Latest news of the domain name industry

Recent Posts

Will ICANN punt on .amazon again?

Kevin Murphy, September 15, 2017, Domain Policy

Amazon is piling pressure onto ICANN to finally approve its five-year-old gTLD applications for .amazon, but it seems to me the e-commerce giant will have a while to wait yet.

The company sent a letter to ICANN leadership this week calling on it to act quickly on the July ruling of an Independent Review Process panel that found ICANN had breached its own bylaws when it rejected the .amazon and and Chinese and Japanese transliterations.

Amazon’s letter said:

Such action is necessary because there is no sovereign right under international or national law to the name “Amazon,” because there are no well-founded and substantiated public policy reasons to block our Applications, because we are committed to using the TLDs in a respectful manner, and because the Board should respect the IRP accountability mechanism.

ICANN had denied the three applications based on nothing more than the consensus advice of its Governmental Advisory Committee, which had been swayed by the arguments of primarily Brazil and Peru that there were public policy reasons to keep the gTLD available for possible future use by its own peoples.

The string “Amazon”, among its many uses, is of course the name of a river and a rain forest that covers much of the South American continent.

But the IRP panel decided that the ICANN board should have at least required the GAC to explain its public policy arguments, rather than just accepting its advice as a mandate from on-high.

Global Domains Division chief Akram Atallah had testified before the panel that consensus GAC advice sets a bar “too high for the Board to say no.”

But the governmental objections “do not appear to be based on well-founded public policy concerns that justify the denial of the applications” the IRP panelists wrote.

The panel, in a 2-to-1 ruling, instructed ICANN to reopen Amazon’s applications.

Since the July ruling, ICANN’s board has not discussed how to proceed, but it seems likely that the matter will come up at its Montevideo, Uruguay retreat later this month.

No agenda for this meeting has yet been published, but there will be an unprecedented public webcast of the full formal board meeting, September 23.

The Amazon letter specifically asks the ICANN board of directors to not refer the .amazon matter back to the GAC for further advice, but I think that’s probably the most likely outcome.

I say this largely because while ICANN’s bylaws specifically allow it to reject GAC advice, it has cravenly avoided such a confrontation for most of its history.

It has on occasion even willfully misinterpreted GAC advice in order to appear that it has accepted it when it has not.

The GAC, compliantly, regularly provides pieces of advice that its leaders have acknowledged are deliberately vague and open to interpretation (for a reason best known to the politicians themselves).

It seems to me the most likely next step in the .amazon case is for the board to ask the GAC to reaffirm or reconsider its objection, giving the committee the chance to save face — and avoid a lengthy mediation process — by providing the board with something less than a consensus objection.

If ICANN were to do this, my feeling is that the GAC at large would probably be minded to stick to its guns.

But it only takes one government to voice opposition to advice for it to lose its “consensus” status, making it politically much easier for ICANN to ignore.

Hypothetically, the US government could return to its somewhat protectionist pre-2014 position of blocking consensus on .amazon, but that might risk fanning the flames of anti-US sentiment.

While the US no longer has its unique role in overseeing ICANN’s IANA function, it still acts as the jurisdictional overlord for the legal organization, which some other governments still hate.

A less confrontational approach might be to abstain and to allow friendly third-party governments to roadblock consensus, perhaps by emphasizing the importance of ICANN being seen to accountable in the post-transition world.

Anyway, this is just my gut premonition on how this could play out, based on the track records of ICANN and the GAC.

If ICANN can be relied on for anything, it’s to never make a decision on something today if it can be put off until tomorrow.

Governments slammed for overreach as Amazon wins gTLD appeal

Kevin Murphy, July 19, 2017, Domain Policy

Amazon has won its appeal against the rejection of its .amazon gTLD application, in a ruling that criticizes ICANN for giving too much deference to government advice.

The Independent Review Process panel’s 2-to-1 ruling, delivered July 11 and published this week, means that .amazon and its Chinese and Japanese translations has been un-rejected and ICANN will have to consider approving it again.

The ruling (pdf) turns on the idea that ICANN’s board of directors rejected the gTLD based on nothing more than the groundless objections of a few South American governments.

Amazon’s applications were rejected three years ago when ICANN accepted the consensus advice of its Governmental Advisory Committee.

That advice, which had no attached rationale, had come largely at the behest of Brazil and Peru, two countries through which the Amazon river flows.

At issue was the word “Amazon”, which the governments protested matched the name of an important geographic region extending into several countries.

But the string was not protected by ICANN’s new gTLD program rules because it does not match the name of an administrative region of any country.

Regardless, Brazil and Peru said that to give .amazon to Amazon would prevent it being used in future by citizens of the informal South American region.

GAC consensus was reached only after the US government, for political reasons connected to the then-recent announcement of the IANA transition, decided to withdraw its objection to the advice.

Consensus, under GAC rules means simply that no one government objects to the proposed advice. It does not indicate unanimity.

But at no point in the pubic record of discussions within the GAC or ICANN board did anyone give any substantial public policy reasons for the objection, the IRP panel has now found.

Global Domains Division chief Akram Atallah testified before the panel that consensus GAC advice sets “too high for the Board to say no.”

It seems ICANN sometimes just assumes that GAC advice by default is rooted in sound public policy, even when that is not the case.

Brazil and Peru’s objections “do not appear to be based on well-founded public policy concerns that justify the denial of the applications” the panelists wrote.

The panel wrote:

We conclude that GAC consensus advice, although no reasons or rationale need be given, nonetheless must be based on a well-founded public interest concern and this public interest basis must be ascertained or ascertainable from the entirety of the record…

the Board cannot simply accept GAC consensus advice as conclusive. The GAC has not been granted a veto under ICANN’s governance documents.

So, while the GAC was under no obligation to state its reasons for objecting to .amazon, the ICANN board was obliged to state its reasons for accepting this advice beyond just “the GAC made us do it”.

As somebody who spent much of 2011 arguing that the GAC new gTLD veto was a bad idea, it’s nice to see the panel agree with me.

The GAC itself also erred by refusing to consider Amazon’s arguments in favor of its application, the IRP panel’s majority found.

Peru had publicly claimed that the string “Amazon” was protected under ICANN rules, which was not true, and Amazon did not have the opportunity to correct the record.

Amazon had also pointed out that the Brazilian oil company Ipiranga was granted its application for .ipiranga, despite its name matching the name of a Brazilian river apparently so important that it is referred to in the Brazilian national anthem.

However, the IRP panel decided that because ICANN’s board had not taken any action on .ipiranga, there was no basis for it to consider whether Amazon had been unfairly subject to different treatment.

In conclusion, this is what the panel has sent to the board:

The Panel recommends that the Board of ICANN promptly re-evaluate Amazon’s applications in light of the Panel’s declarations above. In its re-evaluation of the applications, the Board should make an objective and independent judgment regarding whether there are, in fact, well-founded, merits-based public policy reasons for denying Amazon’s applications. Further, if the Board determines that the applications should not proceed, the Board should explain its reasons supporting that decision. The GAC consensus advice, standing alone, cannot supplant the Board’s independent and objective decision with a reasoned analysis.

It seems Amazon’s chances of having .amazon approved have improved. If ICANN wants to reject the applications again it is going to have to come up with some good reasons, some good reasons that possibly do not exist.

The panel also ordered ICANN to reimburse Amazon for the $163,045.51 it spent on the IRP.

Now new gTLDs are being scapegoated for child abuse material (rant)

The guy responsible for getting the string “rape” closely restricted for no reason in .uk domain names is now gunning for ICANN and new gTLDs with a very similar playbook.

Campaigner John Carr, secretary of the little-known Children’s Charities’ Coalition on Internet Safety, wants ICANN to bring in strict controls to prevent convicted pedophiles registering domains in child-oriented domains such as .kids.

He’s written to the UK prime minister, the two other ministers with the relevant brief, the US federal government and the California attorney general to make these demands.

That’s despite the fact that he freely acknowledges that he does not have any evidence of a problem in existing kid-oriented TLDs and that he does not expect there to be a problem with .kids, should it be delegated, in future.

Regardless, ICANN comes in for a bit of a battering in the letter (pdf), with Carr insinuating that it and the domain industry are quite happy to throw child safety under the bus in order to make a quick buck. He writes:

ICANN has definitely not been keeping the internet secure for children. On the contrary ICANN shows complete indifference towards children’s safety. This has led to real dangers that ICANN could have prevented or mitigated.

ICANN, the Registries and the Registrars have an obvious financial interest in increasing the number of domain names being sold. Their interest in maximising or securing their revenues appears sometimes to blind them to a larger obligation to protect the weak and vulnerable e.g. in this instance children.

Despite this worrying premise, Carr admits in an accompanying paper (pdf) that the Russian version of .kids (.дети), which has been live for three years and only has about 1,000 registrations, does not seem to have experienced a deluge of sex offenders.

Nevertheless, he says ICANN should have forced the .дети registry to do criminal background checks on all registrants to make sure they did not have a record of sexual offences.

While at the time of writing we have no information which suggests anything untoward has happened with any Russian .kids websites, and we understand the volume of sales has been low so far, the matter should never have been left open in that way. When ICANN let the contract it could have included clauses which would have made it a contractual obligation to carry out the sort of checks mentioned. The fact that ICANN did not do this illustrates a degree of carelessness about children’s well-being which is tantamount to gross negligence.

Quite how a domain registry would go about running criminal records checks on all of its customers globally, and what the costs and the benefits would be, Carr does not say.

The letter goes on to state incorrectly that Amazon and Google are in contention for .kids.

In fact, Google applied for the singular .kid. While the two strings are in contention due to an adverse String Confusion Objection, there’s also a second applicant for .kids, the DotKids Foundation, which proposes to keep .kids highly restricted and which Carr is either unaware of or deliberately omits from his letter.

Based on his assumption that .kids is a two-horse race between Amazon and Google, he says:

while I am sure both Google and Amazon will choose to do the right thing, whichever one is the eventual winner of the contract, the point is matters of this kind should never have been left as an option

So not only does Carr not have any evidence that extant “.kids” domains are currently being abused years after delegation, he’s also sure that .kids won’t be in future.

But he wants Draconian background checks implemented on all registrants anyway.

His letter coincides with the release of and heavily cites the 2016 annual report (pdf) of the Internet Watch Foundation — the organization that coordinates the takedown of child abuse material in the UK and elsewhere.

That report found that new gTLD domains are being increasingly used to distribute such material, but that Verisign-run TLDs such as .com are still by far the most abused for this purpose.

The number of takedowns against new gTLD domains in 2016 was 272 (226 of which were “dedicated to distributing child sexual abuse content”) the IWF reported, a 258% increase on 2015.

That’s 272 domains too many, but averages out at about a quarter of a domain per new gTLD.

There were 2,416 domains being used to distribute this material in 2016, IWF said. That means new gTLDs accounted for about 11% of the total child abuse domains — higher than the 7.8% market share that new gTLDs command (according to Verisign’s Q4 industry brief).

But the IWF report states that 80% of the total abuse domains are concentrated in just five TLDs — .com, .net, .se, .io, and .cc. Even child abusers are not fans of new gTLDs, it seems.

Despite the fact that two of these domains are operated under ICANN contract, and the fact that .io is operated by a British company representing a British overseas territory, Carr focuses his calls for action instead on new gTLDs exclusively.

And his calls are receiving attention.

A The Times article this week cries “New internet domain is magnet for paedophiles, charities warn”, while tabloid stable sister The Sun reported on “fears predators are exploiting new website addresses to hide indecent material”.

This is how it started with Carr’s campaign to get “rape” domains banned in the UK.

Back in 2013, he wrote a blog post complaining that it was possible to register “rapeher.co.uk” — not that it had been registered, only that it could be registered — and managed to place a couple of stories in the right-leaning press calling for Nominet to do more to prevent the registration of “depraved and disgusting” domains such as the one he thought up.

This led to a government minister calling for an independent policy review, an actual review, and a subsequent policy that sees some poor bastard at Nominet having to pore over every .uk registration containing rapey strings to see if they’re potentially advocating or promoting actual rape.

Implementation of that policy has so far confirmed that Carr’s worries were, as I said in my 2013 rant, baseless.

In 2016, there were 2,407 registrations of domains containing the string “rape”, but just one of them was found to be using it in the context of sexual assault and was suspended, according to Nominet stats.

In 2015, the number of suspensions was the same. One.

The same story is playing out now — a single Don Quixote with a tenuous grasp of the systems he’s criticizing calling for ludicrous policies to prevent a problem that he freely admits does not exist and probably won’t exist in future.

Still, at least he gets to wave some headlines in front of his employers to pretend he’s actually earning his salary.

Belgium domains will be registered in Ireland after cloud move

Kevin Murphy, February 20, 2017, Domain Registries

DNS Belgium, operator of .be, has moved its shared registration systems to the cloud, the non-profit said last week.

The registry migrated from a self-hosted system to Amazon Web Services on February 11.

It’s an effort to cut costs, increase efficiency, and free up engineering time currently dedicated to non-core functions such as hardware maintenance, executives said.

“As AWS sees to the hardware, connectivity etc., DNS Belgium can focus on the layers above, such as the software,” general manager Philip Du Bois said in a press release.

Business development manager Lut Goedhuys said that while the system has been moved to the cloud, AWS allows customers to select the data centers where their applications will be stored.

DNS Belgium picked Ireland, she said.

Amazon backtracks after pricing free Alexa list at over $900,000

Kevin Murphy, November 23, 2016, Domain Services

Amazon has reversed, at least temporarily, its decision to yank its free list of the world’s most popular domains, after an outcry from researchers.

The daily Alexa list, which contains the company’s estimate of the world’s top 1 million domains by traffic, suddenly disappeared late last week.

The list was popular with researchers in fields such as internet security. Because it was free, it was widely used.

DI PRO uses the list every day to estimate the relative popularity of top-level domains.

After deleting the list, Amazon directed users to its Amazon Web Services portal, which had started offering the same data priced at $0.0025 per URL.

That’s not cheap. The cost of obtaining same data suddenly leaped from nothing to $912,500 per year, or $2,500 per day.

That’s beyond the wallets, I suspect, of almost every Alexa user, especially the many domain name tools providers (including yours truly) that relied on the data to estimate domain popularity.

Even scaling back usage to the top 100,000 URLs would be prohibitively expensive for most researchers.

While Amazon is of course free to price its data at whatever it thinks it is worth, no notice was given that the file was to be deleted, scuppering without warning goodness knows how many ongoing projects.

Some users spoke out on Twitter.

I spent most of yesterday figuring out how to quickly rejigger DI PRO to cope with the new regime, but it seems I may have been wasting my time.

After an outcry from fellow researchers, Amazon has restored the free list. It said on Twitter:

It seems clear that the key word here is “temporarily”, and that the the restoration of the file may primarily be designed to give researchers more time to seek alternatives or wrap up their research.