Latest news of the domain name industry

Recent Posts

Aussie registrar guilty of $6 million slamming campaign

Kevin Murphy, January 4, 2018, Domain Registrars

Domain seller Domain Register Pty Ltd has reportedly been found guilty of scamming thousands of Australians out of a total of $6 million with bogus domain renewal notices.

The Herald Sun reports today that a Federal court ruled that the company’s sales tactics were “misleading or deceptive, or likely to mislead or deceive in breach of state and federal laws”.

The company, at one time a TPP Wholesale reseller but apparently never ICANN-accredited itself, was notorious for being a leading Aussie practitioner of the old “domain slamming” scam popularized by the Brandon Gray gang through fronts such as Domain Registry of America.

It sent paper invoices that appeared to the casual reader to be renewal notices for .com.au names, but were in fact solicitations to buy matching .com names for an outrageous $249 ($195) per year.

So convincing were the notices that the hit rate was one out of every 14 organizations targeted, the Herald Sun reported. Over 21,000 suckers in total.

According to the newspaper, the court was told that Domain Register made AUD 7.7 million ($6 million) from 31,000 registrations and renewals from January 1, 2011, to May 30, 2014.

The lawsuit was filed by Australian state government watchdog Consumer Affairs Victoria a year ago, but the domain industry was warning punters about the scam as far back as 2011.

Domain Register’s punishment has yet to be determined, but the agency had been seeking refunds for victims along with punitive penalties.

Comment Tagged: , ,

How ICANN could spend its $240 million war chest

Kevin Murphy, January 2, 2018, Domain Policy

Schools, pHD students and standards groups could be among the beneficiaries of ICANN’s nearly quarter-billion-dollar new gTLD auction war chest.

But new gTLD registries hoping for to dip into the fund for marketing support are probably shit out of luck.

Those are among the preliminary conclusions of a volunteer working group that has been looking at how ICANN should spend its new gTLD program windfall.

Over 17 new gTLD auctions carried out by ICANN under its “last resort” contention resolution system, the total amount raised to date is $240,590,128.

This number could increase substantially, should still-contested strings such as .music and .gay go to last-resort auction rather than being settled privately.

Prices ranged from $1 for .webs to $135 million for .web.

ICANN has always said that the money would be held separate to its regular funding and eventually given to special projects and worthy causes.

Now, the Cross-Community Working Group on New gTLD Auction Proceeds has published its current, close-to-final preliminary thinking about which such causes should be eligible for the money, and which should not.

In a letter to ICANN (pdf), the CCWG lists 18 (currently hypothetical, yet oddly specific) example proposals for the use of auction funds, 17 of which it considers “consistent” with ICANN’s mission.

A 19th example, which would see money used to promote TLD diversity and “smells too much like marketing” according to some CCWG members, is still open for debate.

While the list of projects that could be approved for funding under the proposed regime is too long to republish here, it would for example include giving scholarships to pHD students researching internet infrastructure, funding internet security education in developing-world primary schools and internet-related disaster-recovery efforts in risk-prone regions.

The only area the CCWG appears to be reluctant to endorse funding is the case of commercial enterprises run by women and under-represented communities.

The full list can be downloaded here (pdf).

The CCWG hopes to publish its initial report for public comment not too long after ICANN 61 in March. Comment would then need to be incorporated into a final report and then ICANN would have to approve its recommendations and implement a process for actually distributing the funds.

Don’t expect any money to change hands in 2018, in other words.

2 Comments Tagged: , , , , ,

.music and .gay possible in 2018 after probe finds no impropriety

Kevin Murphy, January 2, 2018, Domain Policy

Five more new gTLDs could see the light of day in 2018 after a probe into ICANN’s handling of “community” applications found no wrongdoing.

The long-running investigation, carried out by FTI Consulting on ICANN’s behalf, found no evidence to support suspicions that ICANN staff had been secretly and inappropriately pulling the strings of Community Priority Evaluations.

CPEs, carried out by the Economist Intelligence Unit, were a way for new gTLD applicants purporting to represent genuine communities to avoid expensive auctions with rival applicants.

Some applicants that failed to meet the stringent “community” criteria imposed by the CPE process appealed their adverse decisions and an Independent Review Process complaint filed by Dot Registry led to ICANN getting crucified for a lack of transparency.

While the IRP panel found some hints that ICANN staff had been nudging EIU’s arm when it came to drafting the CPE decisions, the FTI investigation has found:

there is no evidence that ICANN organization had any undue influence on the CPE Provider with respect to the CPE reports issued by the CPE Provider or engaged in any impropriety in the CPE process.

FTI had access to emails between EIU and ICANN, as well as ICANN internal emails, but it did not have access to EIU internal emails, which EIU declined to provide. It did have access to EIU’s internal documents used to draft the reports, however.

Its report states:

Based on FTI’s review of email communications provided by ICANN organization, FTI found no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process. FTI found that the vast majority of the emails were administrative in nature and did not concern the substance or the content of the CPE results. Of the small number of emails that did discuss substance, none suggested that ICANN acted improperly in the process.

FTI also looked at whether EIU had applied the CPE rules consistently between applications, and found that it did.

It also dug up all the sources of information EIU used (largely Google searches, Wikipedia, and the web pages of relevant community groups) but did not directly cite in its reports.

In short, the FTI reports very probably give ICANN’s board of directors cover to reopen the remaining affected contention sets — .music, .gay, .hotel, .cpa, and .merck — thereby removing a significant barrier to the gTLDs getting auctioned.

If there were to be no further challenges (which, admittedly, seems unlikely), we could see some or all of these strings being sold off and delegated this year.

The probe also covered the CPEs for .llc, .inc and .llp, but these contention sets were resolved with private auctions last September after applicant Dot Registry apparently decided it couldn’t be bothered pursuing the ICANN process any more.

The FTI’s reports can be downloaded from ICANN.

Comment Tagged: , , , , , , , , , , , , ,

How Whois could survive new EU privacy law

Kevin Murphy, December 29, 2017, Domain Policy

Reports of the death of Whois may have been greatly exaggerated.

Lawyers for ICANN reckon the current public system “could continue to exist in some form” after new European Union privacy laws kick in next May, according to advice published (hurriedly, judging by the typos towards the end) shortly before Christmas.

Hamilton, the Swedish law firm hired by ICANN to probe the impact of the General Data Protection Regulation, seems to be mellowing on its recommendation that Whois access be permanently “layered” according to who wants to access registration records.

Now, it’s saying that layered Whois access could merely be a “temporary solution” to protect the industry from fines and litigation until ICANN negotiates a permanent peace treaty with EU privacy regulators that would have less impact on current Whois users.

This opinion came in the third of three memorandums from Hamilton, published by ICANN last week. You can read it here (pdf).

With the first two memos strongly hinting that layered access would be the most appropriate way forward, the third points out the huge, possibly insurmountable burden this would place on registrars, registries, law enforcement agencies, the courts, IP lawyers, and others.

It instead suggests that layered access be temporary, with ICANN taking the lead in arranging a longer-term understanding with the EU.

The latest Hamilton memo seems to have taken on board comments from registries and registrars, intellectual property lawyers and domain investors, none of which are particularly enthusiastic about GDPR and the lack of clarity surrounding its impacts.

GDPR is an EU-wide law that gives much stronger protection to the personal data of private citizens.

Companies that process such data are kept on a much tighter leash and could face millions of euros of fines if they use the data for purposes their customers have not consented to or without a good enough reason.

It’s not a specifically intended to regulate Whois — indeed, its conflict with longstanding practice and ICANN rules seems to have been an afterthought — but Whois is the place the domain industry is most likely to find itself breaking the law.

It seems to be generally agreed that the current system of open, public access to all fields in all Whois records in all gTLDs would not be compliant with GDPR without some significant changes.

It also seems to be generally agreed that the data can be hugely useful for purposes such as police investigations, trademark enforcement and the domain secondary market.

The idea that layered access — where different sets of folks get access to different sets of data based on their legitimate needs — might be a solution has therefore gained some support.

Hamilton notes:

Given the limited time remaining until the GDPR enters into effect, we believe that the best chance of continuing to provide the Whois services and still be compliant with the GDPR will be to implement an interim solution based on an layered access model that would ensure continued processing of Whois data for some limited purposes.

The problem with this solution, as Hamilton now notes, is that it could be hugely impractical.

such a model would require the registrars to perform an assessment of interests in accordance with Article 6.1(f) GDPR on an individual case-by-case basis each time a request for access is made. This would put a significant organizational and administrative pressure on the registrars and also require them to obtain and maintain the competence required to make such assessments in order to deliver the requested data in a reasonably timely manner. In our opinion, public access to (limited) Whois data would therefore be of preference and necessary to fulfill the above purposes in a practical and efficient way.

And, Hamilton says, a scenario in which all cops had access to all Whois data would not necessarily be GDPR-compliant. Police may have to right to access the data, but they’d have to request it on a case-by-case basis.

Registrars — or even the courts — would have to make the decision as to whether each request was legit.

It would get even more complex for registrars when the Whois requester was an IP lawyer, as they’d have to check whether it was appropriate to disclose the personal data to both the lawyer and her client, the memo says.

For registrars, the largely nominal cost of providing a Whois service today would suddenly rocket as each Whois lookup would require human intervention.

Having introduced the concept of layered access and then shot it to pieces, Hamilton finally recommends that ICANN start talks with data protection authorities in the EU in order to find a solution where Whois services can continue to be provided in a form available to the general public in the future”.

ICANN should start an “informal dialogue” with the Article 29 Working Party, the EU privacy watchdog made up of data protection authorities from each member state, and initiate formal consultations with one or more of these DPAs individually, the memo recommends.

The WP29 could prove a tough chat, given that the group has a long history of calling for layered access, and its views, even if changed, would not be binding anyway.

So Hamilton says ICANN, in conjunction with its registries and registrars, should carry out a formal data protection impact assessment (DPIA) and submit it to a relevant DPA in a EU country where it has a corporate presence, such as Belgium.

That way, at least ICANN has a chance of retaining Whois in a vaguely recognizable form while protecting the industry from crippling extra costs.

In short, the industry is still going to have to make some changes to Whois in the first half of 2018, some of which may make Whois access troublesome for many current users, but those changes may not last forever.

ICANN CEO Goran Marby said in a blog post:

We’ve made it a high priority to find a path forward to ensure compliance with the GDPR while maintaining WHOIS to the greatest extent possible. Now, it is time to identify potential models that address both GDPR and ICANN compliance obligations.

We’ll need to move quickly, while taking measured steps to develop proposed compliance models. Based on the analysis from Hamilton, it appears likely that we will need to incorporate the advice about using a layered access model as a way forward.

He wants the industry to submit compliance models by January 10 for publication January 15, with ICANN hoping to “settle on a compliance model by the end of January”.

3 Comments Tagged: , , , , ,

Berkens sues Twitter over hacked account

Kevin Murphy, December 28, 2017, Gossip

Blogger and high-profile domain investor Mike Berkens of TheDomains.com has sued Twitter for allowing his account to be hacked and failing to rectify the problem.

As industry Twitter users will no doubt already be aware, Berkens’ account @thedomains came under the control of an unknown hacker on Friday last week.

The avatar was changed from the The Domains logo to the face of an East Asian man and tweets from the account began to sound out of character.

Despite the attack being reported to Twitter by Berkens and others (including yours truly), the account does not yet appear to have been returned to its proper owner.

In a complaint filed yesterday in Northern California, Berkens claims Twitter “still has done nothing to substantially acknowledge, investigate or respond to Plaintiffs’ complaint, and restore Plaintiffs’ access to the Account.”

The suit, which also names (as Does) the unknown hackers, has nine counts ranging from computer fraud to trademark infringement to negligence and breach of contract.

Berkens wants his account back, as well as damages. He’s currently tweeting from @thedomainscom as a temporary workaround.

The complaint, kindly donated by George Kirikos, can be read here (pdf).

15 Comments Tagged: , ,