Latest news of the domain name industry

Recent Posts

“Shadow content policing” fears at ICANN 57

Kevin Murphy, November 7, 2016, Domain Policy

Fears that the domain name industry is becoming a stooge for “shadow regulation” of web content were raised, and greeted very skeptically, over the weekend at ICANN 57.

Attendees yesterday heard concerns from non-commercial stakeholders, notably the Electronic Frontier Foundation, that deals such as Donuts’ content-policing agreement with the US movie industry amount to regulation “by the back door”.

But the EFF, conspicuously absent from substantial participation in the ICANN community for many years, found itself walking into the lion’s den. Its worries were largely pooh-poohed by most of the rest of the community.

During a couple of sessions yesterday, EFF senior attorney Mitch Stoltz argued that the domain industry is being used by third parties bent on limiting internet freedoms.

He was not alone. The ICANN board and later the community at large heard support for the EFF’s views from other Non-Commercial User Constituency members, one of whom compared what’s going on to aborted US legislation SOPA, the Stop Online Piracy Act.

“Regulation of content through the DNS system, through ICANN institutions and through contracted parties is of great concern and I think should be of great concern to all of us here,” Stoltz said.

He talked about a “bright line” between making policies related to domain names and policies related to content.

“I hope that the bright line between names and content is maintained because I think once we get past it, there may be no other bright line,” he said.

“If we allow in copyright enforcement, if we allow in enforcement of professional or business licensing as a criterion for owning a domain name, it’s going to be very hard to hold that line,” he said.

ICANN has long maintained, though with varying degrees of vigor over the years, that it does not regulate content.

Chair Steve Crocker said yesterday: “It’s always been the case, from the inception. It’s now baked in deeply into the mission statement. We don’t police content. That’s not our job.”

That kind of statement became more fervent last year, as concerns started to be raised about ICANN’s powers over the internet in light of the US government’s decision to give up its unique ICANN oversight powers.

Now, a month after the IANA transition was finalized, ICANN has new bylaws that for the first time state prominently that ICANN is not the content cops.

Page one of the massive new ICANN bylaws says:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide

It’s pretty explicit, but there’s a catch.

A “grandfather” clause immediately follows, which states that registries and registrars are not allowed to start challenging the terms of their existing contracts on the basis that they dabble too much with content regulation.

That’s mainly because new gTLD Registry Agreements all include Public Interest Commitments, which in many cases do actually give ICANN contractual authority over the content of web sites.

Content-related PICs are most prominent in “Community” gTLDs.

In the PICs for Japanese city gTLD .osaka, for example, the registry promises that “pornographic, vulgar and highly objectionable content” will be “adequately monitored and removed from the namespace”.

While ICANN does not actively go out looking for .osaka porn, if porn did start showing up in .osaka and the registry does not suspend the domains, it would be in breach of its RA and could lose its contract.

That PIC was voluntarily adopted by the .osaka registry and does not apply to other gTLDs, but it is binding.

So in a roundabout kind of way, ICANN does regulate content, in certain narrow circumstances.

Some NCUC members think this is a “loophole”.

Another back door they think could be abused are the bilateral “trusted notifier” relationships between registries and third parties such as the movie, music and pharmaceutical industries.

Donuts and Radix this year have announced that the Motion Picture Association of America is allowed to notify it about domains that it believes are being used for large-scale, egregious movie piracy.

Donuts said it has suspended a dozen domains — sites that were TLD-hopping to evade suspension — since the policy came into force.

EFF’s Stoltz calls this kind of thing “shadow regulation”.

“Shadow regulation to us is the regulation of content… through private agreements or through unaccountable means that were not developed through the bottom-up process or through a democratic process,” he told the ICANN board yesterday.

While the EFF and NCUC thinks this is a cause for concern, they picked up little support from elsewhere in the community.

Speakers from registries, registrars, senior ICANN staff, intellectual property and business interests all seemed to think it was no big deal.

In a different session on the same topic later in the day, outgoing ICANN head of compliance Allen Grogan addressed these kinds of deals. He said:

From ICANN’s point of view, if there are agreements that are entered into between two private parties, one of whom happens to be a registry or a registrar, I don’t see that ICANN has any role to play in deciding what kinds of agreements those parties can enter into. That clearly is outside the scope of our mission and remit.

We can’t compel a registrar or a registry to even tell us what those agreements are. They’re free to enter into whatever contracts they want to enter into.

To the extent that they become embodied in the contracts as PICs, that may be a different question, or to the extent that the agreements violate those contracts or violate consensus policies, that may be a different question.

But if a registrar or registry decides to enter into an agreement to trust the MPAA or law enforcement or anyone else in deciding what actions to take, I think they’re free to do that and it would be far beyond the scope of ICANN’s power or authority to do anything about that.

In the same session, Donuts VP Jon Nevett cast doubt on the idea that there is an uncrossable “bright line” between domains and content by pointing out that the MPAA deal is not dissimilar to registries’ relationships with the bodies that monitor online child abuse material.

“We have someone that’s an expert in this industry that we have a relationship with saying there is child imagery abuse going on in a name, we’re not going to make that victim go get a court order,” he said.

Steve DelBianco of the NetChoice Coalition, a member of the Business Constituency, had similar doubts.

“Mitch [Stoltz] cited as an example that UK internet service providers were blocking child porn and since that might be cited as an example for trademark and copyright that we should, therefore, not block child porn at all,” he said. “I can’t conceive that’s really what EFF is thinking.”

Nevett gave a “real-life example” of a rape.[tld] domain that was registered in a Donuts gTLD.

“[The site] was a how-to guide. Talk about horrific,” he said. “We got a complaint. I’m not going to wait till someone goes and gets a court order. We’re a private company and we agreed to suspend that name immediately and that’s fine. There was no due process. And I’m cool with that because that was the right thing to do.”

“Just like a restaurant could determine that they don’t want people with shorts and flip-flops in the restaurant, we don’t want illegal behavior and if they want to move somewhere else, let them move somewhere else,” he said.

In alleged copyright infringement cases, registrants get the chance to respond before their names are suspended, he said.

Stoltz argued that the Donuts-MPAA deal had been immediately held up, when it was announced back in February, as a model that the entire industry should be following, which was dangerous.

“If everyone is subject to the same policies, then they are effectively laws and that’s effectively law-making by other means,” he said.

He and other NCUC members are also worried about the Domain Name Association’s Healthy Domains Initiative, which is working on voluntary best practices governing when registries and registrars should suspend domain names.

Lawyer Kathy Kleiman of the NCUC said the HDI was basically “SOPA behind closed doors”.

SOPA was the hugely controversial proposed US federal legislation that would have expanded law enforcement powers to suspend domains in cases of alleged copyright infringement.

Stoltz and others said that the HDI appeared to be operating under ICANN’s “umbrella”, giving it an air of having multistakeholder legitimacy, pointing out that the DNA has sessions scheduled on the official ICANN 57 agenda and “on ICANN’s dime”.

DNA members disagreed with that characterization.

It seems to me that the EFF’s arguments are very much of the “slippery slope” variety. While that may be considered a logical fallacy, it does not mean that its concerns are not valid.

But if there was a ever a “bright line” between domain policy and content regulation, it was traversed many years ago.

The EFF and supporters perhaps should just acknowledge that what they’re really concerned about is copyright owners abusing their powers, and target that problem instead.

The line has moved.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.

Donuts will cut off sham .doctors

Kevin Murphy, October 17, 2016, Domain Registries

Donuts has outlined plans to suspend or delete .doctor domain names used by fake medical doctors.

Despite protestations from governments and others, .doctor will not be a restricted gTLD when it goes to general availability next week — anyone will be able to register one.

However, Donuts said last week that it will shut down phony doctor sites:

While we are firmly committed to free speech on the Internet, we however will be on guard against inappropriate or dangerous uses of .DOCTOR. Accordingly, if registrants using this name make the representation on their websites that they are licensed medical practitioners, they should be able to demonstrate upon request that in fact they hold such a license. Failure to so demonstrate could be considered a violation of the terms of registration and may subject the registrant to registrar and registry rights to delete, revoke, suspend, cancel, or transfer a registration.

A Donuts spokesperson said that the registry will have the right to conduct spot-checks on sites, but at first will only police the gTLD in response to complaints from others.

“We have the right to spot check, but no immediate plans to do so,” he said.

In a few fringe cases, the failure to present a license would not result in the loss of a domain.

For example, a “registrant is in a jurisdiction that doesn’t license doctors (if that exists)” or a “registrant that represents him/herself as a licensed medical doctor, but uses the site to sell cupcakes”, the spokesperson said.

ICANN’s Governmental Advisory Committee had wanted .doctor restricted to medical doctors, but Donuts complained noting that “doctor” is an appellation used in many other fields beyond medicine.

It can also be used in fanciful ways to market products, the registry said.

ICANN eventually sided with Donuts, allowing it to keep an open TLD as long as it included certain Public Interest Commitments in its registry contract.

.doctor goes to GA October 26.

For $10,000, Donuts will block hundreds of typos and premiums for your brand

Kevin Murphy, September 28, 2016, Domain Registries

Donuts has announced an expansion of its domain-blocking service that will enable brand owners to cheaply (kinda) block misspellings of their trademarks.

Brand owners whose trademarks match “premium” generic strings will also be able to take matching domains out of circulation using the registry’s new DPML Plus service.

DPML, for Domain Protected Marks List, is Donuts’ way of giving trademark owners a way to bulk-block their marks across Donuts’ entire stable of gTLDs, which currently stands at 197 strings.

With typical sunrise period prices at $200+, registering a single string across almost 200 gTLDs during sunrise could near a $40,000 outlay. In general availability, it would often be about a tenth of that price.

But the original DPML, with a roughly $3,000 retail price for a five-year block, reduced the cost to protect a single string to about $3 per domain per year.

Now, with DPML Plus, Donuts is offering a premium service that adds the ability to block typos and premium names.

Typos and substring-based blocking were near the top of the intellectual property community’s wish-list when the new gTLD program was being developed, but those features were never incorporated into ICANN rights protection mechanisms.

But for $9,999 (suggested retail price), DPML Plus buyers get a 10-year block on the string that matches their trademark and three extra strings that are either typos of the trademark or contain the trademark as a substring, Donuts said.

So Google would for example be able to block android.examples, anrdoid.examples, androidphone.examples and googleandroidphone.examples using a single DPML Plus subscription.

Basically, they get to block up to 788 domains at $9,999 over 10 years, which works out to about $1.26 per domain per year.

It looks nice and cheap on that basis, but companies wishing to block dozens of base trademarks would be looking at six or seven-figure up-front payments.

DPML Plus also lifts the ban on blocking “premium” domains.

Under the old DPML, customers could not block a domain if Donuts had flagged it with a premium price, but under DPML Plus they can.

This opens the door to brand owners who have valuable trademarks on generic dictionary words to get them blocked across the whole Donuts portfolio.

A Donuts spokesperson said the company reserves the right to reject such strings if it suspects gaming.

Another benefit of the DPML Plus is the ability to prevent other companies with identical trademarks later unblocking and snatching blocked domains for themselves.

Currently, third parties with matching brands can “override” DPML blocks, but that feature is turned off for DPML Plus subscribers. They get exclusivity for the life of the block.

Donuts said the Plus offer will only be available to buy between October 1 and December 31.

As an added carrot, from January 1 the price of its vanilla DPML service is going to go up by an amount the company currently does not want to disclose.

Could ICANN reject Verisign’s $135m .web bid?

Kevin Murphy, September 21, 2016, Domain Registries

ICANN is looking into demands for it to throw out Verisign’s covert $135 million winning bid for the highly prized .web gTLD.

ICANN last week told the judge hearing Donuts’ .web-related lawsuit that it is “currently in the process of investigating certain of the issues raised” by Donuts through its “internal accountability mechanisms”.

Donuts is suing for $22.5 million, claiming ICANN should have forced Nu Dot Co to disclose that its .web bid was being secretly bankrolled by Verisign and alleging that the .com heavyweight used NDC as cover to avoid regulatory scrutiny.

ICANN’s latest filing (pdf), made jointly with Donuts, asked for an extension to October 26 of ICANN’s deadline to file a response to Donuts’ complaint.

It was granted, the second time the deadline has been extended, but the judge warned it was also the final time.

The referenced “internal accountability mechanism” would seem to mean the Cooperative Engagement Process — a low-formality bilateral negotiation — that Donuts and fellow .web bidder Radix initiated against ICANN August 2.

The filing states that the “resolution of certain issues in controversy may be aided by allowing [ICANN] to complete its investigation of [Donuts’] allegations prior to the filing of its responsive pleading.”

In other words, Donuts is either hopeful that ICANN may be able to resolve some of its complaints in the next month, or it’s not particularly impatient about the case progressing.

Meanwhile, fellow .web applicant Afilias has demanded for the second time that ICANN hand over .web to it, as the second-highest bidder, throwing out the NDC/Verisign application.

In a September 9 letter, published last night, Afilias told ICANN to “disqualify and reject” NDC’s application, alleging at least three breaches of ICANN rules.

Afilias says that by refusing to disclose Verisign’s support for its bid, NDC broke the rules and should have its application thrown out.

The company also confirmed on the public record for what I believe is the first time that it was the second-highest bidder in the July 27 auction.

Afilias would pay somewhere between $57.5 million and $71.9 million for the gTLD, depending on what the high bid of the third-placed applicant was.

In its new letter, Afilias says NDC broke the rule from the Applicant Guidebook that does not allow applicants to “resell, assign or transfer any of applicant’s rights or obligations in connection with the application”.

It also says that NDC was obliged by the AGB to notify ICANN of “changes in financial position and changes in ownership or control”, which it did not.

It finally says that Verisign used NDC as a front during the auction, in violation of auction rules.

“In these circumstances, we submit that ICANN should disqualify NDC’s bid and offer to accept the application of Afilias, which placed the second highest exit bid,” Afilias general counsel Scott Hemphill wrote (pdf).

Hemphill told ICANN to defer from signing a Registry Agreement with NDC or Verisign, strongly implying that Afilias intends to invoke ICANN accountability mechanisms (presumably meaning the Request for Reconsideration process and/or Independent Review Process).

While Afilias and Donuts are both taking issue with the secretive nature of Verisign’s acquisition of .web, they’re not necessarily fighting the same corner.

Donuts is looking for $22.5 million because that’s roughly what it would have received if the .web contention set had been resolved via private auction and $135 million had been the winning bid.

But Afilias wants the ICANN auction outcome to stand, albeit with NDC’s top bid rejected. That would mean Donuts, Radix, and the other applicants would still receive nothing.

There’s also the question of other new gTLD applications that have prevailed at auction and been immediately transferred to third-party non-applicants.

The most notable example of this was .blog, which was won by shell company Primer Nivel with secretive backing from WordPress maker Automattic.

Donuts itself regularly wins gTLD auctions and immediately transfers its contracts to Rightside under a pre-existing agreement.

In both of those cases, the reassignment deals predated, but were not disclosed in, the respective applications.

There’s the recipe here for a messy, protracted bun fight over .web, which should come as no surprise to anyone.