Latest news of the domain name industry

Recent Posts

Donuts loses $22.5m .web lawsuit as judge rules gTLD applicants cannot sue

Kevin Murphy, November 30, 2016, Domain Registries

The promise not to sue ICANN that all new gTLD applicants made when they applied is legally enforceable, a California judge has ruled.

Judge Percy Anderson on Monday threw out Donuts’ lawsuit against ICANN over the controversial $135 million .web auction, saying the “covenant not to sue bars Plaintiff’s entire action”.

He wrote that he “does not find persuasive” an earlier and contrary ruling in the case of DotConnectAfrica v ICANN, a case that is still ongoing.

Donuts sued ICANN at first to prevent the .web auction going ahead.

The registry, and other .web applicants, were concerned that ultimately successful bidder Nu Dot Co was being covertly bankrolled by Verisign, which turned out to be completely correct.

Donuts argued that ICANN failed to adequately vet NDC to uncover its secret sugar daddy. It wanted $22.5 million from ICANN — roughly what it would have received if the auction had been privately managed, rather than run by ICANN.

But the judge ruled that Donuts’ covenant not to sue is enforceable. Because of that, he made no judgement on the merits of Donuts’ arguments.

Under the relevant law, Donuts had to show that the applicant contract was “unconscionable” both “procedurally” and “substantively”.

Basically, the question for the judge was: was the contract unfairly one-sided?

The judge ruled (pdf) that it was not substantively unconscionable and “only minimally procedurally unconscionable”. In other words: a bit crap, but not illegal.

He put a lot of weight on the fact that the new gTLD program was designed largely by the ICANN community and on Donuts’ business “sophistication”. He wrote:

Without the covenant not to sue, any frustrated applicant could, through the filing of a lawsuit, derail the entire system developed by ICANN to process applications for gTLDs. ICANN and frustrated applicants do not bear this potential harm equally. This alone establishes the reasonableness of the covenant not to sue.

Donuts VP Jon Nevett said in a statement yesterday that the fight over .web is not over:

Donuts disagrees with the Court’s decision that ICANN’s required covenant not to sue, while being unconscionable, was not sufficiently unconscionable to be struck down as a matter of law. It is unfortunate that the auction process for .WEB was mired in a lack of transparency and anti-competitive behavior. ICANN, in its haste to proceed to auction, performed only a slapdash investigation and deprived the applicants of the right to fairly compete for .WEB in accordance with the very procedures ICANN demanded of applicants. Donuts will continue to utilize the tools at its disposal to address this procedural failure.

It looks rather like we could be looking at an Independent Review Process filing, possibly the first to be filed under ICANN’s new post-transition rules.

Donuts and ICANN are already in the Cooperative Engagement Process — the mediation phase that usually precedes an IRP — with regards .web.

Second-placed bidder Afilias is also putting pressure on ICANN to overturn the results of the auction, resulting in a bit of a public bunfight with Verisign.

TL;DR — don’t expect to be able to buy .web domains for quite a while to come.

Verisign and Afilias in open war over $135m .web

Kevin Murphy, November 11, 2016, Domain Registries

Two of the industry’s oldest and biggest gTLD registries escalated their fight over the .web gTLD auction this week, trading blows in print and in public.

Verisign, accused by Afilias of breaking the rules when it committed $130 million to secure .web for itself, has now turned the tables on its rival.

It accuses Afilias of itself breaking the auction rules and of trying to emotionally blackmail ICANN into reversing the auction on spurious political grounds.

The .web auction was won by obscure shell-company applicant Nu Dot Co with a record-setting $135 million bid back in July.

It quickly emerged, as had been suspected for a few weeks beforehand, that Verisign was footing the bill for the NDC bid.

The plan is that NDC will transfer its .web ICANN contract to Verisign after it is awarded, assuming ICANN consents to the transfer.

Afilias has since revealed that it came second in the auction. It now wants ICANN to overturn the result of the auction, awarding .web to Afilias as runner-up instead.

The company argues that NDC broke the new gTLD Applicant Guidebook rules by refusing to disclose that it had become controlled by Verisign.

It’s now trying to frame the .web debate as ICANN’s “first test of accountability” under the new, independent, post-IANA transition regime.

Afilias director Jonathan Robinson posted on CircleID:

If ICANN permits the auction result to stand, it may not only invite further flouting of its rules, it will grant the new TLD with the highest potential to the only entity with a dominant market position. This would diminish competition and consumer choice and directly contradict ICANN’s values and Bylaws.

Given the controversy over ICANN’s independence, all eyes will be on the ICANN board to see if it is focused on doing the right thing. It’s time for the ICANN board to show resolve and to demonstrate that it is a strong, independent body acting according to the letter and spirit of its own AGB and bylaws and, perhaps most importantly of all, to actively demonstrate its commitment to act independently and in the global public interest.

Speaking at the first of ICANN’s two public forum sessions at ICANN 57 in Hyderabad, India this week, Robinson echoed that call, telling the ICANN board:

You are a credible, independent-minded, and respected board who recognized the enhanced scrutiny that goes with the post-transition environment. Indeed, this may well be the first test of your resolve in this new environment. You have the opportunity to deal with the situation by firmly applying your own rules and your own ICANN bylaw-enshrined core value to introduce and promote competition in domain names. We strongly urge you to do so.

Then, after a few months of relative quiet on the subject, Verisign and NDC this week came out swinging.

First, in a joint blog post, the companies rubbished Afilias’ attempt to bring the IANA transition into the debate. They wrote:

Afilias does a great disservice to ICANN and the entire Internet community by attempting to make this issue a referendum on ICANN by entitling its post “ICANN’s First Test of Accountability.” Afilias frames its test for ICANN’s new role as an “independent manager of the Internet’s addressing system,” by asserting that ICANN can only pass this test if it disqualifies NDC and bars Verisign from acquiring rights to the .web new gTLD. In this case, Afilias’ position is based on nothing more than deflection, smoke and cynical self-interest.

Speaking at the public forum in Hyderabad on Wednesday, Verisign senior VP Pat Kane said:

This is not a test for the board. This issue is not a test for the newly empowered community. It is a test of our ability to utilize the processes and the tools that we’ve developed over the past 20 years for dispute resolution.

Verisign instead claims that Afilias’ real motivation could be to force .web to a private auction, where it can be assured an eight-figure payday for losing.

NDC/Verisign won .web at a so-called “last resort” auction, overseen by ICANN, in which the funds raised go into a pool to be used for some yet-to-be-determined public benefit cause.

That robbed rival applicants, including Afilias, of the equal share of the proceeds they would have received had the contention set been settled via the usual private auction process.

But Verisign/NDC, in their post, claim Afilias wants to force .web back to private auction.

Afilias’ allegations of Applicant Guidebook violations by NDC are nothing more than a pretext to conduct a “private” instead of a “public” auction, or to eliminate a competitor for the .web new gTLD and capture it for less than the market price.

Verisign says that NDC was under no obligation to notify ICANN of a change of ownership or control because no change of ownership or control has occurred.

It says the two companies have an “arms-length contract” which saw Verisign pay for the auction and NDC commit to ask ICANN to transfer its .web Registry Agreement to Verisign.

It’s not unlike the deal Donuts had with Rightside, covering over a hundred gTLD applications, Verisign says.

The contract between NDC and Verisign did not assign to Verisign any rights in NDC’s application, nor did Verisign take any ownership or management interest in NDC (let alone control of it). NDC has always been and always will be the owner of its application

Not content with defending itself from allegations of wrongdoing, Verisign/NDC goes on to claim that it is instead Afilias that broke ICANN rules and therefore should have disqualified from the auction.

They allege that Afilias offered NDC a guarantee of a cash payout if it chose to go to private auction instead, and that it attempted to coerce NDC to go to private auction on July 22, which was during a “blackout period” during which bidders were forbidden from discussing bidding strategies.

During the public forum sessions at ICANN 57, ICANN directors refused to comment on statements from either side of the debate.

That’s likely because it’s a matter currently before the courts.

Fellow .web loser Donuts has already sued ICANN in California, claiming the organization failed to adequately investigate rumors that Verisign had taken over NDC.

Donuts failed to secure a restraining order preventing the .web auction from happening, but the lawsuit continues. Most recently, ICANN filed a motion attempting to have the case thrown out.

In my opinion, arguments being spouted by Verisign and Afilias both stretch credulity.

Afilias has yet to present any smoking gun showing Verisign or NDC broke the rules. Likewise, Verisign’s claim that Afilias wants to enrich itself by losing a private auction appear to be unsupported by any evidence.

“Shadow content policing” fears at ICANN 57

Kevin Murphy, November 7, 2016, Domain Policy

Fears that the domain name industry is becoming a stooge for “shadow regulation” of web content were raised, and greeted very skeptically, over the weekend at ICANN 57.

Attendees yesterday heard concerns from non-commercial stakeholders, notably the Electronic Frontier Foundation, that deals such as Donuts’ content-policing agreement with the US movie industry amount to regulation “by the back door”.

But the EFF, conspicuously absent from substantial participation in the ICANN community for many years, found itself walking into the lion’s den. Its worries were largely pooh-poohed by most of the rest of the community.

During a couple of sessions yesterday, EFF senior attorney Mitch Stoltz argued that the domain industry is being used by third parties bent on limiting internet freedoms.

He was not alone. The ICANN board and later the community at large heard support for the EFF’s views from other Non-Commercial User Constituency members, one of whom compared what’s going on to aborted US legislation SOPA, the Stop Online Piracy Act.

“Regulation of content through the DNS system, through ICANN institutions and through contracted parties is of great concern and I think should be of great concern to all of us here,” Stoltz said.

He talked about a “bright line” between making policies related to domain names and policies related to content.

“I hope that the bright line between names and content is maintained because I think once we get past it, there may be no other bright line,” he said.

“If we allow in copyright enforcement, if we allow in enforcement of professional or business licensing as a criterion for owning a domain name, it’s going to be very hard to hold that line,” he said.

ICANN has long maintained, though with varying degrees of vigor over the years, that it does not regulate content.

Chair Steve Crocker said yesterday: “It’s always been the case, from the inception. It’s now baked in deeply into the mission statement. We don’t police content. That’s not our job.”

That kind of statement became more fervent last year, as concerns started to be raised about ICANN’s powers over the internet in light of the US government’s decision to give up its unique ICANN oversight powers.

Now, a month after the IANA transition was finalized, ICANN has new bylaws that for the first time state prominently that ICANN is not the content cops.

Page one of the massive new ICANN bylaws says:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide

It’s pretty explicit, but there’s a catch.

A “grandfather” clause immediately follows, which states that registries and registrars are not allowed to start challenging the terms of their existing contracts on the basis that they dabble too much with content regulation.

That’s mainly because new gTLD Registry Agreements all include Public Interest Commitments, which in many cases do actually give ICANN contractual authority over the content of web sites.

Content-related PICs are most prominent in “Community” gTLDs.

In the PICs for Japanese city gTLD .osaka, for example, the registry promises that “pornographic, vulgar and highly objectionable content” will be “adequately monitored and removed from the namespace”.

While ICANN does not actively go out looking for .osaka porn, if porn did start showing up in .osaka and the registry does not suspend the domains, it would be in breach of its RA and could lose its contract.

That PIC was voluntarily adopted by the .osaka registry and does not apply to other gTLDs, but it is binding.

So in a roundabout kind of way, ICANN does regulate content, in certain narrow circumstances.

Some NCUC members think this is a “loophole”.

Another back door they think could be abused are the bilateral “trusted notifier” relationships between registries and third parties such as the movie, music and pharmaceutical industries.

Donuts and Radix this year have announced that the Motion Picture Association of America is allowed to notify it about domains that it believes are being used for large-scale, egregious movie piracy.

Donuts said it has suspended a dozen domains — sites that were TLD-hopping to evade suspension — since the policy came into force.

EFF’s Stoltz calls this kind of thing “shadow regulation”.

“Shadow regulation to us is the regulation of content… through private agreements or through unaccountable means that were not developed through the bottom-up process or through a democratic process,” he told the ICANN board yesterday.

While the EFF and NCUC thinks this is a cause for concern, they picked up little support from elsewhere in the community.

Speakers from registries, registrars, senior ICANN staff, intellectual property and business interests all seemed to think it was no big deal.

In a different session on the same topic later in the day, outgoing ICANN head of compliance Allen Grogan addressed these kinds of deals. He said:

From ICANN’s point of view, if there are agreements that are entered into between two private parties, one of whom happens to be a registry or a registrar, I don’t see that ICANN has any role to play in deciding what kinds of agreements those parties can enter into. That clearly is outside the scope of our mission and remit.

We can’t compel a registrar or a registry to even tell us what those agreements are. They’re free to enter into whatever contracts they want to enter into.

To the extent that they become embodied in the contracts as PICs, that may be a different question, or to the extent that the agreements violate those contracts or violate consensus policies, that may be a different question.

But if a registrar or registry decides to enter into an agreement to trust the MPAA or law enforcement or anyone else in deciding what actions to take, I think they’re free to do that and it would be far beyond the scope of ICANN’s power or authority to do anything about that.

In the same session, Donuts VP Jon Nevett cast doubt on the idea that there is an uncrossable “bright line” between domains and content by pointing out that the MPAA deal is not dissimilar to registries’ relationships with the bodies that monitor online child abuse material.

“We have someone that’s an expert in this industry that we have a relationship with saying there is child imagery abuse going on in a name, we’re not going to make that victim go get a court order,” he said.

Steve DelBianco of the NetChoice Coalition, a member of the Business Constituency, had similar doubts.

“Mitch [Stoltz] cited as an example that UK internet service providers were blocking child porn and since that might be cited as an example for trademark and copyright that we should, therefore, not block child porn at all,” he said. “I can’t conceive that’s really what EFF is thinking.”

Nevett gave a “real-life example” of a rape.[tld] domain that was registered in a Donuts gTLD.

“[The site] was a how-to guide. Talk about horrific,” he said. “We got a complaint. I’m not going to wait till someone goes and gets a court order. We’re a private company and we agreed to suspend that name immediately and that’s fine. There was no due process. And I’m cool with that because that was the right thing to do.”

“Just like a restaurant could determine that they don’t want people with shorts and flip-flops in the restaurant, we don’t want illegal behavior and if they want to move somewhere else, let them move somewhere else,” he said.

In alleged copyright infringement cases, registrants get the chance to respond before their names are suspended, he said.

Stoltz argued that the Donuts-MPAA deal had been immediately held up, when it was announced back in February, as a model that the entire industry should be following, which was dangerous.

“If everyone is subject to the same policies, then they are effectively laws and that’s effectively law-making by other means,” he said.

He and other NCUC members are also worried about the Domain Name Association’s Healthy Domains Initiative, which is working on voluntary best practices governing when registries and registrars should suspend domain names.

Lawyer Kathy Kleiman of the NCUC said the HDI was basically “SOPA behind closed doors”.

SOPA was the hugely controversial proposed US federal legislation that would have expanded law enforcement powers to suspend domains in cases of alleged copyright infringement.

Stoltz and others said that the HDI appeared to be operating under ICANN’s “umbrella”, giving it an air of having multistakeholder legitimacy, pointing out that the DNA has sessions scheduled on the official ICANN 57 agenda and “on ICANN’s dime”.

DNA members disagreed with that characterization.

It seems to me that the EFF’s arguments are very much of the “slippery slope” variety. While that may be considered a logical fallacy, it does not mean that its concerns are not valid.

But if there was a ever a “bright line” between domain policy and content regulation, it was traversed many years ago.

The EFF and supporters perhaps should just acknowledge that what they’re really concerned about is copyright owners abusing their powers, and target that problem instead.

The line has moved.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.

Donuts will cut off sham .doctors

Kevin Murphy, October 17, 2016, Domain Registries

Donuts has outlined plans to suspend or delete .doctor domain names used by fake medical doctors.

Despite protestations from governments and others, .doctor will not be a restricted gTLD when it goes to general availability next week — anyone will be able to register one.

However, Donuts said last week that it will shut down phony doctor sites:

While we are firmly committed to free speech on the Internet, we however will be on guard against inappropriate or dangerous uses of .DOCTOR. Accordingly, if registrants using this name make the representation on their websites that they are licensed medical practitioners, they should be able to demonstrate upon request that in fact they hold such a license. Failure to so demonstrate could be considered a violation of the terms of registration and may subject the registrant to registrar and registry rights to delete, revoke, suspend, cancel, or transfer a registration.

A Donuts spokesperson said that the registry will have the right to conduct spot-checks on sites, but at first will only police the gTLD in response to complaints from others.

“We have the right to spot check, but no immediate plans to do so,” he said.

In a few fringe cases, the failure to present a license would not result in the loss of a domain.

For example, a “registrant is in a jurisdiction that doesn’t license doctors (if that exists)” or a “registrant that represents him/herself as a licensed medical doctor, but uses the site to sell cupcakes”, the spokesperson said.

ICANN’s Governmental Advisory Committee had wanted .doctor restricted to medical doctors, but Donuts complained noting that “doctor” is an appellation used in many other fields beyond medicine.

It can also be used in fanciful ways to market products, the registry said.

ICANN eventually sided with Donuts, allowing it to keep an open TLD as long as it included certain Public Interest Commitments in its registry contract.

.doctor goes to GA October 26.