Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root

ICANN has finally approved a version of .eu in Greek script, but it’s already been criticized as “useless”.

Yesterday, ICANN’s board of directors rubber-stamped .ευ, the second internationalized domain name version of the European Union’s .eu, which will be represented in the DNS as .xn--qxa6a.

There’s a lot of history behind .ευ, much of it maddeningly illustrative of ICANN’s Kafkaesque obsession with procedure.

The first amusing thing to point out is that .ευ is technically being approved under ICANN’s IDN ccTLD Fast Track Process, a mere NINE YEARS after EURid first submitted its application.

The “Fast Track” has been used so far to approve 61 IDN ccTLDs. Often, the requested string is merely the name of the country in question, written in one of the local scripts, and the TLD is approved fairly quickly.

But in some cases, especially where the desired string is a two-character code, a string review will find the possibility of confusion with another TLD. This runs the risk of broadening the scope of domain homograph attacks sometimes used in phishing.

That’s what happened to .ευ, along with Bulgaria’s Cyrillic .бг and Greece’s own .ελ, which were rejected on string confusion grounds back in 2010 and 2011.

Under pressure from the Governmental Advisory Committee, ICANN then implemented an Extended Process Similarity Review Panel, essentially an appeals process designed to give unsuccessful Fast Track applicants a second bite at the apple.

That process led to Bulgaria being told that .бг was not too similar to Brazil’s .br, and Greece being told that .ελ did not look too much like .EA, a non-existent ccTLD that may or may not be delegated in future, after all.

But the EU’s .ευ failed at the same time, in 2014. The appeals review panel found that the string was confusable with upper-case .EY and .EV.

Again, these are not ccTLDs, just strings of two characters that have the potential to become ccTLDs in future should a new country or territory emerge and be assigned those codes by the International Standards Organization, a low-probability event.

I reported at the time that .ευ was probably as good as dead. It seemed pretty clear based on the rules at the time that if a string was confusable in uppercase OR lowercase, it would be rejected.

But I was quickly informed by ICANN that I was incorrect, and that ICANN top brass needed to discuss the results.

That seems to have led to ICANN tweaking the rules yet again in order to crowbar .ευ into the root.

In 2015, the board of directors reached out to the GAC, the ccNSO and the Security and Stability Advisory Committee for advice.

They dutifully returned two years later with proposed changes (pdf) that seemed tailor-made for the European Union’s predicament.

A requested IDN ccTLD that caused confusion with other strings in only uppercase, but not lowercase (just like .ευ!!!) could still get delegated, provided it had a comprehensive risk mitigation strategy in place, they recommended.

The recommendation was quickly approved by ICANN, which then sent its implementation guidelines (again, tailor-made for EURid (pdf)) back to the ccNSO/SSAC.

It was not until February this year that the ccNSO/SSAC group got back to ICANN (pdf) to approve of its implementation plan and to say that it has already tested it against EURid’s proposed risk-mitigation plan (pdf).

Basically, the process in 2009 didn’t produce the desired result, so ICANN changed the process. It didn’t produced the desired result again in 2014, so the process was changed again.

But at least Greek-speaking EU citizens are finally going to get a meaningful ccTLD that allows them to express their EUishness in their native script, right?

WRONG!

I recently read with interest and surprise a blog post by domainer-blogger Konstantinos Zournas, in which he referred to .ευ as the “worst domain extension ever”.

Zournas, who is Greek, opened my eyes to the fact that “.ευ” is meaningless in his native tongue. It’s just two Greek letters that visually resemble “EU” in Latin script. It’s confusing by design, but with .eu, a ccTLD that EURid already manages.

While not for a moment doubting Zournas’ familiarity with his own language, I had to confirm this on the EU’s Greek-language web site.

He’s right, the Greek for “European Union” is “Ευρωπαϊκής Ένωσης”, so the sensible two-letter IDN ccTLD would be .ΕΈ (those are Greek characters that look a bit like Latin E).

That would have almost certainly failed the ICANN string similarity process, however, as .ee/EE is the current, extant ccTLD for Estonia.

In short (too late), it seems to have taken ICANN the best part of a decade, and Jesus H Christ knows how many person-hours, to hack its own procedures multiple times in order to force through an application for a TLD that doesn’t mean anything, can’t be confused with anything that currently exists on the internet, and probably won’t be widely used anyway.

Gratz to all involved!

5 Comments Tagged: .eu, .ευ, ccnso, cctlds, eurid, fast track, gac, ICANN, idn cctld fast track, idns, ssac

Sorry, you still can’t sue ICANN, two-faced .africa bidder told

Failed .africa gTLD applicant DotConnectAfrica appears to have lost its lawsuit against ICANN.

A California judge has said he will throw out the portions of DCA’s suit that had not already been thrown out two years ago, on the grounds that DCA was talking out of both sides of its mouth.

DCA applied for .africa in 2012 but lost out to rival applicant ZA Central Registry because ZACR had the backing of African governments and DCA did not.

It filed an Independent Review Process complaint against ICANN in 2013 and won in 2015, with the IRP panel finding that ICANN broke its own bylaws by paying undue deference to Governmental Advisory Committee advice.

It also emerged that ICANN had ghost-written letter of government support on behalf of the African Union, which looked very dodgy.

DCA then sued ICANN in 2016 on 11 counts ranging from fraud to breach of contract to negligence.

The Los Angeles Superior Court decided in 2017 that five of those charges were covered by the “covenant not to sue”, a broad waiver that all new gTLD applicants had to sign up to.

But the remaining six, relating to ICANN’s alleged fraud, were allowed to go ahead.

ICANN relied in its defense on a principle called “judicial estoppel”, where a judge is allowed to throw out a plaintiff’s arguments if it can be shown that it had previously relied on diametrically opposed arguments to win an earlier case.

The judge has now found that estoppel applies here, because DCA fought and won the IRP in part by repeatedly claiming that it was not allowed to sue in a proper court.

It had made this argument on at least seven occasions during the IRP, Judge Robert Broadbelt found. He wrote in his August 22 ruling (pdf):

DCA’s successfully taking the first position in the IRP proceeding and gaining significant advantages in that proceeding as a result thereof, and then taking the second position that its totally inconsistent in this lawsuit, presents egregious circumstances that would result in a miscarriage of justice if the court does not apply the doctrine of judicial estoppel to bar DCA from taking the second position in this lawsuit. The court therefore exercises its discretion to find in favor of ICANN, and against DCA, on ICANN’s affirmative defense of judicial estoppel and to bar DCA from bringing or maintaining its claims against ICANN alleged in the [First Amended Complaint] in this lawsuit.

In other words, ICANN’s won.

The case is not yet over, however. DCA still has an opportunity to object to the ruling, and there’s a hearing scheduled for December.

Comment Tagged: dca, dotconnectafrica, gac, geographic, ICANN, irp, new gTLDs, zacr

Why you should never let a pizza joint apply for your billion-dollar dot-brand

A multi-billion dollar telecoms company has lost its two dot-brand gTLDs after apparently hiring a failed pizza restaurant to manage them.

For reals.

Several times a year, my friends at other domain news blogs will post cautionary tales about companies losing their domains after falling out with the consultant or developer who originally registered the names on their behalf.

I believe this story is the first example of the same thing happening at the top level, with two valuable dot-brand gTLDs.

It concerns the Saudi Arabian telco Etihad Etisalat, which does business as Mobily. It’s publicly traded, with millions of subscribers and 2018 revenue of the equivalent of $3.14 billion.

The two gTLDs we’re concerned with are .mobily and موبايلي. (.xn--mgbb9fbpob), the Arabic version of the brand.

Back in 2012, a Bahrain company called GreenTech Consultancy Company applied for both of these TLDs. The applications made it explicit that they were to be single-registrant dot-brands to be used by Mobily.

Quite what the relationship between Mobily and GreenTech was — if there even was one — isn’t particularly clear.

GreenTech’s shareholders were Anwar Ahmed and Asma Malik, two Pakistani nationals living in Bahrain, according to Bahrain business records.

Its web site is an laughable mess of broken English, shameful grammar, irrelevant and impenetrable technobabble (much of which appears verbatim on several other South Asian tech companies’ web sites), and a suggestion that the company is primarily in the business of selling satellite modems.

The site just stinks of bogosity. It looks like a dirt-cheap developer threw the site together during his lunch break for beer money.

Bahrain company records show that GreenTech shared a registration with a company called Greentech Pizzeria Restaurant. Same two directors, same address, same company number.

The consultancy company was formed in February 2012 — during the ICANN application window — and the pizza joint opened a bit over a year later.

Why a multi-billion dollar telecommunications company would entrust its brands to these guys, if that is in fact what happened, is a bit of a mystery.

From information that has recently emerged, which I’ll get to shortly, it appears that the true applicant was a Los Angeles-based gTLD consultancy called WiseDots, which in 2011 was co-founded by recently departed ICANN CFO Kevin Wilson and Herman Collins.

WiseDots employees Collins, Wael Nasr and Alan Bair were all at some point listed as primary or secondary contacts for the two applications, as was domain lawyer Mike Rodenbaugh of Rodenbaugh Law.

Wilson left WiseDots in May 2012 and rejoined three years later as CEO after a stint at Donuts. He’s currently listed as the Admin contact for both Mobily gTLDs in the IANA records.

It appears that Mobily signed a letter of intent with WiseDots on April 9, 2012, just three days before the ICANN application window closed, and that was later formalized into a contract in 2014, six months before GreenTech signed its contracts with ICANN.

Both applications made it through ICANN’s evaluation process with apparently no trouble — there were no objections on trademark or any other grounds — and the Registry Agreements were signed in December 2014.

It’s worth noting that neither contract contains Specification 13, which is required for a registry to operate as a dot-brand. If you want to run a dot-brand, you have to show ICANN that you own a trademark matching the string you’ve applied for.

GreenTech did actually submit requests for Spec 13 approval (pdf) — a week after the contracts were already signed — but at a later date both were either withdrawn or rejected by ICANN for reasons unknown.

Both requests include what appear to be scans of Saudi trademark certificates, but they’re both in Arabic and I’ve no idea who they’re assigned to. Presumably, Mobily, which may explain why GreenTech couldn’t get its Spec 13.

After the contracts were signed, it took exactly one full year — the maximum delay permitted by ICANN — before they were delegated and entered the DNS root.

A year after that, in December 2016, ICANN whacked GreenTech with a breach-of-contract notice (pdf), after the company apparently failed to pay its ICANN fees.

The fees had been “past due” for at least six months. It seems quite possible GreenTech had never paid its fees after delegation.

The breach was later escalated to termination, and the two parties entered mediation.

According to Nasr, in a letter to ICANN, Mobily had promised to pay the ICANN fees, but had reneged on its promise, causing the breach.

The issue was resolved, with GreenTech apparently agreeing to some “confidential” terms with ICANN, in November 2017.

It has now transpired, from Nasr’s letter and attached confidential joint-venture agreement, that GreenTech, WiseDots, Collins, Ahmad, Nasr and yet another consultant — an Egyptian named Ahmed El Oteify, apparently with Varkon Group — made a pact in August 2016 whereby the two gTLDs would be transferred into the control of a new jointly owned Bahrain company to be called MobileDots WLL, which in turn would be owned by a new jointly owned Delaware company called MobileDots LLC.

The TLD contracts would then be transferred to Mobily, according to Nasr.

“GreenTech and the two Mobiledots companies were intended to be intermediate conduits for the future transfer of the two Mobily licenses to Mobily as their eventual Registered Operator,” he wrote.

“At no point in time was GreenTech ever contemplated as the true operator of the ‘Mobily’ gTLD licenses. Indeed, GreenTech ran a defunct pizza restaurant, and was long ago de-registered by the Bahraini government for its numerous payments and filing defaults,” he wrote.

The Delaware company was created, but there does not appear to be an official record of the Bahrain company being formed.

According to Nasr, after Mobily stopped paying its ICANN dues the joint venture partners fell out with each other over how to finance the registries. This led to GreenTech asking ICANN to terminate its contracts, which I blogged about in May.

As is customary when a brand registry self-terminates, ICANN made a preliminary decision not to transfer the GreenTech contracts to a third party and opened it up to public comments.

Nasr’s letter is the first example of anyone ever actually using that public comment opportunity.

He argued that because of the JV agreement, ICANN should instead transfer .mobily and the Arabic version to MobileDots.

ICANN declined, saying “it is not within the remit of ICANN org to transfer the TLDs to a specific successor Registry Operator (such as Mobiledots L.L.C., as Mr. Nasr requests) through this termination process”.

As a further twist in the tale, on August 23 this year, just four days before the contract terminations were due to become effective, GreenTech withdrew its requests for reasons unknown.

But it seems ICANN has had enough.

Last Thursday, it told GreenTech (Wilson and Ahmed) that it is terminating its registry contracts anyway, “invoking certain provisions set forth in the previously agreed-upon confidential terms between ICANN org and GreenTech”.

Its termination notices do not reveal what these “confidential terms” are.

But, given that GreenTech stopped existing as a legal entity in February (according to Bahrain company records) it appears it would have been on fairly solid grounds to terminate anyway.

ICANN’s decision is not open for comment this time around, and IANA has been asked to delete both TLDs from the root as soon as possible.

The upshot of all this is that a massive Saudi telco has lost both of the dot-brands it may or may not have wanted, and a whole mess of gTLD consultants appear to be out of pocket.

And the moral of this story?

Damned if I know. Something to do with pizzas, probably.

9 Comments Tagged: .mobily, dot-brands, Etihad Etisalat, greentech, ICANN, new gTLDs, termination, trademarks, wisedots

More than 1,000 new gTLDs a year? Sure!

There’s no particular reason ICANN shouldn’t be able to add more than 1,000 new gTLDs to the DNS every year, according to security experts.

The Security and Stability Advisory Committee has informed ICANN (pdf) that the cap, which was in place for the 2012 application round, “has no relevance for the security of the root zone”.

Back then, ICANN had picked the 1,000-a-year upper limit for delegations more or less out of thin air, as a straw man for SSAC, the root server operators, and those who were opposed to new gTLDs in general to shake their sticks at. It was concluded that 1,000 should present no issues.

As it turned out, it took two and a half years for ICANN to add the first 1,000 new gTLDs, largely due to the manual elements of the application process.

SSAC is now reiterating its previous advice that monitoring the rate of change at the root is more important than how many TLDs are added, and that there needs to be a way to slam the brakes on delegations if things go titsup.

The committee is also far more concerned that some of the 2012 new gTLDs are being quite badly abused by spammers and the like, and that ICANN is not doing enough to address this problem.

Comment Tagged: ICANN, new gTLDs, root, root scaling, ssac

Paranoid ICANN opens another root server in China

ICANN has announced the creation of another root server instance in China, which definitely, DEFINITELY won’t let the Chinese government mess with the interwebs.

ICANN said this week that it’s opened an instance of the L-root that it manages in Shanghai.

It’s the third L-root in China but only the first outside of Beijing.

In a press release announcing the installation, which was carried out with technical support from CNNIC and Shanghai Telecom, ICANN decided to preemptively head off any concerns that putting an important piece of internet infrastructure in China comes with added security risk:

Contrary to common misconception, root servers do not control the Internet. The operation of an instance also does not provide any mechanism to alter content of the DNS. Any modification of root zone content will be mitigated by a part of the DNS protocol known as the DNS Security Extensions (DNSSEC) and if an instance fail to respond to a query, resolvers will ask the same question to another instance or root server.

It’s merely the latest of 168 L-root installations and 1,015 copies of the 13 logical root servers, which all use IP Anycast to more quickly serve DNS answers to their local users.

Given how big and populous China is, there are surprisingly few root server instances in the country, according to root-servers.org.

In addition to ICANN’s three boxes, Verisign’s J-root and Internet Systems Consortium’s F-root have three in Beijing and two in Hangzhou between them. The K, I and F roots each have one instance in Beijing.

That’s eight nodes in China proper, which has 800 million internet users. Cross the border into semi-autonomous Hong Kong, which has a population of under eight million people, and there are nine root instances.

The city of Bucharest, Romania (pop. 1.8 million) has the same number of root instances as China.

1 Comment Tagged: china, ICANN, l-root, root servers