ICANN has temporarily banned “closed generic” gTLDs in response to Governmental Advisory Committee demands.
The ban, which may be lifted, affects at least 73 applications (probably dozens more) for dictionary-word strings that had been put forward with “single registrant” business models.
ICANN’s New gTLD Program Committee on Tuesday voted to prevent any applicant for a closed generic gTLD from signing a registry contract, pending further talks with the GAC.
In order to sign a registry agreement, applicants will have to agree to the following Public Interest Commitments:
1. Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.
2. Registry Operator of a “Generic String” TLD may not impose eligibility criteria for registering names in the TLD that limit registrations exclusively to a single person or entity and/or that person’s or entity’s “Affiliates” (as defined in Section 2.9(c) of the Registry Agreement). “Generic String” means a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.
The effect of this is that applications for closed generics are on hold until ICANN has figured out what exactly the GAC is trying to achieve with its advice, which emerged in its Beijing communique (pdf).
Closed generics have not to date been a specific category of gTLD. They’re basically bids like Symantec’s .antivirus, L’Oreal’s .beauty and Amazon’s .cloud, where the gTLD is not a “dot-brand” but every second-level domain would belong to the registry anyway.
The two main reasons the new gTLD program has allowed them so far are a) ICANN decided that coming up with definitions for categories of gTLD was too hard and prone to abuse, and b) ICANN didn’t want to overly restrict registries’ business models.
Apparently all it needed was a nudge from the GAC and a change of senior management to change its mind.
ICANN now has a definition of “generic”, which I believe is a first. To reiterate, it’s:
a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others
If the proposed PIC stands after ICANN’s talks with the GAC, nobody will be able to operate a generic string as a single-registrant gTLD.
But there may be one massive loophole.
Let’s say Volkswagen had applied for .golf (it didn’t) as a single-registrant dot-brand gTLD.
In that context, “golf” is a word used to label one model of car, “distinguishing a specific brand of goods, services, groups, organizations or things from those of others”.
But the word “golf” is also indisputably “a word or term that denominates or describes a general class of goods, services, groups, organizations or things”.
So which use case would trump the other? Would Volkswagen be banned from using .golf as a dot-brand?
It’s not just hypothetical. There are live examples in the current round of single-registrant applications that are both generic terms in one industry and brands in others.
Apple’s application for .apple is the obvious one. While it’s hard to imagine apple farmers wanting a gTLD, we don’t yet know how crazy the gTLD landrush is going to get in future rounds.
What of Bond University’s application for .bond? It’s a brand in terms of further education, but a generic term for debt instruments in finance.
Boots’ application for .boots? A brand in the high street pharmacy game, a generic if you sell shoes. Google’s application for .chrome is a brand in browsers but a generic in metallurgy.
None of the examples given here (and there are many more) are on the GAC’s list of problematic closed generics, but as far as I can see they would all be affected by ICANN’s proposed PIC.
The affected applications are not dead yet, of course. ICANN could change its view and drop the new PIC requirement a few months from now after talking to the GAC.
But the applications do appear to be in limbo for now.
All new gTLD applicants will have to abide by stricter rules on security and Whois accuracy under government-mandated changes to their contracts approved by the ICANN board.
At least one of the new obligations is likely to laden new gTLDs registries with additional ongoing costs. In another case, ICANN appears ready to shoulder the financial burden instead.
The changes are coming as a result of ICANN’s New gTLD Program Committee, which on on Tuesday voted to adopt six more pieces of the Governmental Advisory Committee’s advice from March.
This chunk of advice, which deals exclusively with security-related issues, was found in the GAC’s Beijing communique (pdf) under the heading “Safeguards Applicable to all New gTLDs”.
Here’s what ICANN has decided to do about it.
Mandatory Whois checks
The GAC wanted all registries to conduct mandatory checks of Whois data at least twice a year, notifying registrars about any “inaccurate or incomplete records” found.
Many new gTLD applicants already offered to do something similar in their applications.
But ICANN, in response to the GAC advice, has volunteered to do these checks itself. The NGPC said:
ICANN is concluding its development of a WHOIS tool that gives it the ability to check false, incomplete or inaccurate WHOIS data
Given these ongoing activities, ICANN (instead of Registry Operators) is well positioned to implement the GAC’s advice that checks identifying registrations in a gTLD with deliberately false, inaccurate or incomplete WHOIS data be conducted at least twice a year. To achieve this, ICANN will perform a periodic sampling of WHOIS data across registries in an effort to identify potentially inaccurate records.
While the resolution is light on detail, it appears that new gTLD registries may well be taken out of the loop completely, with ICANN notifying their registrars instead about inaccurate Whois records.
It’s not the first time ICANN has offered to shoulder potentially costly burdens that would otherwise encumber registry operators. It doesn’t get nearly enough credit from new gTLD applicants for this.
Contractually banning abuse
The GAC wanted new gTLD registrants contractually forbidden from doing bad stuff like phishing, pharming, operating botnets, distributing malware and from infringing intellectual property rights.
These obligations should be passed to the registrants by the registries via their contracts with registrars, the GAC said.
ICANN’s NGPC has agreed with this bit of advice entirely. The base new gTLD Registry Agreement is therefore going to be amended to include a new mandatory Public Interest Commitment reading:
Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.
The decision to include it as a Public Interest Commitment, rather than building it into the contract proper, is noteworthy.
PICs will be subject to a Public Interest Commitment Dispute Resolution Process (PICDRP) which allows basically anyone to file a complaint about a registry suspected of breaking its commitments.
ICANN would act as the enforcer of the ruling, rather than the complainant. Registries that lose PICDRP cases face consequences up to an including the termination of their contracts.
In theory, by including the GAC’s advice as a PIC, ICANN is handing a loaded gun to anyone who might want to shoot down a new gTLD registry in future.
However, the proposed PIC language seems to be worded in such a way that the registry would only have to include the anti-abuse provisions in its contract in order to be in compliance.
Right now, the way the PIC is worded, I can’t see a registry getting terminated or otherwise sanctioned due to a dispute about an instance of copyright infringement by a registrant, for example.
I don’t think there’s much else to get excited about here. Every registry or registrar worth a damn already prohibits its customers from doing bad stuff, if only to cover their own asses legally and keep their networks clean; ICANN merely wants to formalize these provisions in its chain of contracts.
Actually fighting abuse
The third through sixth pieces of GAC advice approved by ICANN this week are the ones that will almost certainly add to the cost of running a new gTLD registry.
The GAC wants registries to “periodically conduct a technical analysis to assess whether domains in its gTLD are being used to perpetrate security threats such as pharming, phishing, malware, and botnets.”
It also wants registries to keep records of what they find in these analyses, to maintain a complaints mechanism, and to shut down any domains found to be perpetrating abusive behavior.
ICANN has again gone the route of adding a new mandatory PIC to the base Registry Agreement. It reads:
Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.
You’ll notice that the language is purposefully vague on how registries should carry out these checks.
ICANN said it will convene a task force or GNSO policy development process to figure out the precise details, enabling new gTLD applicants to enter into contracts as soon as possible.
It means, of course, that applicants could wind up signing contracts without being fully apprised of the cost implications. Fighting abuse costs money.
There are dozens of ways to scan TLDs for abusive behavior, but the most comprehensive ones are commercial services.
ICM Registry, for example, decided to pay Intel/McAfee millions of dollars — a dollar or two per domain, I believe — for it to run daily malware scans of the entire .xxx zone.
More recently, Directi’s .PW Registry chose to sign up to Architelos’ NameSentry service to monitor abuse in its newly relaunched ccTLD.
There’s going to be a fight about the implementation details, but one way or the other the PIC would make registries scan their zones for abuse.
What the PIC does not state, and where it may face queries from the GAC as a result, is what registries must do when they find abusive behavior in their gTLDs. There’s no mention of mandatory domain name suspension, for example.
But in an annex to Tuesday’s resolution, ICANN’s NGPC said the “consequences” part of the GAC advice would be addressed as part of the same future technical implementation discussions.
In summary, the NGPC wants registries to be contractually obliged to contractually oblige their registrars to contractually oblige their registrants to not do bad stuff, but there are not yet any obligations relating to the consequences, to registrants, of ignoring these rules.
This week’s resolutions are the second big batch of decisions ICANN has taken regarding the GAC’s Beijing communique.
Earlier this month, it accepted some of the GAC’s direct advice related to certain specific gTLDs it has a problem with, the RAA and intergovernmental organizations and pretended to accept other advice related to community objections.
The NGPC has yet to address the egregiously incompetent “Category 1” GAC advice, which was the subject of a public comment period.
New gTLD applicants have reportedly complained to ICANN about the unexpectedly high cost of dealing with objections.
The International Chamber of Commerce has apparently been quoting objectors prices as high as €150,000 for a three-person panel to handle a formal community objection.
At $195,000, that’s almost $10,000 more than the original ICANN application fee.
Because Community Objections run on a loser-pays basis, the stakes are high indeed. An applicant could lose its application, most of its application fee, and still have to pay the objector’s fees.
The complaints emerged during a session with ICANN new gTLD program head Christine Willett at a meeting in Brussels earlier this week, according to consultant and occasional DI contributor Stephane Van Gelder.
Writing on the NetNames blog yesterday, Van Gelder quoted Willett as saying:
We are aware that ICC fees are more than people were expecting. Some applicants have been quoted around 50,000 Euros for a one expert panel and 150,000 Euros for a three expert panel. Although in the same order of magnitude as the cost estimate listed in the applicant guidebook, they are still higher. In some cases, significantly higher. In fact, we had one applicant write to us last week saying that their quoted expert fee was more than the ICANN fees for submitting their application in the first place! So we have reached out to ICC and are hoping they can provide some rationale for the costs they are quoting.
The Applicant Guidebook does not detail the fees charged by dispute resolution providers, but materials provided by the ICC (pdf) say that its admin costs are €12,000 and €17,000 for a one-person and three-person panel respectively. The hourly rate for the panelists is €450, it says.
With a €150,000 total cost, back of the envelope doodling suggests that each panelist expects to spend around 100 hours working on each case — over two weeks at seven hours a day.
By contrast, the World Intellectual Property Organization’s fees for handling Legal Rights Objections with a three-person panel start at $23,000 ($3,000 for WIPO, $20,000 for the panelists).
dotgay LLC could be hit by another formal new gTLD objection from gay Republicans.
ICANN Ombudsman Chris LaHatte today said that it was “unfair” that a community objection filed by GOProud, a gay lobby group, was rejected by the International Chamber of Commerce.
The ICC screwed up, it seems, judging by LaHatte’s decision.
Washington DC-based GOProud, which seeks to show that not all gay rights advocates have liberal views on other issues, had filed a community-based objection to dotgay’s .gay gTLD application.
While the substance of the objection is not known, I suspect it’s politically motivated. The other objection to dotgay’s application was filed by another gay Republican organization, the Metroplex Republicans of Dallas (formerly Log Cabin Republicans Dallas).
The ICC rejected the objection because it was about 500 words over the prescribed limit, but it sent the notification to the wrong email address, according to LaHatte’s blog.
Had GOProud received the notification, it would have had time to amend its objection to rectify the mistake. However, by the time it discovered the problem the filing deadline had passed.
there is some unfairness in the subsequent rejection given the apparent error in the use of the wrong email. It seems to me that it would be relatively easy to unwind that decision, and permit the late filing of the objection. I can of course only make a recommendation, but in this case where there is some unfairness I think the matter should be revisited.
The Ombudsman’s role is to handle complaints about unfairness in ICANN’s actions, so it’s not entirely clear what’s going to happen in this case, given that the ICC is an ICANN subcontractor.
LaHatte’s recommendation is certainly not binding in either case. Whether the ICC changes its mind may depend on whether ICANN asks it to or not.
dotgay is the New York-based applicant founded by Scott Seitz. It’s one of four companies applying for .gay.
The other three applicants — Top Level Domain Holdings, Top Level Design and Demand Media — have each received community objections from the International Lesbian Gay Bisexual Trans and Intersex Association, a dotgay supporter.
Afternic and NameJet have been selected by the applicant for .buzz, dotStrategy, to manage premium domain name allocation in the new gTLD.
Afternic will build the .buzz reserved names list and sell them through its marketplace, while NameJet will exclusively handle sunrise, landrush and premium name auctions, the company said in a press release.
Arkansas-based dotStrategy, which is also in a contention set for .fun, thinks .buzz will be a memorable gTLD for marketing campaigns, among other purposes.
Its .buzz application has already passed Initial Evaluation with ICANN, is uncontested and has no objections or GAC worries. The company reckons it could go to sunrise by October.