One of the companies that plans to apply for the .free top-level domain next year has settled a lawsuit filed by Microsoft over claims it was involved in running the Kelihos botnet.
The suit, filed in late September, had alleged that Czech-based dotFree Group and its CEO, Dominique Piatti, were behind dozens of domains used to spread malware.
dotFree already runs the free .cz.cc subdomain service, which isn’t what you’d call a trustworthy namespace. The whole .cz.cc zone appears to be currently banned from Google’s index.
This week, Microsoft has dropped its claims against the company and Piatti, saying it will instead work with the company to try to help clean up the free .cz.cc space.
Microsoft said on its official blog:
Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFREE Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet. Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti’s cz.cc domain.
As part of the settlement, Mr. Piatti has agreed to delete or transfer all the subdomains used to either operate the Kelihos botnet, or used for other illegitimate purposes, to Microsoft. Additionally, Mr. Piatti and dotFREE Group have agreed to work with us to create and implement best practices to prevent abuse of free subdomains and, ultimately, apply these same best practices to establish a secure free Top Level Domain as they expand their business going forward.
Expect this issue to be raised if and when .free becomes a contested gTLD application.
Proposals to change the way new top-level domains are insured against failure will put the whole new gTLD program at risk, according to an intellectual property lawyer.
Speaking at a session at the ICANN meeting in Dakar today, Paul McGrady of the law firm Greenberg Traurig said the changes could even lead to a lawsuit that would delay the January 2012 launch of the program by at least a couple of years.
The debate was sparked by a proposal from the registries to restructure the Continued Operations Instrument, a financial backup designed to fund gTLD operations after their businesses fail.
ICANN currently plans to ask each applicant to submit a COI sufficient to cover the cost of running their own gTLD for three years in the form of cash in escrow or a letter of credit.
But the registry proposal calls instead for a Continued Operations Fund that would pool the risk between applicants, with each applicant paying just $50,000 up-front.
While the COI implicitly assumes that all new gTLDs could crash and burn, the COF assumes that only a small number of businesses will fail, as I reported earlier this month.
But McGrady, apparently speaking for the Intellectual Property Constituency, gave a startlingly different interpretation of the COF, from the “.brand” applicant perspective.
A .brand applicant can secure a letter of credit sufficient to cover the COI for as little as $2,000, he said. A $50,000 payment to the COF would dramatically increase its costs, he said.
“That money is taken from the .brand applicant and given to the shaky start-ups that shouldn’t be applying anyway,” he said. “It’s a redistribution of wealth.”
“If you can’t meet the [Applicant] Guidebook’s current requirements, you are dramatically under-capitalized,” he said. “Don’t apply.”
He said that if ICANN decides to add the $50,000 cost before January, it’s likely that some of those brands that oppose the program anyway will use it as an excuse to sue for delay.
“If the ICANN community would like to tee up for a litigation issue which could bring round one to a halt before it opens, this is it,” he said.
He further said that any back-end registry services providers targeting .brand clients had better distance themselves from the COF proposal if they want to get that business.
“Anyone in the room with a vested interested in this process moving forward, this is not the issue to back,” he said.
While the specific proposal up for debate was drafted by the Public Interest Registry and Afilias, the concept of a COF is has the backing of the ICANN registry stakeholder group.
As far as FUD goes, McGrady’s presentation was pretty blatant stuff, but that does not necessarily mean it’s not true.
His tone seemed to cause some consternation in the room.
Likely applicant Ron Andruff said that McGrady was employing a “scare tactic about how things might get delayed because big corporations don’t want to park money”.
Several others pointed out that smaller community applicants and applicants from certain countries may be unable to secure a letter of credit as easily as a large brand applicant.
Those applicants would have to put cash in escrow, tying it up and making it harder to market their gTLDs… thus leading to a greater chance of failure.
But McGrady stuck to his “redistribution of wealth” line.
“What we’re talking about is a last-minute change to the Guidebook to benefit applicants that don’t have sufficient funds,” he said.
He was not alone speaking out against the COF idea.
Richard Tindal of likely gTLD applicant Donuts said that many projections about new gTLDs are being made by a small number of registries that are making similar assumptions.
If these assumptions turn out to be flawed, the risk of gTLD failures could be bigger than expected.
“If a hurricane hits a house in the street, it’s going to hit all the houses in the street,” he said.
The COF/COI debate is open for public comment until December 2.
ICANN’s general counsel and chief operating officer were granted pay raises by the board of directors at a meeting last weekend.
A review of market data concluded that John Jeffrey and Akram Atallah both were being paid less than the target 50 to 75 percentile of comparable executives in other companies, the board said in a partially-redacted resolution.
The resolution says that neither man should see an annual raise of more than 15%.
The board’s meeting also set the bonus goals for CEO Rod Beckstrom and ombudsman Chris LaHatte.
The registrant of the domain name co.no has sued Norwegian registry Norid over claims that it tried to hold up the launch of .co.no as an alternative namespace.
Elineweb registered the domain back in 2001.
Last October, along with back-end partner CoDNS, the company said it would offer third-level .co.no domains to the public as an alternative to second-level .no names.
The idea was to bring gTLD-style friendliness to the strictly regulated .no ccTLD – where at the time companies were limited to 20 domains each.
Elineweb concluded a sunrise period this February, but subsequently delayed its full launch after Norid started asking it questions about the co.no domain’s ownership.
Norid was evidently not pleased. For the best part of 2011, it’s been conducting an investigation into whether the .co.no project complies with its policies.
In 2009, Norid added co.no and other two-letter domains to a reserved list. Already-registered domains on the list could continue to be used, but could not be transferred between registrants.
Norid has reportedly concluded that co.no has technically changed hands, hence Elineweb’s lawsuit. It wants the court to rule that its proposed service is legal.
“.CO.NO is a common initiative between Elineweb AS the registrant of the domain name and CoDNS BV, the technical back-end provider,” Elineweb said in a press release.
“We never tried to hide the fact that Elineweb is the registrant of the domain name, which is, besides a public information displayed in NORID whois database,” manager Sander Scholten said.
CoDNS, owned by Luxembourg registrar EuroDNS, is already the back-end provider for .co.nl, a pseudo-TLD offered in the Netherlands.
News of the lawsuit comes just a couple of weeks after Norid announced that it would raise the limit on the number of .no domains any given company can register to 100.
Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.
While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.
The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.
It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.
So, what’s going to change?
The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.
They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.
Here’s a list of all 12, taken from a recent ICANN summary report (pdf).
|Prohibition on registrar cybersquatting|
|Malicious conduct – registrar duty to investigate|
|Designation and publication of technically competent point of contact on malicious conduct issues, available on 24/7 basis|
|Registrar disclosure of privacy/proxy services made available in connection with registration; and responsibility of registrar for compliance by such services|
|Obligations of privacy/proxy services made available in connection with registration re data escrow; Relay function; Reveal function|
|Registrar responsibility for cancellation under appropriate circumstances of registrations made by other privacy/proxy services for noncompliance with Relay and Reveal|
|Define circumstances under which registrar is required to cancel registration for false Whois data and set reasonable time limits for registrar action|
|Require PCI compliance in registration process|
|Define “reseller” and clarify registrar responsibility for reseller compliance|
|Require greater disclosure of registrar affiliates/multiple accreditations|
|Require greater disclosure of registrar contact information, information on form of business organization, officers, etc.|
|Clarification of registrar responsibilities in connection with UDRP proceedings|
The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.
There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.
As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.
“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.
She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.
He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.
“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.
“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.
An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.
The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.
Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.
It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.
The ideas in the motion nevertheless stirred some passionate debate.
Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.
“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.
Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.
A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.
Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.
I’m not sure it’s going to be enough to fully satisfy the GAC.
Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.
She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.
UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.
Rather, he said, “there will be consideration of a broader range of issues.”
This appears to be consistent with the registrars’ original statement, which was linked to in the above post:
The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.