Latest news of the domain name industry

Recent Posts

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.

The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.

As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.

The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.

However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.

“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.

The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.

Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.

Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.

PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.

No other registry has publicly stated similar plans to my knowledge.

The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.

The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.

And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.

This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.

Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.

The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.

But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).

The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.

That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.

But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.

Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.

Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.

Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.

Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.

While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.

“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”

Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Go Daddy’s Merdinger named DNA chair

Kevin Murphy, December 16, 2016, Domain Services

Go Daddy VP of domains Rich Merdinger has been appointed interim chair of the Domain Name Association, replacing Neustar’s Adrian Kinderis.

In a blog post, Merdinger said the DNA will become more “vocal” under its new leadership and outlined three priorities for 2017 — awareness, adoption and access.

He said the DNA will share ways businesses can pursue a strategy of “blending” TLD types in their online activities, promote domains as search engine optimization tools, and make it easier for DNA members to participate.

There will be a new series of DNA Virtual Town Hall meetings to facilliate communication. Merdinger wrote:

Expect to see a more vocal DNA – whether it is at the next virtual town hall or learning about new research on domain name strategies and their business impact. As Interim Chair, I will be working with our leadership team on ways to spotlight how domain names are being used strategically and tactically to support business objectives in 2017 and beyond.

He replaces Kinderis, formerly CEO of AusRegistry/ARI/Bombora, who is now, post-acquisition, VP of corporate development at Neustar.

Kinderis, DNA’s founding chair in April 2013, will remain on the DNA’s board of directors, representing Neustar.

It’s interesting that Merdinger’s appointment to chair is being linked with the DNA becoming more “vocal”.

While Merdinger certainly isn’t a shrinking violet, Kinderis, I’m sure he wouldn’t mind me saying, is one of the bluntest, mouthiest guys in the industry.

That said, GoDaddy has name recognition and has proven to be a bit of a headline magnet over the last decade or so.

It surely has a higher profile among would-be registrants — a big part of the DNA’s audience — than Neustar, which isn’t primarily a domain name company or even necessarily primarily an internet company.

The DNA will continue to operate without an in-house staff, having dumped its second executive director earlier this year in favor of outsourcing to a trade group management company, to cut costs.

“Shadow content policing” fears at ICANN 57

Kevin Murphy, November 7, 2016, Domain Policy

Fears that the domain name industry is becoming a stooge for “shadow regulation” of web content were raised, and greeted very skeptically, over the weekend at ICANN 57.

Attendees yesterday heard concerns from non-commercial stakeholders, notably the Electronic Frontier Foundation, that deals such as Donuts’ content-policing agreement with the US movie industry amount to regulation “by the back door”.

But the EFF, conspicuously absent from substantial participation in the ICANN community for many years, found itself walking into the lion’s den. Its worries were largely pooh-poohed by most of the rest of the community.

During a couple of sessions yesterday, EFF senior attorney Mitch Stoltz argued that the domain industry is being used by third parties bent on limiting internet freedoms.

He was not alone. The ICANN board and later the community at large heard support for the EFF’s views from other Non-Commercial User Constituency members, one of whom compared what’s going on to aborted US legislation SOPA, the Stop Online Piracy Act.

“Regulation of content through the DNS system, through ICANN institutions and through contracted parties is of great concern and I think should be of great concern to all of us here,” Stoltz said.

He talked about a “bright line” between making policies related to domain names and policies related to content.

“I hope that the bright line between names and content is maintained because I think once we get past it, there may be no other bright line,” he said.

“If we allow in copyright enforcement, if we allow in enforcement of professional or business licensing as a criterion for owning a domain name, it’s going to be very hard to hold that line,” he said.

ICANN has long maintained, though with varying degrees of vigor over the years, that it does not regulate content.

Chair Steve Crocker said yesterday: “It’s always been the case, from the inception. It’s now baked in deeply into the mission statement. We don’t police content. That’s not our job.”

That kind of statement became more fervent last year, as concerns started to be raised about ICANN’s powers over the internet in light of the US government’s decision to give up its unique ICANN oversight powers.

Now, a month after the IANA transition was finalized, ICANN has new bylaws that for the first time state prominently that ICANN is not the content cops.

Page one of the massive new ICANN bylaws says:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide

It’s pretty explicit, but there’s a catch.

A “grandfather” clause immediately follows, which states that registries and registrars are not allowed to start challenging the terms of their existing contracts on the basis that they dabble too much with content regulation.

That’s mainly because new gTLD Registry Agreements all include Public Interest Commitments, which in many cases do actually give ICANN contractual authority over the content of web sites.

Content-related PICs are most prominent in “Community” gTLDs.

In the PICs for Japanese city gTLD .osaka, for example, the registry promises that “pornographic, vulgar and highly objectionable content” will be “adequately monitored and removed from the namespace”.

While ICANN does not actively go out looking for .osaka porn, if porn did start showing up in .osaka and the registry does not suspend the domains, it would be in breach of its RA and could lose its contract.

That PIC was voluntarily adopted by the .osaka registry and does not apply to other gTLDs, but it is binding.

So in a roundabout kind of way, ICANN does regulate content, in certain narrow circumstances.

Some NCUC members think this is a “loophole”.

Another back door they think could be abused are the bilateral “trusted notifier” relationships between registries and third parties such as the movie, music and pharmaceutical industries.

Donuts and Radix this year have announced that the Motion Picture Association of America is allowed to notify it about domains that it believes are being used for large-scale, egregious movie piracy.

Donuts said it has suspended a dozen domains — sites that were TLD-hopping to evade suspension — since the policy came into force.

EFF’s Stoltz calls this kind of thing “shadow regulation”.

“Shadow regulation to us is the regulation of content… through private agreements or through unaccountable means that were not developed through the bottom-up process or through a democratic process,” he told the ICANN board yesterday.

While the EFF and NCUC thinks this is a cause for concern, they picked up little support from elsewhere in the community.

Speakers from registries, registrars, senior ICANN staff, intellectual property and business interests all seemed to think it was no big deal.

In a different session on the same topic later in the day, outgoing ICANN head of compliance Allen Grogan addressed these kinds of deals. He said:

From ICANN’s point of view, if there are agreements that are entered into between two private parties, one of whom happens to be a registry or a registrar, I don’t see that ICANN has any role to play in deciding what kinds of agreements those parties can enter into. That clearly is outside the scope of our mission and remit.

We can’t compel a registrar or a registry to even tell us what those agreements are. They’re free to enter into whatever contracts they want to enter into.

To the extent that they become embodied in the contracts as PICs, that may be a different question, or to the extent that the agreements violate those contracts or violate consensus policies, that may be a different question.

But if a registrar or registry decides to enter into an agreement to trust the MPAA or law enforcement or anyone else in deciding what actions to take, I think they’re free to do that and it would be far beyond the scope of ICANN’s power or authority to do anything about that.

In the same session, Donuts VP Jon Nevett cast doubt on the idea that there is an uncrossable “bright line” between domains and content by pointing out that the MPAA deal is not dissimilar to registries’ relationships with the bodies that monitor online child abuse material.

“We have someone that’s an expert in this industry that we have a relationship with saying there is child imagery abuse going on in a name, we’re not going to make that victim go get a court order,” he said.

Steve DelBianco of the NetChoice Coalition, a member of the Business Constituency, had similar doubts.

“Mitch [Stoltz] cited as an example that UK internet service providers were blocking child porn and since that might be cited as an example for trademark and copyright that we should, therefore, not block child porn at all,” he said. “I can’t conceive that’s really what EFF is thinking.”

Nevett gave a “real-life example” of a rape.[tld] domain that was registered in a Donuts gTLD.

“[The site] was a how-to guide. Talk about horrific,” he said. “We got a complaint. I’m not going to wait till someone goes and gets a court order. We’re a private company and we agreed to suspend that name immediately and that’s fine. There was no due process. And I’m cool with that because that was the right thing to do.”

“Just like a restaurant could determine that they don’t want people with shorts and flip-flops in the restaurant, we don’t want illegal behavior and if they want to move somewhere else, let them move somewhere else,” he said.

In alleged copyright infringement cases, registrants get the chance to respond before their names are suspended, he said.

Stoltz argued that the Donuts-MPAA deal had been immediately held up, when it was announced back in February, as a model that the entire industry should be following, which was dangerous.

“If everyone is subject to the same policies, then they are effectively laws and that’s effectively law-making by other means,” he said.

He and other NCUC members are also worried about the Domain Name Association’s Healthy Domains Initiative, which is working on voluntary best practices governing when registries and registrars should suspend domain names.

Lawyer Kathy Kleiman of the NCUC said the HDI was basically “SOPA behind closed doors”.

SOPA was the hugely controversial proposed US federal legislation that would have expanded law enforcement powers to suspend domains in cases of alleged copyright infringement.

Stoltz and others said that the HDI appeared to be operating under ICANN’s “umbrella”, giving it an air of having multistakeholder legitimacy, pointing out that the DNA has sessions scheduled on the official ICANN 57 agenda and “on ICANN’s dime”.

DNA members disagreed with that characterization.

It seems to me that the EFF’s arguments are very much of the “slippery slope” variety. While that may be considered a logical fallacy, it does not mean that its concerns are not valid.

But if there was a ever a “bright line” between domain policy and content regulation, it was traversed many years ago.

The EFF and supporters perhaps should just acknowledge that what they’re really concerned about is copyright owners abusing their powers, and target that problem instead.

The line has moved.

The DNA loses second exec director in a year

Kevin Murphy, October 11, 2016, Domain Registries

The Domain Name Association has lost its second executive director in less than a year.

The trade group has let go industry newcomer Roy Arbeit, who was hired just six months ago following the November 2015 departure of Kurt Pritz.

It does not plan to replace Arbeit, according to an email circulated to DNA members by chair Adrian Kinderis on Friday.

Instead, the day-to-day operations will be outsourced to Virtual, a trade association management company that has been working for the DNA for some time, Kinderis wrote.

The executive director was basically the only full-time DNA employee. The group is steered by a board of directors comprising representatives of major registries and registrars.

The decision to lose the position seems to be a cost-cutting measure, designed to allow the DNA to spend more on public relations campaigns promoting TLD acceptance and diversity, according to the email.