Donuts has sued ICANN in an attempt to block the auction of the .web gTLD this Wednesday.
The gTLD portfolio registry filed a lawsuit in California on Friday, seeking over $10 million in damages and a temporary restraining order to stop the auction going ahead.
The complaint alleges breach of contract, negligence and unfair competition and seeks a court declaration that the covenant not to sue signed by all new gTLD applicants is unenforceable.
According to Donuts, ICANN breached its duties by not fully investigating the allegation that rival .web applicant Nu Dot Co has undergone a change of control and has a new, wealthier owner.
NDC is the only applicant in the eight-strong .web/.webs contention set that refuses to resolve the contest privately.
A private auction would enrich all losing applicants to the tune of many millions of dollars.
By forcing a “last resort” ICANN auction, NDC has ensured that ICANN will be the only party to benefit from the auction proceeds.
Last-resort auction funds are placed in a separate ICANN account, currently worth over $100 million, which will be spent according to a currently undecided policy created by the ICANN community.
But Donuts’ complaint strongly implies that ICANN is forcing the auction to go ahead because it stands to benefit financially.
Donuts repeats the allegation from its recent joint Request for Reconsideration with Radix that NDC should be forced to disclose to ICANN, via a gTLD application change, the names of its alleged new directors.
It cites again a redacted email from NDC director Jose Ignacio Rasco which talks about fellow listed director Nicolai Bezsonoff no longer being involved with the application but that “several” new directors were.
It adds a quote about Rasco talking about “powers that be”, which Donuts takes to mean he is answering to someone else.
NDC is not listed in the lawsuit, which focuses on ICANN’s obligations under the new gTLD program application contract.
Donuts alleges, for example, that ICANN has a duty to fully investigate whether NDC has indeed changed directors.
ICANN’s Board Governance Committee said last week that ICANN staff had talked to and emailed Rasco about the allegations. Donuts says it should have at least talked to Bezsonoff too.
Donuts also claims that ICANN is not allowed to go ahead with a last-resort auction while there are still outstanding “accountability mechanisms” — including the RfR, which has not yet been formally closed out by the full ICANN board.
The lawsuit also reveals that Donuts simultaneously filed a complaint using ICANN’s less legally formal Independent Review Process, though documentation for that is not yet available.
ICANN’s most recent statement on .web, which just confirms that the .web auction will go ahead this coming Wednesday, was also posted on Friday. It’s not clear if that was posted before or after ICANN became aware of the lawsuit.
All new gTLD applicants had to agree not to sue ICANN when they applied, but Donuts argues that this is unfair and unenforceable.
DotConnectAfrica has had some success with this argument, though Donuts does not cite that case in its own complaint.
There’s been some speculation about the motives of Donuts and others in trying to delay the auction.
The lawsuit will not force NDC into a private auction, but it might buy Donuts and the other applicants more time to consider their strategies.
I’m getting into speculative territory here, but if NDC’s strategy is to win the .web auction as a Trojan horse for its alleged new owner, perhaps revealing the identity of that new owner would make it less likely to insist on a last-resort auction.
If NDC’s alleged new owner has a time-sensitive need for the revenue .web could bring (which could be the case if, for example, the owner was Neustar) perhaps the prospect of a long lawsuit and IRP case could make it more likely to accept a private auction.
If the alleged new owner was revealed to be Verisign — a company more likely than most to acquire .web simply in order to bury it — perhaps that revelation could spur remaining applicants into pooling their resources to defeat it.
It it was a big tech firm from outside the domain industry, perhaps that would strengthen Google’s resolve to win the auction.
That’s all just me talking off the top of my head, of course.
I have no idea whether or not NDC even has new backers, though its behavior in avoiding private auction goes against character and certainly raises eyebrows.
The Donuts complaint, filed as its subsidiary Ruby Glen LLC, can be read here (pdf).
A joint US-Polish law enforcement operation has led to the arrest of the alleged owner of the piracy-focused BitTorrent links site KickAssTorrents.
The US Department of Justice announced yesterday that Ukrainian national Artem Vaulin has been arrested in Poland and that it will seek to extradite him to Chicago to face criminal copyright infringement charges.
The site, which has been banned at the ISP level in countries including the UK, provides links to download and share copyrighted works such as movies and music from other BitTorrent users.
But it’s perhaps best known in the domain name industry for regularly jumping from one TLD to another as its domains are terminated by local authorities.
According to the DoJ, it has been seen on kickasstorrents.com, kat.ph (Philippines), kickass.to (Tonga), kickass.so (Somalia) and kat.cr (Costa Rica).
The department said it has seized seven domain names as part of its operation.
According to my records, there are 20 examples of kickasstorrents.example domains in the Alexa one million, all in new gTLDs (though I’ve no idea whether they’re part of the same operation).
The DoJ reckons KAT makes annual revenue of between $12.5 million to $22.3 million from advertising accompanying its links.
The new gTLD .web seems set to go to auction next week after ICANN rejected an 11th-hour delay attempt by two applicants.
ICANN’s Board Governance Committee said yesterday that there is no evidence that applicant Nu Dot Co has been taken over by a deep-pocketed third party.
The BGC therefore rejected Donuts’ and Radix’s joint attempt to have the July 27 “last resort” auction delayed.
Donuts and Radix had argued in a Request for Reconsideration earlier this week that Nu Dot Co has changed its board of directors since first applying for .web, which would oblige it to change the application.
Its failure to do so meant they auction should be delayed, they said.
They based their beliefs on an email from NDC director Jose Ignacio Rasco, in which he said one originally listed director was no longer involved with the application but that “several others” were.
There’s speculation in the contention set that a legacy gTLD operator such as Verisign or Neustar might now be in control of NDC.
But the BGC said ICANN had already “diligently” investigated these claims:
in response to the Requesters’ allegations, ICANN did diligently investigate the claims regarding potential changes to Nu Dot’s leadership and/or ownership. Indeed, on several occasions, ICANN staff communicated with the primary contact for Nu Dot both through emails and a phone conversation to determine whether there had been any changes to the Nu Dot organization that would require an application change request. On each occasion, Nu Dot confirmed that no such changes had occurred, and ICANN is entitled to rely upon those representations.
ICANN staff had asked Rasco via email and then telephone whether there had been any changes to NDC’s leadership or control, and he said there had not.
He is quoted by he BGC as saying:
[n]either the ownership nor the control of Nu Dotco, LLC has changed since we filed our application. The Managers designated pursuant to the company’s LLC operating agreement (the LLC equivalent of a corporate Board) have not changed. And there have been no changes to the membership of the LLC either.
The RfR has therefore been thrown out.
Unless further legal action is taken, the auction is still scheduled for July 27. The deadline for all eight applicants (seven for .web and one for .webs) to post deposits with ICANN passed on Wednesday.
As it’s a last resort auction, all funds raised will go into an ICANN pot, the purpose of which has yet to be determined. The winning bid will also be publicly disclosed.
Had the contention set been settled privately, all losing applicants would have made millions of dollars of profit from their applications and the price would have remained a secret.
NDC is the only applicant refusing to go to private auction.
The applicants for .web are NDC, Radix, Donuts, Schlund, Afilias, Google and Web.com. Vistaprint’s bid for .webs is also in the auction.
The RfR decision can he read here (pdf).
Nic.at will next month start selling .at domains shorter than three character domains for the first time.
All one-character and two-character domains will be released, the ccTLD registry said, about 5,000 domains in total.
The released domains include those containing any of the 34 non-Latin letters Nic.at supports, it said.
Holders of trademarks valid in Austria before July 1 get the first crack at the names, during a August 29 to September 23 sunrise period.
During this phase, domains will cost €240 ($265) with a €120 ($132) application fee. Contested sunrise names will be auctioned in October.
Everything not grabbed by trademark interests will be put to a public auction from November 7, where the minimum bid will be €72 ($79).
If there’s anything left after that, it will be released into the general available pool for registration at standard .at prices.
Nic.at plans to dump all registered one and two-character domains into the .at zone file, so they can be used, at the same time on December 6.
Austria has no local presence requirements for ccTLD registration.
Given “at” has some semantic value in English, it could be a popular launch.
ICANN is about to embark on a year-long effort to warn the internet that it plans to replace the top-level cryptographic keys used in DNSSEC for the first time.
CTO David Conrad told DI today that ICANN will rotate the so-called Key Signing Key that is used as the “trust anchor” for all DNSSEC queries that happen on the internet.
Due to the complexity of the process, and the risk that something might go wrong, the move is to be announced in the coming days even though the new public key will not replace the existing one until October 2017.
The KSK is a cryptographic key pair used to sign the Zone Signing Keys that in turn sign the DNS root zone. It’s basically at the top of the DNSSEC hierarchy — all trust in DNSSEC flows from it.
It’s considered good practice in DNSSEC to rotate keys every so often, largely to reduce the window would-be attackers have to compromise them.
The Zone Signing Key used by ICANN and Verisign to sign the DNS root is rotated quarterly, and individual domain owners can rotate their own keys as and when they choose, but the same KSK has been in place since the root was first signed in 2010.
Conrad said that ICANN is doing the first rollover partly to ensure that the procedures in has in place for changing keys are effective and could be deployed in case of emergency.
That said, this first rotation is going to happen at a snail’s pace.
Key generation is a complex matter, requiring the physical presence of at least three of seven trusted key holders.
These seven individuals possess physical keys to bank-style strong boxes which contain secure smart cards. Three of the seven cards are needed to generate a new key.
Each of the quarterly ZSK signing ceremonies — which are recorded and broadcast live over the internet — takes about five hours.
The first step in the rollover, Conrad said, is to generate the keys at ICANN’s US east coast facility in October this year. A copy will be moved to a facility on the west coast in February.
The first time the public key will appear in DNS will be July 11, 2017, when it will appear alongside the current key.
It will finally replace the current key completely on October 11, 2017, by which time the DNS should be well aware of the new key, Conrad said.
There is some risk of things going wrong, which could affect domains that are DNSSEC-signed, which is another reason for the slowness of the rollover.
If ISPs that support DNSSEC do not start supporting the new KSK before the final switch-over, they’ll fail to correctly resolve DNSSEC-signed domains, which could lead to some sites going dark for some users.
There’s also a risk that the increased DNS packet sizes during the period when both KSKs are in use could cause queries to be dropped by firewalls, Conrad said.
“Folks who have things configured the right way won’t actually need to do anything but because DNSSEC is relatively new and this software hasn’t really been tested, we need to get the word out to everyone that this change is going to be occurring,” said Conrad.
ICANN will conduct outreach over the coming 15 months via the media, social media and technology conferences, he said.
It is estimated that about 20% of the internet’s DNS resolvers support DNSSEC, but most of those belong to just two companies — Google and Comcast — he said.
The number of signed domains is tiny as a percentage of the 326 million domains in existence today, but still amounts to millions of names.