Latest news of the domain name industry

Recent Posts

Registrars boycotting “gag order” .sucks contract

Kevin Murphy, January 25, 2016, Domain Registries

Registrars are ignoring new provisions in their .sucks contracts that they say amount to a “gag order”.

In a letter (pdf) to ICANN from its Registrars Stakeholder Group, the registrars ask for ICANN to convene a face-to-face negotiation between themselves and .sucks registry Vox Populi, adding:

Until such time, the Registrars believe that the amendments are not yet in effect and will continue to operate under Vox Populi’s existing RRA.

That means they’re working on the assumption that the controversial changes to the .sucks Registry-Registrar Agreement, sent to ICANN by Vox in December, have not yet been approved.

Vox Pop, on the other hand, has told ICANN that the changes came into effect January 6.

As we reported at the weekend, the registry is taking ICANN to formal mediation, saying ICANN breached the .sucks Registry Agreement by failing to block the changes within the permitted 15-day window.

The registrars’ letter was sent January 20, one day before Vox Pop’s mediation demand. The Vox letter should probably be read in that context.

The registrars have a problem with two aspects of the changed RRA.

First, there’s a clause that allows Vox to change the contract unilaterally in future. Registrars say this makes it a contract of “adhesion”.

Second, there’s a clause forbidding registrars taking “action to frustrate or impair the purpose of this Agreement”. Registrars read this as a “gag order”, writing:

Many Registrars not only serve as retail outlets for the purchase of domain names, but also provide consultative services to their clients on TLD extensions and their domain name portfolios. In conjunction with the provision of those services, registrars often opine on new gTLD and ccTLD extensions, the TLDs policies, pricing methodologies, security provisions and overall utility. These provisions could easily be read to inhibit such activities and restrict a registrar’s ability to offer those valuable services.

That’s referring primarily to corporate registrars working in the brand protection space, which are kinda obliged to offer .sucks for their clients’ defensive purposes, but still want to be able to criticize its policies and pricing in public.

ICANN has yet to respond to the request for a sit-down meeting between the registry and registrars.

However, given that Vox has invoked its right to mediation, it seems likely that that process will be the focus for now.

Mediation lasts a maximum of 90 days, which means the problem could be sorted out before April 20.

Comment Tagged: , , , , ,

.sucks sends in the lawyers in “gag order” fight

Kevin Murphy, January 23, 2016, Domain Registries

Vox Populi is taking ICANN to mediation over a row about what some of its registrars call a “gag order” against them.

Its lawyers have sent ICANN a letter demanding mediation and claiming ICANN has breached the .sucks Registry Agreement.

I believe it’s the first time a new gTLD registry has done such a thing.

The clash concerns changes that Vox Populi proposed for its Registry-Registrar Agreement late last year.

Some registrars believe that the changes unfairly give the registry the unilateral right to amend the RRA in future, and that they prevent registrars opposed to .sucks in principle from criticizing the gTLD in public.

I understand that a draft letter that characterizes the latter change as a “gag order” has picked up quite a bit of support among registrars.

ICANN has referred the amended draft of the .sucks RRA to its Registrars Stakeholder Group for comment.

But Vox Pop now claims that it’s too late, that the new RRA has already come into force, and that this is merely the latest example of “a pattern on ICANN’s part to attempt to frustrate the purpose and intent of its contract with Vox Populi, and to prevent Vox Populi from operating reasonably”.

The registry claims that the changes are just intended to provide “clarity”.

Some legal commentators have said there’s nothing unusual or controversial about the “gag” clauses.

But the conflict between Vox and ICANN all basically boils down to a matter of timing.

Under the standard Registry Agreement for new gTLDs, registries such as Vox Pop are allowed to submit proposed RRA changes to ICANN whenever they like.

ICANN then has 15 calendar days to determine whether those changes are “immaterial, potentially material or material in nature.”

Changes are deemed to be “immaterial” by default, if ICANN does not rule otherwise within those 15 days.

If they’re deemed “material” or “potentially material”, a process called the RRA Amendment Procedure (pdf) kicks in.

That process gives the registrars an extra 21 days to review and potentially object to the changes, while ICANN conducts its own internal review.

In this case, there seems to be little doubt that ICANN missed the 15-day deadline imposed by the RA, but probably did so because of some clever timing by Vox.

Vox Pop submitted its changes on Friday, December 18. That meant 15 calendar days expired Monday, January 3.

However, ICANN was essentially closed for business for the Christmas and New Year holidays between December 24 and January 3, meaning there were only three business days — December 21 to 23 — in which its lawyers and staff could scrutinize Vox’s request.

Vox Pop’s timing could just be coincidental.

But if it had wanted to reduce the contractual 15 calendar days to as few business days as possible, then December 18 would be the absolute best day of the year to submit its changes.

As it transpired, January 3 came and went with no response from ICANN, so as far as Vox is concerned the new RRA with its controversial changes came into effect January 6.

However, on January 8, ICANN submitted the red-lined RRA to the RrSG, invoking the RRA Amendment Procedure and telling registrars they have until January 29 to provide feedback.

Vox Pop’s lawyer, demanding mediation, says the company was told January 9, six days after ICANN’s 15-day window was up, that its changes were “deemed material”.

Mediation is basically the least-suey dispute resolution process a registry can invoke under the RA.

The two parties now have a maximum of 90 days — until April 20 — to work out their differences more or less amicably via a mediator. If they fail to do so, they proceed to a slightly more-suey binding arbitration process.

In my opinion, ICANN finds itself in this position due to a combination of a) Vox Pop trying to sneak what it suspected could be controversial changes past its staff over Christmas, and b) ICANN staff, in the holiday spirit or off work entirely, dropping the ball by failing to react quickly enough.

While I believe this is the first time a 2012-round gTLD registry has gone to dispute resolution with ICANN, Vox did threaten to sue last year when ICANN referred its controversially “predatory” launch plans to US and Canadian trade regulators.

That ultimately came to nothing. The US Federal Trade Commission waffled and its Canadian counterpart just basically shrugged.

4 Comments Tagged: , , , , , , ,

Chehade to join World Economic Forum

Kevin Murphy, January 22, 2016, Domain Policy

Outgoing ICANN CEO Fadi Chehade is to join the World Economic Forum as a senior advisor, WEF announced today.

The person he will advise is Klaus Schwab, WEF’s founder and executive chairman, according to a press release.

WEF is the Switzerland-based non-profit think tank famous for its annual summits in Davos, where world leaders and super-rich businesspeople congregate in order to shed their skin-suits and plot world domination whilst in their true reptilian form.

Chehade, it seems, will be primarily involved in the “Global Challenge Initiative on the Future of the Internet”, a WEF project (pdf) focusing on internet governance, access, cybercrime and so on.

This year’s Davos meeting has been taking place this week. Much of the attention has been focused on pressing humanitarian and economic issues such as the Syrian refugee crisis and European Union immigration policy.

Chehade announced he was leaving ICANN in May last year.

He’s suspected of suffering from ICANN burnout after just a few short, albeit transformational, years on the job.

He said in August he’s taking on a role with Boston-based private equity firm ABRY Partners.

Last month, he became a joint founder of the “Wuzhen Initiative”, a China-led internet governance talking shop along the same lines as the NetMundial Initiative.

His successor has yet to be named, but given Chehade is leaving in March the announcement cannot be too many weeks away.

He starts at WEF April 1.

2 Comments Tagged: ,

Pirates lose privacy rights under new ICANN rules

Kevin Murphy, January 22, 2016, Domain Registrars

People operating piracy web sites would have a harder time keeping their personal information private under new ICANN rules.

ICANN’s GNSO Council last night approved a set of recommendations that lay down the rules of engagement for when trademark and copyright owners try to unmask Whois privacy users.

Among other things, the new rules would make it clear that privacy services are not permitted to reject requests to reveal a domain’s true owner just because the IP-based request relates to the content of a web site rather than just its domain name.

The recommendations also contain safeguards that would allow registrants to retain their privacy if, for example, their safety would be at risk if their identities were revealed.

The 93-page document (pdf) approved unanimously by the Council carries a “Illustrative Disclosure Framework” appendix that lays out the procedures in some depth.

The framework only covers requests from IP owners to proxy/privacy services. The GNSO was unable to come up with a similar framework for dealing with, for example, requests from law enforcement agencies.

It states flatly:

Disclosure [of the registrant’s true Whois details] cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the Request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

This fairly explicitly prevents privacy services (which in most cases are registrars) using the “we don’t regulate content” argument to shoot down disclosure requests from IP owners.

Some registrars were not happy about this paragraph in early drafts, yet it remains.

Count that as a win for the IP lobby.

However, the new recommendations spend a lot more time giving IP owners a quite strict set of guidelines for how to file such requests in the first place.

If they persistently spam the registrar with automated disclosure requests, the registrar is free to ignore them. They can even share details of spammy IP owners with other registrars.

The registrar is also free to ignore requests that, for example, don’t give the exact or representative URL of an alleged copyright infringement, or if the requester has not first attempted to contact the registrant via an email relay service, should one be in place.

The registrant also gets a 15-day warning that somebody has requested their private details, during which, if they value their privacy more than their web site, they’re able to relinquish their domain and remain anonymous.

If the registrant instead uses that time to provide a good reason why they’re not infringing the requester’s rights, and the privacy service agrees, the request can also be denied.

The guidelines would make it easier for privacy service operators to understand what their obligations are. By formalizing the request format, it should make it easier to separate legit requests from the spurious requests.

They’re even allowed to charge IP owners a nominal fee to streamline the processing of their requests.

While these recommendations have been approved by the GNSO Council, they need to be approved by the ICANN board before becoming the law of the ‘net.

They also need to pass through an implementation process (conducted by ICANN staff and GNSO members) that turns the recommendations into written procedures and contracts which, due to their complexity, I have a hunch will take some time.

The idea is that the rules will form part of an accreditation program for privacy/proxy services, administered by ICANN.

Registrars would only be able to use P/P services that agree to follow these rules and that have been accredited by ICANN.

It seems to me that the new rules may be quite effective at cracking down on rogue, “bulletproof” registrars that automatically dismiss piracy-based disclosure requests by saying they’re not qualified to adjudicate copyright disputes.

7 Comments Tagged: , , , , , , ,

ICANN confirms domain privacy is for all

Kevin Murphy, January 22, 2016, Domain Policy

Commercial entities will not be excluded from buying domain privacy services, ICANN’s GNSO Council has confirmed.

The Council last night voted unanimously to approve a set of recommendations that would make it compulsory for privacy and proxy services to be accredited by ICANN for the first time.

The recommendations govern among other things how privacy services are expected to behave when they receive notices of trademark or copyright infringement.

But missing is a proposal that would have prevented the use of privacy for “transactional” web sites, something which caused a great deal of controversy last year.

The newly adopted recommendations clearly state that nobody is to be excluded from privacy on these grounds.

The Council voted to adopt the final, 93-page report of the Privacy and Proxy Services Accreditation Issues (pdf) working group, which states:

Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals. Further, P/P registrations should not be limited to private individuals who use their domains for non-commercial purposes.

The minority view that web sites that process financial transactions should not be able to use privacy came from intellectual property, anti-abuse and law enforcement community members.

However, opponents said it would infringe the privacy rights of home business owners, bloggers, political activists and others.

It could even lead to vicious “doxing”-related crimes, such as “swatting”, where idiots call in fake violent crime reports against rivals’ home addresses, some said.

It also turned out, as we revealed last November, that 55% of US presidential candidates operate transactional web sites that use privacy on their domains.

Two separate registrar initiatives, one backed by the Electronic Frontier Foundation, started letter-writing campaigns that resulted in over 20,000 comments being received on the the PPSAI’s initial report last July.

Those comments are acknowledged in the PPSAI final report that the GNSO Council just approved.

The adopted recommendations (which I’ll get into in a separate article) still have to be approved by the ICANN board of directors and have to undergo an implementation process that puts the rather broad policies into concrete processes and procedures.

6 Comments Tagged: , , , , ,