Are Whois email checks doing more harm than good?

“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.

These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.

Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.

The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.

There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.

Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.

Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.

“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.

Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.

At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.

“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”

Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.

Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.

The exact Chehade line, from the Durban public forum transcript, was:

law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.

Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”

Speaking at greater length, director Mike Silber said:

What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.

So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?

It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.

I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.

But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.

They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.

Law enforcement may be about to find itself on the back foot in this long-running debate.

12 Comments Tagged: , , , , , , ,

Applicant claims “rogue” GAC rep killed its gTLD

Kevin Murphy, April 2, 2014, Domain Policy

The unsuccessful applicant for the .thai top-level domain has become the third new gTLD hopeful to file an Independent Review Process complaint against ICANN.

Better Living Management had its bid for the restricted, Thailand-themed TLD rejected by ICANN in November due to a consensus objection from the Governmental Advisory Committee.

Now the company claims that the Thailand GAC representative who led the charge against its bid has never been formally authorized to speak for the Thai government at ICANN.

BLM says it has sued Wanawit Ahkuputra, one of three Thailand GAC reps listed on the GAC’s web site, in Thailand and wants ICANN to unreject its application pending the case’s outcome.

In the IRP request, BLM claims that Ahkuputra was appointed to the GAC by previous rep Thaweesak Koanantakool without the authorization of the Thai government.

It further claims that while Koanantakool was “invited” by the Thai government to be Thailand’s GAC rep, he was never formally “appointed” to the role. He was “erroneously recruited by the GAC”, BLM alleges.

Following that logic, Ahkuputra could not claim to be a legitimate GAC rep either, BLM claims.

From the IRP alone it looks like a bit of a tenuous, semantics-based argument. Is there any real difference between “invited” and “appointed” in the platitude-ridden world of diplomacy?

Nevertheless, BLM claims that by pushing the rest of the GAC to object to the .thai bid at the ICANN Beijing meeting a year ago, Ahkuputra acted against the wishes of the Thai government.

BLM says it has letters of support from five Thai government ministries — including the one Koanantakool works for — all signed during the new gTLD application and evaluation periods in 2012 and 2013.

Those letters were apparently attached to its IRP complaint but have not yet been published by ICANN.

BLM says it has sued Koanantakool and Ahkuputra, asking a Thai court to force them to drop their objections to the .thai bid.

This is not the first time that an unsuccessful new gTLD applicant has alleged that a GAC member was not properly appointed. DotConnectAfrica has level similar accusations against Kenya.

DCA claims (pdf) that Alice Munyua spoke against its .africa application in the GAC on behalf of Kenya but against the wishes of Kenya, which DCA says did not oppose the bid.

However, ICANN and GAC chair Heather Dryden rubbished these claims in ICANN’s reply (pdf) to DCA’s complaint, citing evidence that Kenya did in fact oppose the application.

Comment Tagged: , , , ,

Top-level domains top 500

The number of live top-level domains on the internet has surpassed 500 for the first time.

The delegation yesterday of 12 new gTLDs — .archi, .consulting, .cooking, .country, .fishing, .haus, .商城, .horse, .miami, .rodeo, .vegas and .vodka — tipped the total TLD count to 507.

For the numbers geeks, here are some stats from the DI PRO database:

  • 285 ccTLDs
  • 222 gTLDs
  • 60 IDN TLDs
  • 24 IDN gTLDs
  • 199 gTLDs delegated in the 2012 round
  • 15 gTLDs delegated in previous rounds
  • 8 legacy gTLDs
  • 129 new gTLDs have started Sunrise periods
  • 65 new gTLDs have started Trademark Claims periods
  • 367 new gTLDs have ICANN contracts
  • 1 new gTLD application is still in Initial Evaluation
  • 6 new gTLD applications are still in Extended Evaluation
  • 9.7 new gTLDs have been delegated per week, on average, since January 1, 2014
  • 36 new gTLDs were delegated in March

Based on the rate that Verisign has been adding new gTLDs to the root recently, we should expect that to top 200 in the next few days. The number of new gTLDs could outstrip the number of ccTLDs next month.

1 Comment Tagged: , ,

Verisign probes name collisions link to MH370

Kevin Murphy, April 1, 2014, Gossip

Verisign is investigating whether Malaysian Airlines flight MH370 went missing due to a DNS name collision.

The Boeing 777 disappeared on a routine flight from Kuala Lumpur to Beijing, March 8. Despite extensive international searches of the Indian Ocean and beyond, no trace of the plane has yet been found.

Now Verisign is pondering aloud whether a new gTLD might be to blame.

The theory emerged during Verisign’s conference in London two weeks ago, at which the company offered a $50,000 prize to the researcher with the best suggestion about how to keep the collisions debate alive.

Chief propaganda officer Burt Kaslinksiki told DI that the decision to launch the investigation today was prompted by a continuing lack of serious interest in name collisions outside of Verisign HQ.

“We cannot discount the possibility that the plane went missing due to a new gTLD,” he said. “Probably something to do with .aero or .travel or something. That sounds plausible, right?”

“The .aero gTLD was delegated in 2001,” he said after a few minutes thought. “Is it any coincidence that just 13 years later MH370 should go missing? We intend to investigate a possible link.”

“Think about it,” Koslikiniski said. “When was the last time you saw a .aero domain? The entire gTLD has vanished without a trace.”

He pointed to a slide from a prize-winning Powerpoint presentation made at the London conference as evidence:

null

“We’re not saying new gTLDs cause planes to smash into the ocean and disappear without a trace, we’re just saying that it’s not not un-impossible that such a thing might conceivably, feasibly happen,” he said.

He added that it was also possible that name collisions were to blame that time Justin Bieber got photographed pissing in a bucket.

Verisign is proposing that ICANN add “modest” new registration restrictions to all new gTLDs as a precaution until the company’s investigation is concluded, which is expected to take four to six years.

Specifically, new gTLD registries would be banned from accepting any registrations for:

  • Any domain name comprising a dictionary word, or a combination of dictionary words, in any UN language.
  • Any domain name shorter than 60 characters.
  • Any domain name containing fewer than six hyphens.
  • Any domain name in which the second level is written in the same script as the TLD.
  • Anything not written in Windings.

Kalenskiskiski denied that these restrictions would unreasonably interfere with competing gTLDs’ business prospects.

“Nobody seemed to care when we managed to get 10 million domains blocked based on speculation and fearmongering,” he said. “We’re fairly confident we can get away with this too.”

“If ICANN puts up a fight, we’ll just turn The Chulk loose on ‘em again to remind them who pays their fucking salaries,” he explained.

“In the rare instances where these very reasonable restrictions might prevent somebody from registering the new gTLD name they want, there’s still plenty of room left in .com,” he added.

16 Comments

Donuts buys out rival .place gTLD applicant

Kevin Murphy, March 31, 2014, Domain Registries

Donuts has won the .place new gTLD contention set after paying off rival applicant 1589757 Alberta Ltd.

The deal, for an undisclosed sum, was another “cut and choose” affair, similar to deals made with Tucows last August, in which the Canadian company named its price to withdraw and Donuts chose to pay it rather than taking the money itself.

1589757 Alberta has withdrawn its application for .place already.

The deal means Donuts now has 165 new gTLDs that are either live, contracted or uncontested.

Comment Tagged: , , , , ,