs before ICANN kicks off the program, the IANA contract extension may appear to be a good way of going about it.

But with ICANN seemingly set to approve a Guidebook that will remain open to significant amendments post-Singapore, does the IANA threat need to be invoked at all?

If negotiations over trademark protection, developing world funding and GAC objections can remain open even after the Guidebook has been “approved”, perhaps there’s scope for a more peaceful resolution.

Does Obama endorse Whois privacy?

Kevin Murphy, May 17, 2011, Domain Policy

The US government today released its latest International Strategy For Cyberspace, and it seems to acknowledge privacy rights in domain name registration.

The 30-page document (pdf) envisions a future of the internet that is “open, interoperable, secure, and reliable” and “supports international trade and commerce, strengthens international security, and fosters free expression and innovation”.

It calls for the US and its international partners to set norms that value free speech, security, privacy, respect for intellectual property and (because this is America, remember) the right to self-defense.

Domain names get a mention, in a statement that could be read, without much of a stretch of the imagination, as support in principle for private Whois records:

In this future, individuals and businesses can quickly and easily obtain the tools necessary to set up their own presence online; domain names and addresses are available, secure, and properly maintained, without onerous licenses or unreasonable disclosures of personal information.

That’s open to interpretation, of course – you could debate for years about what is “unreasonable” – but I’m surprised Whois privacy merited even an oblique reference.

Most government and law enforcement statements on the topic tend to pull in the opposite direction.

The new strategy also seems to give ICANN – or at least the ICANN model – the Administration’s support, in a paragraph worth quoting in full:

Preserve global network security and stability, including the domain name system (DNS). Given the Internet’s importance to the world’s economy, it is essential that this network of networks and its underlying infrastructure, the DNS, remain stable and secure. To ensure this continued stability and security, it is imperative that we and the rest of the world continue to recognize the contributions of its full range of stakeholders, particularly those organizations and technical experts vital to the technical operation of the Internet. The United States recognizes that the effective coordination of these resources has facilitated the Internet’s success, and will continue to support those effective, multi-stakeholder processes.

Congress to question new TLDs rollout

Kevin Murphy, April 26, 2011, Domain Policy

The US Congress is to investigate ICANN’s new top-level domains program next week.

The House Subcommittee on Intellectual Property, Competition and the Internet will hold an “ICANN Generic Top-Level Domains (gTLD) Oversight Hearing” on Wednesday May 4 at 10am local time.

The hearing has been called at the direction of the committee’s chairman, Rep. Bob Goodlatte.

The list of witnesses has yet to be published, but I’d be surprised if we don’t see a representative of the intellectual property lobby in attendance.

It will also be interesting to see who from ICANN is put forward to defend the new gTLD program.

ICANN is accustomed to being hauled over the coals on Capitol Hill every year or so, but I believe that this is the first time it has been subject to a US “oversight” hearing since it signed the Affirmation of Commitments in September 2009.

The AoC ostensibly separated ICANN from direct US control, in favor of a multi-stakeholder approach that gave voice to all national governments.

Why ICANN’s CEO did not vote on .xxx

Kevin Murphy, April 11, 2011, Domain Policy

President and CEO Rod Beckstrom has explained his decision to abstain from voting on ICM Registry’s .xxx top-level domain when it came before the ICANN board last month.

As expected, Beckstrom provided substantially the same explanation for his abstention as he did at the Brussels meeting last June – not on the merits of .xxx, but because he had legal concerns.

Specifically, he abstained because he objected to one of the majority findings of an Independent Review Panel, which forced .xxx back to the table last year after ICANN had tried to reject it.

Beckstrom wrote, in a recently published statement (pdf):

while I accept the contribution to ICANN’s accountability and transparency provided by the existence and the use of the independent panel review process, I nonetheless remain concerned about the determination by two of the three panelists that the ICANN board should not use business judgment in the conduct of its affairs.

This refers to the “business judgment rule”, a piece of California law under which courts give deference to the judgment of company directors, unless their decisions were made in bad faith.

If an IRP panel – the last port of appeal for companies upset with ICANN’s decisions – were required to use this rule, it would substantially raise the bar for a successful complaint.

But the panel in the case of ICM Registry versus ICANN (the only such panel to date) decided, by a 2-1 vote, that ICANN’s actions should be “appraised not deferentially but objectively.”

This allowed ICM to win its case by merely showing ICANN had acted outside its bylaws, and not necessarily in bad faith.

The dissenting IRP panelist, Dickran Tevrizian, wrote: “The rejection of the business judgment rule will open the floodgates to increased collateral attacks on the decisions of the ICANN Board of Directors”.

However, the IRP did not specifically rule that ICANN “should not use business judgment” as Beckstrom’s statement suggests, just that the IRP was not obliged to defer to it.

Beckstrom’s statement also gives a shout-out to the Governmental Advisory Committee:

In addition, I note the concerns of the GAC, which while not expressed as a clear decision, was nonetheless directional.

As I previously blogged, ICANN approved the .xxx contract over the objections of some members of the GAC, using the fact that the GAC’s official advice was vague enough to be worked around without explicitly rejecting it.

Beckstrom, incidentally, did not even sign the .xxx contract with ICM, which I believe is a first for an ICANN registry contract. It was instead signed by general counsel John Jeffrey.

(via InternetNews.me)

Go Daddy-Google group targets bogus pill merchants

Kevin Murphy, December 15, 2010, Domain Policy

The newly forming industry body tasked with taking down web sites selling fake pharmaceuticals plans to meet next month to develop its mission statement and charter, according to Go Daddy general counsel Christine Jones.

Jones said in an interview tonight that the group, which Go Daddy is jointly “spearheading” with Google, is likely to meet in Phoenix, Arizona in the third week of January.

As I blogged earlier today, the organization was formed following a series of meetings at the White House, which has a policy of reducing counterfeit drugs sales online.

Domain name companies including Go Daddy, eNom, Neustar and Network Solutions are joined in the currently nameless non-profit by the three major search engines and all the major payment processors.

Jones confirmed that redirecting a domain name is an action a participating registrar could take if it finds an infringing site. Go Daddy and others already do this in cases of child porn, for example.

But the group will also share information about fake pharma sites so Google, for example, would also be able to block them from search and Visa could stop payments being processed, Jones told me.

The White House meetings were organized by Victoria Espinel, the administration’s Intellectual Property Enforcement Coordinator (IPEC).

So, while the group has yet to formalize its policies, I wanted to know what the prevailing opinion is on how “illegal” a site will have to be before the group will try to take it down.

Taking down a site selling sugar pills or industrial acid as HIV treatments is one thing, killing a site selling genuine medications to people without prescriptions is another, and blocking a legit pharmacy that sells drugs to Americans with prescriptions more cheaply from across the Canadian border is yet another.

Jones said: “If a pharmacy is a licensed pharmacy and is abiding by whatever the state rules are wherever they’re located, that’s not our target.”

Apparently the new organization, which will be formed as a non-profit entity, may help the companies to avoid running afoul of ECPA, the US Electronic Communications Privacy Act.

Jones said that other companies participating in the White House meetings still have not decided whether to join the new group or not. End-of-year budgetary issues may be a factor here.

Domain registrars have come in for considerable flak over 2010 for allegedly not doing enough to counter fake pharma sites.

A Knujon report published in May, and others, eventually led to eNom in particular promising to crack down harder on rogue pharmacies.

Trademarks may delay new TLD approval

Kevin Murphy, December 8, 2010, Domain Registries

The intellectual property lobby won a notable victory this week, after governments told ICANN they want it to delay approval of the new top-level domains program until it has more cybersquatting protections.

Some members of the Governmental Advisory Committee appear to have been lobbied hard by the IP community, and have taken its concerns on board more or less wholesale.

The UK representative, Mark Carvell of the Department for Business, Innovation and Skills, was most vocal during a meeting of the GAC and ICANN board here in Cartagena, Colombia yesterday.

He said of the proposed final Applicant Guidebook for new TLDs (which the GAC still pointedly refers to as the “DAG”, for Draft Applicant Guidebook):

Most representations we received came from brand owners, rights holders, they’re the ones being most agitated by this. I think they also recognized the potential opportunities, but the big issue for them was the costs…

The rights protection mechanisms are still not effective enough, that’s what’s coming to us in the Ministry… If you’re really hoping to sign off the guidebook this week, I think that’s something you really ought to reconsider.

Carvell pointed in particular to the proposed Trademark Clearinghouse and Uniform Rapid Suspension policies as needing work – this is essentially the IP lobby’s position also.

His views were supported by Germany, Norway and the Canadian GAC chair, among others.

A repeated refrain was “we’re not there yet”, which prompted ICANN vice-chair Dennis Jennings to push for a definition of “there”. What, in other words, would make the GAC happy enough to go ahead?

The GAC isn’t great when it comes to providing straight answers to those kinds of questions, but Carvell gave it a shot.

He said that currently the GAC does not believe that the benefits of new TLDs outweigh the costs. When it does, that would be the “key turning point”:

When we get to that position, that the benefits for businesses, for the global economy, for opportunities for business, are going to be greater, scaled-up, greater than the costs to brand owners and those who are going to have shell out big-time in order to effectively subsidize, in their view, perhaps subsidize the process.

The US representative, Suzanne Sene, added that “the whole issue is of feeling confident that benefits will outweigh the costs”.

That’s still worryingly free of a measurable benchmark, if you’re an impatient new TLD applicant.

In a further open meeting today, it became clear that the GAC is still putting forth the idea that there could be a “fast-track” or “trial” style TLD application round for “non-controversial” TLDs – presumably meaning TLDs of little interest to defensive trademark holders.

GAC chair Heather Dryden said today that “introducing a conservative first round is the best way to manage risk in the unknown”, an idea that was promptly challenged by TLD applicants including Minds + Machines CEO Antony Van Couvering.

I don’t get the feeling that the GAC has thought the idea through a great deal. In order to be half-way objective, it would presumably require the created of a second, parallel AGB for pre-approving applications. I don’t think the idea has legs.

But do the GAC’s objections mean that new TLD program, currently pencilled in to open the first application round May 30, 2011, will be delayed?

The GAC has not yet submitted its formal Cartagena advice (it should be published tomorrow), but it will presumably reflect the concerns raised over the last few days.

Under ICANN’s bylaws, the organization has to justify any decision to reject GAC advice and then “try, in good faith and in a timely and efficient manner, to find a mutually acceptable solution.”

European Commission representative Bill Dee invoked that part of the bylaws during yesterday’s meeting, and ICANN chair Peter Dengate Thrush agreed that talks were needed.

Dengate Thrush said he was in favor of a GAC-board meeting over one or two days at some point between now and the San Francisco ICANN meeting next March, to thrash out their differences and Dryden seemed to agree.

If that meeting was held fairly soon, it would not necessarily mean ICANN misses the May 30 deadline.

The current proposed timeline contains a 30-day window between Friday and January 11 in which ICANN staff update the “approved” AGB according to the board’s directions.

There follows an obligatory four-month ICANN outreach and marketing campaign.

Conceivably, although scheduling may be a challenge, if the GAC and board meet and resolve their differences over the next 30 days or so, the May 30 deadline could be workable.

I think it might be quite unlikely that’s going to happen, however.

The ICANN board convenes to discuss and vote on the AGB this Friday. It will be very interesting to see how its resolution is worded, and whether it can both save face and serve the GAC.

ICANN had no role in seizing torrent domains

Kevin Murphy, November 29, 2010, Domain Policy

Okay, this is getting a bit silly now.

As you may have read, the US government “seized” a bunch of domain names that were hosting sites allegedly involved in piracy and counterfeit goods over the Thanksgiving weekend.

Over 80 domains, all of them in the .com namespace, had their DNS settings reconfigured to point them to a scary-looking notice from the Department of Homeland Security’s ICE division.

Somehow, in several reports over the last few days, this has been pinned on ICANN, and now some pro-piracy advocates are talking about setting up alternate DNS roots as a result.

Claims that ICANN colluded with the DHS on the seizures seem to have first appeared in TorrentFreak, which broke the news on Friday.

The site quoted the owner of torrent-finder.com:

“I firstly had DNS downtime. While I was contacting GoDaddy I noticed the DNS had changed. Godaddy had no idea what was going on and until now they do not understand the situation and they say it was totally from ICANN.”

For anyone involved in the domain name industry and the ICANN community, this allegation screams bogosity, but just to be on the safe side I checked with ICANN.

A spokesperson told me he’s checked with ICANN’s legal, security and compliance departments and they all had this to say:

ICANN had nothing to do with the ICE investigation… nobody knew anything about this and did not take part in the investigation.

All of the seized domains were .coms, and obviously ICANN has no technical authority or control over second-level .com domains. It’s not in the position to do what the reports allege.

If anybody were to ask ICANN to yank a domain, all it could do would be to politely forward the request to the registrar (in the case of torrent-finder.com, apparently Go Daddy) or the registry operator, which in the case of .com is of course VeriSign.

It would make more sense, save more time, and be less likely to create an international political incident, for the DHS to simply go directly to Go Daddy or VeriSign.

Both are US companies, and the DHS did have legal warrants, after all.

That’s almost certainly what happened here. I have requests for comment in with both companies and will provide updates when I have more clarity.

In the meantime, I suggest that any would-be pirates might be better served by switching their web sites to non-US domains, rather than trying to build an alternate root system from the ground up.

UPDATE: Ben Butler, Go Daddy’s director of network abuse, has just provided me with the following statement, via a spokesperson:

It appears the domain names were locked directly by VeriSign. Go Daddy has not received any law enforcement inquiries or court orders concerning the suspension of the domains in question.

Go Daddy has not been contacted by ICE or DHS on the domain names in question.

The statement goes on to say that Go Daddy believes that it should be the registrar’s responsibility to handle such takedown notices.

With regard to the registry taking action against the domain names in question, Go Daddy believes the proper process lies with the registrar and not the registry. This gives the registrar the ability to communicate with their customer about what has happened and why. When the registry acts, Go Daddy is unable to provide any information to our customers regarding the seizure of their domain names.

Go Daddy routinely cooperates with government and law enforcement officials to enforce and comply with the law.

I’ll post any statement I receive from VeriSign when I have it.

UPDATE: VeriSign sent this statement:

VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions. Because the orders are sealed, further questions should be directed to the U.S. Department of Homeland Security.

DNSSEC to kill the ISP wildcard?

Kevin Murphy, October 19, 2010, Domain Tech

Comcast is to switch off its Domain Helper service, which captures DNS error traffic and presents surfers with sponsored search results instead, as part of its DNSSEC implementation.

The ISP said yesterday that it has started to roll out the new security mechanism to its production DNS servers across the US and expects to have all customers using DNSSEC by the “early part of 2011”.

The deployment will come in two phases. The first phase, expected to last 60 days, sees DNSSEC turned on for subscribers who have previously opted out of the Domain Helper system.

After that, Comcast will continue the rollout to all of its customers, which will involve killing off the Domain Helper service for good.

As the company says in its FAQ:

# We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC.
# Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented.
# The production network DNSSEC servers do not have Comcast Domain Helper’s DNS redirect functionality enabled.

When web users try to visit a non-existent domain, DNS normally supplies a “does-not-exist” reply. Over recent years it has become increasingly common for ISPs to intercept this response and show users a monetized search page instead.

But DNSSEC introduces new anti-spoofing features that require such responses to be cryptographically signed. This, it seems, means ISPs will no longer be able to intercept and monetize error traffic without interfering with the end-to-end functionality of DNSSEC.

Comcast, which has been trialing the technology with volunteers for most of the year, says that to do so “breaks the chain of trust critical to proper DNSSEC validation functionality”.

It looks like it’s the beginning of the end of the ISP error wildcard. That’s got to be a good thing, right?

Government ‘cybersquatting’ case rattles India

Kevin Murphy, October 4, 2010, Domain Services

Cybersquatting mischief is making headlines in India today, after the nation’s main opposition party accused the government of directing a confusingly similar domain name to its own site.

According to various reports, the opposition Bharatiya Janata Party served a “legal notice” on the ruling Indian National Congress party over the domain name bjp.com.

The BJP hosts its primary site at bjp.org. According to the party, the .com domain has been redirecting users to the Congress’ own site. Today, it resolves to a page parked at Sedo.

The contested domain is currently registered behind eNom’s privacy protection service. It appears to have changed hands several times over the years, most recently to an Indian.

Unless the BJP has some other evidence connecting its rival to the domain, it looks like this may be a case of cheap political point-scoring.

Delhi Commonwealth Games wins UDRP

Kevin Murphy, September 28, 2010, Domain Policy

With five days to go before the Commonwealth Games kicks off in Delhi, the organizers may be under fire for expecting athletes to live like squatters, but they have managed to beat off one cybersquatter.

(Do you see what I did there?)

The Organising Committee of the games has been handed delhi-commonwealth-games.com in a UDRP proceeding against an anonymous registrant handled by WIPO

It looks like a fairly straightforward case. The web site, which has content, appears on the first page of Google for [delhi commonwealth games]. The WIPO panelist said its use of commercial links showed bad faith.

The official domain of the games is the rather less SEO-friendly cwgdelhi2010.org.

Interestingly, the Committee became aware of the domain in April 2009 and its first move was to ask the registrar, Directi, to block it, which it refused. It was well over a year later when the UDRP claim was filed.

Delhi was awarded the Commonwealth Games in 2003. The domain was registered in 2006.

The city has recently come under fire for its apparent lack of preparation, offering arriving athletes accommodation well below par from a health and safety perspective.