“Shadow content policing” fears at ICANN 57

Fears that the domain name industry is becoming a stooge for “shadow regulation” of web content were raised, and greeted very skeptically, over the weekend at ICANN 57.
Attendees yesterday heard concerns from non-commercial stakeholders, notably the Electronic Frontier Foundation, that deals such as Donuts’ content-policing agreement with the US movie industry amount to regulation “by the back door”.
But the EFF, conspicuously absent from substantial participation in the ICANN community for many years, found itself walking into the lion’s den. Its worries were largely pooh-poohed by most of the rest of the community.
During a couple of sessions yesterday, EFF senior attorney Mitch Stoltz argued that the domain industry is being used by third parties bent on limiting internet freedoms.
He was not alone. The ICANN board and later the community at large heard support for the EFF’s views from other Non-Commercial User Constituency members, one of whom compared what’s going on to aborted US legislation SOPA, the Stop Online Piracy Act.
“Regulation of content through the DNS system, through ICANN institutions and through contracted parties is of great concern and I think should be of great concern to all of us here,” Stoltz said.
He talked about a “bright line” between making policies related to domain names and policies related to content.
“I hope that the bright line between names and content is maintained because I think once we get past it, there may be no other bright line,” he said.
“If we allow in copyright enforcement, if we allow in enforcement of professional or business licensing as a criterion for owning a domain name, it’s going to be very hard to hold that line,” he said.
ICANN has long maintained, though with varying degrees of vigor over the years, that it does not regulate content.
Chair Steve Crocker said yesterday: “It’s always been the case, from the inception. It’s now baked in deeply into the mission statement. We don’t police content. That’s not our job.”
That kind of statement became more fervent last year, as concerns started to be raised about ICANN’s powers over the internet in light of the US government’s decision to give up its unique ICANN oversight powers.
Now, a month after the IANA transition was finalized, ICANN has new bylaws that for the first time state prominently that ICANN is not the content cops.
Page one of the massive new ICANN bylaws says:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide

It’s pretty explicit, but there’s a catch.
A “grandfather” clause immediately follows, which states that registries and registrars are not allowed to start challenging the terms of their existing contracts on the basis that they dabble too much with content regulation.
That’s mainly because new gTLD Registry Agreements all include Public Interest Commitments, which in many cases do actually give ICANN contractual authority over the content of web sites.
Content-related PICs are most prominent in “Community” gTLDs.
In the PICs for Japanese city gTLD .osaka, for example, the registry promises that “pornographic, vulgar and highly objectionable content” will be “adequately monitored and removed from the namespace”.
While ICANN does not actively go out looking for .osaka porn, if porn did start showing up in .osaka and the registry does not suspend the domains, it would be in breach of its RA and could lose its contract.
That PIC was voluntarily adopted by the .osaka registry and does not apply to other gTLDs, but it is binding.
So in a roundabout kind of way, ICANN does regulate content, in certain narrow circumstances.
Some NCUC members think this is a “loophole”.
Another back door they think could be abused are the bilateral “trusted notifier” relationships between registries and third parties such as the movie, music and pharmaceutical industries.
Donuts and Radix this year have announced that the Motion Picture Association of America is allowed to notify it about domains that it believes are being used for large-scale, egregious movie piracy.
Donuts said it has suspended a dozen domains — sites that were TLD-hopping to evade suspension — since the policy came into force.
EFF’s Stoltz calls this kind of thing “shadow regulation”.
“Shadow regulation to us is the regulation of content… through private agreements or through unaccountable means that were not developed through the bottom-up process or through a democratic process,” he told the ICANN board yesterday.
While the EFF and NCUC thinks this is a cause for concern, they picked up little support from elsewhere in the community.
Speakers from registries, registrars, senior ICANN staff, intellectual property and business interests all seemed to think it was no big deal.
In a different session on the same topic later in the day, outgoing ICANN head of compliance Allen Grogan addressed these kinds of deals. He said:

From ICANN’s point of view, if there are agreements that are entered into between two private parties, one of whom happens to be a registry or a registrar, I don’t see that ICANN has any role to play in deciding what kinds of agreements those parties can enter into. That clearly is outside the scope of our mission and remit.
We can’t compel a registrar or a registry to even tell us what those agreements are. They’re free to enter into whatever contracts they want to enter into.
To the extent that they become embodied in the contracts as PICs, that may be a different question, or to the extent that the agreements violate those contracts or violate consensus policies, that may be a different question.
But if a registrar or registry decides to enter into an agreement to trust the MPAA or law enforcement or anyone else in deciding what actions to take, I think they’re free to do that and it would be far beyond the scope of ICANN’s power or authority to do anything about that.

In the same session, Donuts VP Jon Nevett cast doubt on the idea that there is an uncrossable “bright line” between domains and content by pointing out that the MPAA deal is not dissimilar to registries’ relationships with the bodies that monitor online child abuse material.
“We have someone that’s an expert in this industry that we have a relationship with saying there is child imagery abuse going on in a name, we’re not going to make that victim go get a court order,” he said.
Steve DelBianco of the NetChoice Coalition, a member of the Business Constituency, had similar doubts.
“Mitch [Stoltz] cited as an example that UK internet service providers were blocking child porn and since that might be cited as an example for trademark and copyright that we should, therefore, not block child porn at all,” he said. “I can’t conceive that’s really what EFF is thinking.”
Nevett gave a “real-life example” of a rape.[tld] domain that was registered in a Donuts gTLD.
“[The site] was a how-to guide. Talk about horrific,” he said. “We got a complaint. I’m not going to wait till someone goes and gets a court order. We’re a private company and we agreed to suspend that name immediately and that’s fine. There was no due process. And I’m cool with that because that was the right thing to do.”
“Just like a restaurant could determine that they don’t want people with shorts and flip-flops in the restaurant, we don’t want illegal behavior and if they want to move somewhere else, let them move somewhere else,” he said.
In alleged copyright infringement cases, registrants get the chance to respond before their names are suspended, he said.
Stoltz argued that the Donuts-MPAA deal had been immediately held up, when it was announced back in February, as a model that the entire industry should be following, which was dangerous.
“If everyone is subject to the same policies, then they are effectively laws and that’s effectively law-making by other means,” he said.
He and other NCUC members are also worried about the Domain Name Association’s Healthy Domains Initiative, which is working on voluntary best practices governing when registries and registrars should suspend domain names.
Lawyer Kathy Kleiman of the NCUC said the HDI was basically “SOPA behind closed doors”.
SOPA was the hugely controversial proposed US federal legislation that would have expanded law enforcement powers to suspend domains in cases of alleged copyright infringement.
Stoltz and others said that the HDI appeared to be operating under ICANN’s “umbrella”, giving it an air of having multistakeholder legitimacy, pointing out that the DNA has sessions scheduled on the official ICANN 57 agenda and “on ICANN’s dime”.
DNA members disagreed with that characterization.
It seems to me that the EFF’s arguments are very much of the “slippery slope” variety. While that may be considered a logical fallacy, it does not mean that its concerns are not valid.
But if there was a ever a “bright line” between domain policy and content regulation, it was traversed many years ago.
The EFF and supporters perhaps should just acknowledge that what they’re really concerned about is copyright owners abusing their powers, and target that problem instead.
The line has moved.

Google could shake up the registry market with new open-source Nomulus platform

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.
The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.
There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.
Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.
Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.
It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.
Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.
Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).
For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.
There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.
But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.
So will anyone actually use this? And if so, who?
It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.
The biggest change heralded by Nomulus is certainly pricing.
For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.
While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.
Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.
But that’s not how Nomulus is to be paid for.
While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.
For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.
For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.
However, Nomulus is not exactly a fire-and-forget solution.
There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.
So the potentially lower service costs would have to be balanced against potentially higher staffing costs.
My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.
With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.
The barrier to entry to the RSP market may have just dropped like a rock, in other words.
And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.
Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.
As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.
How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.

Donuts will cut off sham .doctors

Donuts has outlined plans to suspend or delete .doctor domain names used by fake medical doctors.
Despite protestations from governments and others, .doctor will not be a restricted gTLD when it goes to general availability next week — anyone will be able to register one.
However, Donuts said last week that it will shut down phony doctor sites:

While we are firmly committed to free speech on the Internet, we however will be on guard against inappropriate or dangerous uses of .DOCTOR. Accordingly, if registrants using this name make the representation on their websites that they are licensed medical practitioners, they should be able to demonstrate upon request that in fact they hold such a license. Failure to so demonstrate could be considered a violation of the terms of registration and may subject the registrant to registrar and registry rights to delete, revoke, suspend, cancel, or transfer a registration.

A Donuts spokesperson said that the registry will have the right to conduct spot-checks on sites, but at first will only police the gTLD in response to complaints from others.
“We have the right to spot check, but no immediate plans to do so,” he said.
In a few fringe cases, the failure to present a license would not result in the loss of a domain.
For example, a “registrant is in a jurisdiction that doesn’t license doctors (if that exists)” or a “registrant that represents him/herself as a licensed medical doctor, but uses the site to sell cupcakes”, the spokesperson said.
ICANN’s Governmental Advisory Committee had wanted .doctor restricted to medical doctors, but Donuts complained noting that “doctor” is an appellation used in many other fields beyond medicine.
It can also be used in fanciful ways to market products, the registry said.
ICANN eventually sided with Donuts, allowing it to keep an open TLD as long as it included certain Public Interest Commitments in its registry contract.
.doctor goes to GA October 26.

For $10,000, Donuts will block hundreds of typos and premiums for your brand

Donuts has announced an expansion of its domain-blocking service that will enable brand owners to cheaply (kinda) block misspellings of their trademarks.
Brand owners whose trademarks match “premium” generic strings will also be able to take matching domains out of circulation using the registry’s new DPML Plus service.
DPML, for Domain Protected Marks List, is Donuts’ way of giving trademark owners a way to bulk-block their marks across Donuts’ entire stable of gTLDs, which currently stands at 197 strings.
With typical sunrise period prices at $200+, registering a single string across almost 200 gTLDs during sunrise could near a $40,000 outlay. In general availability, it would often be about a tenth of that price.
But the original DPML, with a roughly $3,000 retail price for a five-year block, reduced the cost to protect a single string to about $3 per domain per year.
Now, with DPML Plus, Donuts is offering a premium service that adds the ability to block typos and premium names.
Typos and substring-based blocking were near the top of the intellectual property community’s wish-list when the new gTLD program was being developed, but those features were never incorporated into ICANN rights protection mechanisms.
But for $9,999 (suggested retail price), DPML Plus buyers get a 10-year block on the string that matches their trademark and three extra strings that are either typos of the trademark or contain the trademark as a substring, Donuts said.
So Google would for example be able to block android.examples, anrdoid.examples, androidphone.examples and googleandroidphone.examples using a single DPML Plus subscription.
Basically, they get to block up to 788 domains at $9,999 over 10 years, which works out to about $1.26 per domain per year.
It looks nice and cheap on that basis, but companies wishing to block dozens of base trademarks would be looking at six or seven-figure up-front payments.
DPML Plus also lifts the ban on blocking “premium” domains.
Under the old DPML, customers could not block a domain if Donuts had flagged it with a premium price, but under DPML Plus they can.
This opens the door to brand owners who have valuable trademarks on generic dictionary words to get them blocked across the whole Donuts portfolio.
A Donuts spokesperson said the company reserves the right to reject such strings if it suspects gaming.
Another benefit of the DPML Plus is the ability to prevent other companies with identical trademarks later unblocking and snatching blocked domains for themselves.
Currently, third parties with matching brands can “override” DPML blocks, but that feature is turned off for DPML Plus subscribers. They get exclusivity for the life of the block.
Donuts said the Plus offer will only be available to buy between October 1 and December 31.
As an added carrot, from January 1 the price of its vanilla DPML service is going to go up by an amount the company currently does not want to disclose.

Could ICANN reject Verisign’s $135m .web bid?

ICANN is looking into demands for it to throw out Verisign’s covert $135 million winning bid for the highly prized .web gTLD.
ICANN last week told the judge hearing Donuts’ .web-related lawsuit that it is “currently in the process of investigating certain of the issues raised” by Donuts through its “internal accountability mechanisms”.
Donuts is suing for $22.5 million, claiming ICANN should have forced Nu Dot Co to disclose that its .web bid was being secretly bankrolled by Verisign and alleging that the .com heavyweight used NDC as cover to avoid regulatory scrutiny.
ICANN’s latest filing (pdf), made jointly with Donuts, asked for an extension to October 26 of ICANN’s deadline to file a response to Donuts’ complaint.
It was granted, the second time the deadline has been extended, but the judge warned it was also the final time.
The referenced “internal accountability mechanism” would seem to mean the Cooperative Engagement Process — a low-formality bilateral negotiation — that Donuts and fellow .web bidder Radix initiated against ICANN August 2.
The filing states that the “resolution of certain issues in controversy may be aided by allowing [ICANN] to complete its investigation of [Donuts’] allegations prior to the filing of its responsive pleading.”
In other words, Donuts is either hopeful that ICANN may be able to resolve some of its complaints in the next month, or it’s not particularly impatient about the case progressing.
Meanwhile, fellow .web applicant Afilias has demanded for the second time that ICANN hand over .web to it, as the second-highest bidder, throwing out the NDC/Verisign application.
In a September 9 letter, published last night, Afilias told ICANN to “disqualify and reject” NDC’s application, alleging at least three breaches of ICANN rules.
Afilias says that by refusing to disclose Verisign’s support for its bid, NDC broke the rules and should have its application thrown out.
The company also confirmed on the public record for what I believe is the first time that it was the second-highest bidder in the July 27 auction.
Afilias would pay somewhere between $57.5 million and $71.9 million for the gTLD, depending on what the high bid of the third-placed applicant was.
In its new letter, Afilias says NDC broke the rule from the Applicant Guidebook that does not allow applicants to “resell, assign or transfer any of applicant’s rights or obligations in connection with the application”.
It also says that NDC was obliged by the AGB to notify ICANN of “changes in financial position and changes in ownership or control”, which it did not.
It finally says that Verisign used NDC as a front during the auction, in violation of auction rules.
“In these circumstances, we submit that ICANN should disqualify NDC’s bid and offer to accept the application of Afilias, which placed the second highest exit bid,” Afilias general counsel Scott Hemphill wrote (pdf).
Hemphill told ICANN to defer from signing a Registry Agreement with NDC or Verisign, strongly implying that Afilias intends to invoke ICANN accountability mechanisms (presumably meaning the Request for Reconsideration process and/or Independent Review Process).
While Afilias and Donuts are both taking issue with the secretive nature of Verisign’s acquisition of .web, they’re not necessarily fighting the same corner.
Donuts is looking for $22.5 million because that’s roughly what it would have received if the .web contention set had been resolved via private auction and $135 million had been the winning bid.
But Afilias wants the ICANN auction outcome to stand, albeit with NDC’s top bid rejected. That would mean Donuts, Radix, and the other applicants would still receive nothing.
There’s also the question of other new gTLD applications that have prevailed at auction and been immediately transferred to third-party non-applicants.
The most notable example of this was .blog, which was won by shell company Primer Nivel with secretive backing from WordPress maker Automattic.
Donuts itself regularly wins gTLD auctions and immediately transfers its contracts to Rightside under a pre-existing agreement.
In both of those cases, the reassignment deals predated, but were not disclosed in, the respective applications.
There’s the recipe here for a messy, protracted bun fight over .web, which should come as no surprise to anyone.

.hotel losers gang up to threaten ICANN with legal bills

The six losing applicants for the .hotel new gTLD are collectively threatening ICANN with a second Independent Review Process action.
Together, they this week filed a Request for Reconsideration with ICANN, challenging its decision earlier this month to allow the Afilias-owned Hotel Top Level Domain Sarl application to go ahead to contracting.
HTLD won a controversial Community Priority Evaluation in 2014, effectively eliminating all rival applicants, but that decision was challenged in an IRP that ICANN ultimately won.
The other applicants think HTLD basically cobbled together a bogus “community” in order to “game” the CPE process and avoid an expensive auction.
Since the IRP decision, the six other applicants — Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry — have been arguing that the HTLD application should be thrown out due to the actions of Dirk Krischenowski, a former key executive.
Krischenowski was found by ICANN to have exploited a misconfiguration in its own applicants’ portal to download documents belonging to its competitors that should have been confidential.
But at its August 9 meeting, the ICANN board noted that the timing of the downloads showed that HTLD could not have benefited from the data exposure, and that in any event Krischenowski is no longer involved in the company, and allowed the bid to proceed.
That meant the six other applicants lost the chance to win .hotel at auction and/or make a bunch of cash by losing the auction. They’re not happy about that.
It doesn’t matter that the data breach could not have aided HTLD’s application or its CPE case, they argue, the information revealed could prove a competitive advantage once .hotel goes on sale:

What matters is that the information was accessed with the obvious intent to obtain an unfair advantage over direct competitors. The future registry operator of the .hotel gTLD will compete with other registry operators. In the unlikely event that HTLD were allowed to operate the .hotel gTLD, HTLD would have an unfair advantage over competing registry operators, because of its access to sensitive business information

They also think that HTLD being given .hotel despite having been found “cheating” goes against the spirit of application rules and ICANN’s bylaws.
The RfR (pdf) also draws heavily on the findings of the IRP panel in the unrelated Dot Registry (.llc, .inc, etc) case, which were accepted by the ICANN board also on August 9.
In that case, the panel suggested that the board should conduct more thorough, meaningful reviews of CPE decisions.
It also found that ICANN staff had been “intimately involved” in the preparation of the Dot Registry CPE decision (though not, it should be noted, in the actual scoring) as drafted by the Economist Intelligence Unit.
The .hotel applicants argue that this decision is incompatible with their own IRP, which they lost in February, where the judges found a greater degree of separation between ICANN and the EIU.
Their own IRP panel was given “incomplete and misleading information” about how closely ICANN and the EIU work together, they argue, bringing the decision into doubt.
The RfR strongly hints that another IRP could be in the offing if ICANN fails to cancel HTLD application.
The applicants also want a hearing so they can argue their case in person, and a “substantive review” of the .hotel CPE.
The HTLD application for .hotel is currently “On Hold” while ICANN sorts through the mess.

Industry lays into Verisign over .com deal renewal

Some of Verisign’s chickens have evidently come home to roost.
A number of companies that the registry giant has pissed off over the last couple of years have slammed the proposed renewal of its .com contract with ICANN.
Rivals including XYZ.com (sued over its .xyz advertising) and Donuts (out-maneuvered on .web) are among those to have filed comments opposing the proposed new Registry Agreement.
They’re joined by business and intellectual property interests, concerned that Verisign is being allowed to carry on without implementing any of the IP-related obligations of other gTLDs, and a dozens of domainers, spurred into action by a newsletter.
Even a child protection advocacy group has weighed in, accusing Verisign of not doing enough to prevent child abuse material being distributed.
ICANN announced last month that it plans to renew the .com contract, which is not due to expire for another two years, until 2024, to bring its term in line with Verisign’s contracts related to root zone management.
There are barely any changes in the proposed new RA — no new rights protection mechanisms, no changes to how pricing is governed, and no new anti-abuse provisions.
The ensuing public comment period, which closed on Friday, has attracted slightly more comments than your typical ICANN comment period.
That’s largely due to outrage from readers of the Domaining.com newsletter, who were urged to send comments in an article headlined “BREAKING: Verisign doubles .COM price overnight!”
That headline, for avoidance of doubt, is not accurate. I think the author was trying to confer the idea that the headline could, in his opinion, be accurate in future.
Still, it prompted a few dozen domainers to submit brief comments demanding “No .com price increases!!!”
The existing RA, which would be renewed, says this about price:

The Maximum Price for Registry Services subject to this Section 7.3 shall be as follows:
(i) from the Effective Date through 30 November 2018, US $7.85;
(ii) Registry Operator shall be entitled to increase the Maximum Price during the term of the Agreement due to the imposition of any new Consensus Policy or documented extraordinary expense resulting from an attack or threat of attack on the Security or Stability of the DNS, not to exceed the smaller of the preceding year’s Maximum Price or the highest price charged during the preceding year, multiplied by 1.07.

The proposed amendment (pdf) that would extend the contract through 2024 does not directly address price.
It does, however, contain this paragraph:

Future Amendments. The parties shall cooperate and negotiate in good faith to amend the terms of the Agreement (a) by the second anniversary of the Effective Date, to preserve and enhance the security and stability of the Internet or the TLD, and (b) as may be necessary for consistency with changes to, or the termination or expiration of, the Cooperative Agreement between Registry Operator and the Department of Commerce.

The Cooperative Agreement is the second contract in the three-way relationship between Verisign, ICANN and the US Department of Commerce that allows Verisign to run not only .com but also the DNS root zone.
It’s important because Commerce exercised its powers under the agreement in 2012 to freeze .com prices at $7.85 a year until November 2018, unless Verisign can show it no longer has “market power”, a legal term that plays into monopoly laws.
So what the proposed .com amendments mean is that, if the Cooperative Agreement changes in 2018, ICANN and Verisign are obligated to discuss amending the .com contract at that time to take account of the new terms.
If, for example, Commerce extends the price freeze, Verisign and ICANN are pretty much duty bound to write that extension into the RA too.
There’s no credible danger of prices going up before 2018, in other words, and whether they go up after that will be primarily a matter for the US administration.
The US could decide that Verisign no longer has market power then and drop the price freeze, but would be an indication of a policy change rather than a reflection of reality.
The Internet Commerce Association, which represents high-volume domainers, does not appear particularly concerned about prices going up any time soon.
It said in its comments to ICANN that it believes the new RA “will have no effect whatsoever upon the current .Com wholesale price freeze of $7.85 imposed on Verisign”.
XYZ.com, in its comments, attacked not potential future price increases, but the current price of $7.85, which it characterized as extortionate.
If .com were put out to competitive tender, XYZ would be prepared to reduce the price to $1 per name per year, CEO Daniel Negari wrote, saving .com owners over $850 million a year — more than the GDP of Rwanda.

ICANN should not passively go along with Verisign’s selfish goal of extending its unfair monopoly over the internet’s most popular top-level domain name.

Others in the industry chose to express that the proposed contract does not even attempt to normalize the rules governing .com with the rules almost all other gTLDs must abide by.
Donuts, in its comment, said that the more laissez-faire .com regime actually harms competition, writing:

It is well known that new gTLDs and now many other legacy gTLDs are heavily vested with abuse protections that .COM is not. Thus, smaller, less resource-rich competitors must manage gTLDs laden (appropriately) with additional responsibilities, while Verisign is able to operate its domains unburdened from these safeguards. This incongruence is a precise demonstration of disparate treatment, and one that actually hinders effective competition and ultimately harms consumers.

It points to numerous statistics showing that .com is by far the most-abused TLD in terms of spam, phishing, malware and cybersquatting.
The Business Constituency and Intellectual Property Constituency had similar views about standardizing rules on abuse and such. The IPC comment says:

The continued prevalence of abusive registrations in the world’s largest TLD registry is an ongoing challenge. The terms of the .com registry agreement should reflect that reality, by incorporating the most up-to-date features that will aid in the detection, prevention and remediation of abuses.

The European NGO Alliance for Child Safety Online submitted a comment with a more narrow focus — child abuse material and pornography in general.
Enasco said that 41% of sites containing child abuse material use .com domains and that Verisign should at least have the same regulatory regime as 2012-round gTLDs. It added:

Verisign’s egregious disinterest in or indolence towards tackling these problems hitherto hardly warrants them being rewarded by being allowed to continue the same lamentable
regime.

I couldn’t find any comments that were in unqualified support of the .com contract renewal, but the lack of any comments from large sections of the ICANN community may indicate widespread indifference.
The full collection of comments can be found here.

Donuts rolls the dice with $22.5 million .web lawsuit

Donuts is demanding ICANN pay up the $22.5 million it reckons it is owed from the auction of the .web gTLD, which sold late last month for $135 million.
The company yesterday amended its existing California lawsuit against ICANN to allege that Verisign tried to avoid regulatory scrutiny by secretly bankrolling successful bidder Nu Dot Co.
The updated complaint (pdf) reads:

VeriSign’s apparent acquisition of NDC’s application rights was an attempt to avoid allegations of anti-competitive conduct and antitrust violations in applying to operate the .WEB gTLD, which is widely viewed by industry analysts as the strongest competitor to the .COM and .NET gTLDs.

Donuts wants a minimum of $22.5 million, which is roughly what each of the six losing .web applicants would have received if the contention set had been resolved via private auction.
(I previously reported that number as $18.5 million, because I accidentally counted .webs applicant Vistaprint as losing .webs applicant, when in fact it won .webs, paying $1.)
The company’s claims are still based around the allegation that ICANN breached its duties by failing to root out Verisign as the puppet-master.
The complaint alleges breach of contract, negligence, unfair competition and other claims. It says:

ICANN allowed a third party to make an eleventh-hour end run around the application process to the detriment of Plaintiff, the other legitimate applicants for the .WEB gTLD and the Internet community at large.
…
ICANN intentionally failed to abide by its obligations to conduct a full and open investigation into NDC’s admission because it was in ICANN’s interest that the .WEB contention set be resolved by way of an ICANN auction.

The irony here is that Ruby Glen LLC, the Donuts company that applied for .web, is subject to an arrangement not dissimilar to NDC’s with Verisign.
Ruby Glen is owned by Covered TLD LLC, in turn a wholly-owned Donuts subsidiary.
It’s well-known that fellow portfolio registry Rightside has rights to acquire Covered TLD’s over 100 applied-for strings, but this is not disclosed in its .web application.
ICANN will no doubt make use of this fact when it files its answer to the complaint.
Verisign itself has not been added as a defendant, but much of the new text in the complaint focuses on its now-confirmed involvement with NDC. The suit reads:

Had VeriSign’s apparent acquisition of NDC’s application rights been fully disclosed to ICANN by NDC… the relationship would have also triggered heightened scrutiny of VeriSign’s Registry Agreements with ICANN for .COM and .NET, as well as its Cooperative Agreement with the Department of Commerce.

The fact that Verisign is allowed to collect over half a billion dollars cash every year as a result of its state-endorsed monopoly is a longstanding cause of embarrassment for the Department of Commerce.
It has taken an interest in regulating Verisign’s .com contract in the past — it’s the only reason Verisign has not been able to raise .com prices in the last few years.
But the US government is not a party to the .web contract (unlike .com, where it has a special relationship with Verisign) and is not involved in the new gTLD program’s management or policies.
The complaint also makes reference to a completely unrelated Independent Review Process declaration from last week, which slammed ICANN for its lack of accountability and transparency.
Donuts faces the additional problem that, like all new gTLD applicants, it signed a covenant not to sue ICANN when it applied for its new gTLDs.
A judge in the DotConnectAfrica v ICANN can has allowed that lawsuit to proceed, regardless, but it may prove a stumbling block for Donuts.
It all looks a bit flimsy to me, but I’ve learned not to second-guess American judges so we’ll just have to see how it plays out.

Verisign likely $135 million winner of .web gTLD

Verisign has emerged as the likely winner of the .web gTLD auction, which closed on Thursday with a staggering $135 million winning bid.
The shell company Nu Dot Co LLC was the prevailing applicant in the auction, which ran for 23 rounds over two days.
Just hours after the auction closed, Domain Name Wire scooped that Verisign had quietly informed investors that it has committed to pay $130 million for undisclosed “contractual rights”.
In its Securities and Exchange Commission quarterly report, filed after the markets closed on Thursday, Verisign said:

Subsequent to June 30, 2016, the Company incurred a commitment to pay approximately $130.0 million for the future assignment of contractual rights, which are subject to third-party consent. The payment is expected to occur during the third quarter of 2016.

There seems to be little doubt that the payment is to be made to NDC (or one of its shell company parents) in exchange for control of the .web Registry Agreement.
The “third-party consent” is likely a reference to ICANN, which must approve RA reassignments.
We speculated on July 14 that Verisign would turn out to be NDC’s secret sugar daddy, which seems to have been correct.
Rival .web applicant Donuts had sued ICANN for an emergency temporary restraining order, claiming it had not done enough to uncover the identity of NDC’s true backers, but was rebuffed on multiple grounds by a California judge.
Donuts, and other applicants, had wanted the contention set settled privately, but NDC was the only hold-out.
Had it been settled with a private auction, and the $135 million price tag had been reached, each of the seven losing applicants would have walked away with somewhere in the region of $18.5 million in their pockets.
This draws the battle lines for some potentially interesting legal fallout.
It remains to be seen if Donuts will drop its suit against ICANN or instead add Verisign in as a defendant with new allegations.
There’s also the possibility of action from Neustar, which is currently NDC’s named back-end provider.
Assuming Verisign plans to switch .web to its own back-end, Neustar may be able to make similar claims to those leveled by Verisign against XYZ.com.
Overall, Verisign controlling .web is sad news for the new gTLD industry, in my view.
.web has been seen, over the years, as the string that is both most sufficiently generic, sufficiently catchy, sufficiently short and of sufficient semantic value to provide a real challenge to .com.
I’ve cooled on .web since I launched DI six years ago. Knowing what we now know about how many new gTLD domains actually sell, and how they have to be priced to achieve volume, I was unable to see how even a valuation of $50 million was anything other than a long-term (five years or more) ROI play.
Evidently, most of the applicants agreed. According to ICANN’s log of the auction (pdf) only two applicants — NDC and another (Google?) — submitted bids in excess of $57.5 million.
But for Verisign, .web would have been a risk in somebody else’s hands.
I don’t think the company cares about making .web a profitable TLD, it instead is chiefly concerned with being able to control the impact it has on .com’s mind-share monopoly.
Verisign makes about a billion dollars a year in revenue, with analyst-baffling operating margins around 60%, and that’s largely because it runs .com.
In 2015, its cash flow was $651 million.
So Verisign has dropped a couple of months’ cash to secure .web — chickenfeed if the real goal is .com’s continued hegemony.
In the hands of a rival new gTLD company’s marketing machine, in six months we might have been seeing (naive) headlines along the lines of “Forget .com, .web is here!”.
That won’t happen now.
I’m not privy to Verisign’s plans for .web, but its track record supporting the other TLDs it owns is not fantastic.
Did you know, or do you remember, that Verisign runs .name? I sometimes forget that too. It bought it from Global Name Registry in late 2008, at the high point of its domains under management in this chart.

I don’t think I expect Verisign to completely bury .web, but I don’t think we’re going to see it aggressively promoted either.
It will never be positioned as a competitor to .com.
If .web never makes $135 million, that would be fine. Just as long as it doesn’t challenge the perception that you need a .com to be successful, Verisign’s purchase was worth the money.

Donuts .web claims “discredited”, ICANN tells court

Donuts’ attempt to delay tomorrow’s .web gTLD auction is based on a now “discredited” reading of a single email from rival bidder Nu Dot Co, ICANN told a California court yesterday.
Supporting ICANN’s opposition to Donuts’ motion for a temporary restraining order, two top NDC executives also swore under penalty of perjury that the company is not under new ownership or management.
The filings were made in response to Donuts’ lawsuit, filed Friday, which seeks over $10 million damages and a TRO against the .web auction.
Donuts believes that NDC has been taken over by an as-yet unknown third party with a vested interest in keeping the auction proceeds out of the hands of its competitors by forcing an ICANN-run last-resort auction.
Its belief is based on a June 7 email from NDC CFO Jose Rasco that alludes to COO Nicolai Bezsonoff no longer being with the company and makes reference to unspecified “powers that be” that are now in charge of the company.
By not disclosing the alleged change of control to ICANN, NDC broke Application Guidebook rules, Donuts claims.
But according to ICANN and NDC, this is all nonsense. ICANN told the court:

three separate ICANN bodies – ICANN’s staff, ICANN’s Ombudsman, and ICANN’s Board – have already looked into the alleged change in Nu Dotco’s ownership or management. All three found no credible evidence that any such change had occurred within Nu Dotco, and therefore nothing supported a delay of the Auction. Plaintiff’s TRO application, filed nearly three months after the Auction was scheduled and just two business days before bidding is set to officially begin, relies solely on a strained, and now completely discredited, interpretation of the Nu Dotco CFO’s June 7 email. However, the evidence accompanying this opposition – sworn declarations from ICANN and Nu Dotco executives – confirms that Nu Dotco has not made any change in its ownership or management, much less a “disqualifying” change that should derail the Auction processes already under way or the official start of bidding.

Rasco and Nicolai Bezsonoff both swear in accompanying declarations that the managers and members (ie owners) of NDC have not changed since the original 2012 application.
NDC, according to its .web application, is owned by two Delaware shell companies — Domain Marketing Holdings, LLC and NUCO LP, LLC — both of which appear to have been created in order to provide a layer of separation between NDC and its actual investors.
Rasco and Bezsonoff say that these two companies remain the only owners of NDC requiring their identities to be disclosed to ICANN.
There’s no comment in either declaration about whether either of those two companies has undergone a change in control.
What we seem to have here, amusingly, is NDC using exactly the same legal tricks as Donuts to hide the ultimate beneficiaries of its gTLD applications.
Donuts, you may recall, applied for 307 new gTLDs via 307 distinct shell LLCs with randomly generated names. Not only that, but each of those LLCs is owned by one of two other shell companies — 201 belonged to Dozen Donuts LLC, 106 belonged to Covered TLD LLC.
Donuts never formally disclosed in its ICANN applications (or, to my recollection, publicly confirmed) that business partner Rightside had the right to buy any of the Covered TLD strings — including .web, it seems — a right Rightside has exercised many times since.
Rightside basically got the same layer of identity insulation that whoever’s pulling the strings at NDC is getting now.
That irony is not pointed out in ICANN’s latest court filing, which can be read here (pdf). The Rasco and Bezsonoff declarations can be read here and here.
The applicants for .web are NDC, Radix, Donuts, Schlund, Afilias, Google and Web.com. Vistaprint’s bid for .webs is also in the auction.
Unless Donuts gets its TRO, the auction will begin at 1400 UTC tomorrow and we could find out how much .web sold for later that day.