ICANN has been hacked again and your user names and passwords may have been compromised.
The organization said tonight that it thinks “usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website were obtained by an unauthorized person.”
The stolen information includes “user preferences for the website, public bios, interests, newsletter subscriptions, etc”, ICANN said.
No critical systems seem to have been affected, ICANN said.
ICANN said that an “external service provider” was responsible for the hashed passwords that were nabbed.
It recommends an abundance of caution: changing passwords, or simply (and unrealistically) not using the same password across multiple sites.
ICANN gets hacked constantly. It’s barely even news any more. Many of the stories can be found with this search.
Dot-brand gTLD applicants that were playing wait-and-see with ICANN’s contracting process signed Registry Agreements in droves last week.
At least 67 new RAs were signed in the last three days of July, on or around the ICANN’s July 29 deadline, ICANN’s web site shows.
This means that there are still about 50 applicants that have not pulled the trigger and may have to apply for an 60-day last-chance extension.
A week before the deadline, roughly 170 brands had still not signed contracts.
The July 29 deadline was put in place for dot-brands last year due to delays creating Specification 13 of the RA, which gives brands special opt-out clauses dealing with things like sunrise periods.
Those that have still not obtained RAs are expected to be flagged as “Will Not Proceed” and will have to apply to ICANN for the extension under its Application Eligibility Reinstatement process.
The African Union Commission has criticized ICANN’s “dysfunctional accountability process” that has kept the proposed .africa gTLD in limbo for the last few years.
In a communique yesterday (pdf), the AUC also reiterated that .africa applicant ZA Central Registry has the support of both the AUC and its member states, and that governments used almost every avenue available to them to object to the rival DotConnectAfrica bid.
The letter reads:
The Africa region, African Internet stakeholders, the ZACR and AUC are the unfortunate victims of a dysfunctional accountability process and an independent review panel that did not delve more deeply to understand the new gTLD process, the role of governments in that process, and how the ICANN multistakeholder model functions in general.
A few weeks ago, an Independent Review Process panel controversially ruled that ICANN had treated DCA’s application unfairly, in violation of its bylaws, when it accepted Governmental Advisory Committee advice to reject it.
The panel said that ICANN should have at least asked the GAC for the rationale behind its advice, something that the new gTLD program’s rules did not require it to do.
One of the issues at the heart of the subsequent debate is whether ICANN inappropriately helped out ZACR’s bid by drafting an AUC letter of support and then tried to cover its actions up by inappropriately redacting information from the IRP ruling before publication.
On Friday, ICANN published a new version of the ruling that had these references restored, while retaining redactions related to the actions of Kenyan government officials.
We know what the still-redacted text says because Kieren McCarthy, writing for The Register, obtained a clean copy and published it a couple of weeks ago.
ICANN also promised to publish its reasoning if it makes redactions to any documents in future.
In a blog post on Friday, general counsel John Jeffrey said that ICANN helping the AUC draft its letter of support was not a unique case, nor was it inappropriate:
ICANN staff has helped many applicants and their supporters understand how to properly document support. Not only did we make a template support letter publicly available to all as part of the New gTLD Program Applicant Guidebook (see Appendix to Module 2), we have answered questions, received through our customer service channel, as to how interested parties can document support for a given gTLD application. In the case of ZA Central Registry, ICANN appropriately assisted the applicant in documenting support from the AUC.
Our actions surrounding the .AFRICA applications were not unique, since we assist any applicant who requests assistance, or who needs clarification in learning how best to document support or other matters. We have provided assistance to all applicants regarding their applications to the maximum extent possible.
On the claims that ICANN tried to “cover up” this assistance by redacting the IRP’s ruling and previous IRP filings, Jeffrey said that the information was covered by a confidentiality agreement agreed to by itself and DCA and endorsed by the IRP panel.
He said that ICANN was “motivated by our obligation to the community to post the document quickly and the competing, yet mandatory obligation, to respect confidential information while being as transparent as possible.”
He said ICANN attempted to reach out to those affected by the “confidential” parts of the ruling to seek permission to remove the redactions.
But McCarthy also seems to have seen emails exchanged between DCA and ICANN, and he says that ICANN redacted it over DCA’s objections.
McCarthy further says that ICANN only became interested in removing the redactions after he had already published the clean version of the ruling at The Reg — five days after the initial publication by ICANN.
Jeffrey’s post, which refers to “erroneous reporting” in an apparent allusion to McCarthy’s articles, nevertheless fails to address this claim, lending credibility to the cover-up allegations.
The .africa gTLD has been contracted to ZACR, but DCA’s rejected application has been returned to evaluation per the IRP’s ruling, where it is broadly expected to fail for want of governmental support.
Disclosure #1: I recently filed a Documentary Information Disclosure Policy request seeking the release of all the unredacted exhibits in DCA v ICANN. Given ICANN’s wont to usually respond to such requests only at the end of the full 30 days permitted by the policy, I should not expect to see an answer one way or the other until the last week of August.
Disclosure #2: As regular readers may already be aware, due to my long-held and never-disguised view that DCA was mad to apply for .africa without government support, I was once accused of being a part of a “racial conspiracy” against DCA on a blog I believe to be controlled by DCA. Naturally, after I stopped laughing, this libelous allegation pissed me off no end and enhanced my belief that DCA is nuts. Around the same time DCA also, under its own name, filed an “official complaint” (pdf) with ICANN, omitting the race card, alleging that I was part of a conspiracy against it.
ICANN has beaten off a lawsuit from alternate root provider name.space for a second time, with a US appeals court ruling that the new gTLD program was not an illegal conspiracy.
name.space sued ICANN in 2012, claiming that the program broke competition laws and that “conflicted” ICANN directors conspired with the industry in an “attack” on its business model.
The company runs an alternate DNS root containing hundreds of TLDs that hardly anyone knows about, cares about, or has access to.
Almost 200 of the strings in its system had matching applications in the 2012 new gTLD round; many have since been delegated.
The company’s complaint asked for an injunction against all 189 matching TLDs.
But a court ruled against it in 2013, saying that name.space had failed to make a case for breaches of antitrust law.
Last week, an appeals court upheld that ruling, saying that the company had basically failed to cross the legal threshold from simply making wild allegations to showing evidence of an illegal conspiracy.
“We cannot… infer an anticompetitive agreement when factual allegations ‘just as easily suggest rational, legal business behavior.’,” the court ruled, citing precedent.
“Here, ICANN’s decision-making was fully consistent with its agreement with the DOC [US Department of Commerce] to operate the DNS and the Root,” it wrote. “In transferring control to ICANN, the DOC specifically required it to coordinate the introduction of new TLDs onto the Root. This is exactly what ICANN did in the 2012 Application Round”.
“The 2012 rules and procedures were facially neutral, and there are no allegations that the selection process was rigged,” the panel ruled.
The court further ruled that ICANN is not a competitor in the markets for domain names as registry, registrar or defensive registration services, therefore it could not be subject to antitrust claims for those markets.
A few other claims against ICANN were also dismissed.
In short, it’s a pretty decisive victory for ICANN. General counsel John Jeffrey said in a statement that ICANN is “pleased” to have won.
All the major documents in the case, including the latest opinion, can be downloaded here.
While the lawsuit has been making its way through the courts, the .space gTLD has actually been delegated and the domain name.space is owned by its new registry, Radix.
There’s some salt in the wounds.
Just one out of every 10 governments in the ICANN Governmental Advisory Committee is happy for people to register its country name in new gTLDs.
That’s according to a new GAC database detailing which countries want to keep tabs on how their names are being used.
Out of 80 GAC members contributing to the database, just eight have said registries can sell their country names with no restrictions.
The eight countries and territories are the UK, the USA, Denmark, Finland, Netherlands, Sweden, Guernsey and Pitcairn.
New gTLD registries will therefore be able to auction off, for example, finland.guru or pitcairn.news, to whoever wants them.
Another 10 governments — Belgium, Brazil, Bulgaria, Czech Republic, Georgia, Montenegro, New Zealand, Romania, Spain and Switzerland — have relinquished oversight in the case of dot-brand registries that have signed Specification 13 of the ICANN Registry Agreement.
So if Sony wants to register brazil.sony to itself, it can without restrictions.
Under the new gTLD Registry Agreement, all country and territory names in the six official UN languages have to be reserved by all registries unless they can reach agreement with the applicable government.
The 18 governments mentioned above have basically waived this right to be notified in whole or in part.
The remaining 62 governments say they still wish to be notified when a registry wants to release its name.
GAC chair Thomas Schneider told ICANN (pdf) that countries not yet listed in the database should be treated as if they’re still restricted, so the actual number is closer to 200.
In short, this database is not a lot of help to dot-brands and other registries that want to start using or selling country names.
Critics have pointed out that many governments wanting to regulate their names in new gTLDs have not done so in their own ccTLDs.
Of the 62, ownership of country names is mixed. Italy owns italy.it and italia.it, for example, while germany.de and deutschland.de appear to be in private hands.