Latest news of the domain name industry

Recent Posts

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

Kevin Murphy, February 7, 2020, Domain Policy

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.

The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.

It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.

The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).

The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.

There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.

This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.

There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.

HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.

CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.

Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.

There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.

Naturally, the remaining applicants were not happy about this, and started to fight back.

The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.

That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.

The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.

Guess what? That got rejected too.

So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.

The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.

While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.

ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.

Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.

Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”

The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.

When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.

The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.

But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.

Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.

Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.

And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.

A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.

A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.

In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.

The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.

It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.

This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.

It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.

FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.

They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.

The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.

It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.

The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”

“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.

“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.

ICANN is yet to file its response to the complaint.

Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.

Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.

The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.

ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.

The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.

With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

Defunct Famous Four ordered to hand $1.5 million back to investors

Former domain registry manager Famous Four Media has been ordered to return money to investors that was being used as insurance against its portfolio of gTLDs going out of business.

In an April 18 ruling (pdf) from Gibraltar’s Supreme Court, FFM and its CEO Iain Roache are told that original investors Domain Venture Partners are the true owners what looks to be about $1.5 million being used to back letters of credit in ICANN’s name.

It’s a very complicated ruling, reflecting the complex structure of the FFM/DVP relationship. It wants for clarity in some areas, and is probably best suited to interpretation by a forensic accountant.

Nevertheless, I’ll give it a shot.

Basically, back in 2011 businessman Iain Roache recruited a bunch of international investors to join him in funding applications for 60 new gTLDs. The investment vehicle was and is called Domain Venture Partners.

Each application had an associated “bid vehicle”, essentially a Gibraltar-based shell company with names along the lines of Dot Science Ltd or Dot Accountant Ltd.

Those of the vehicles that were successful in their applications continue to be the official registry sponsors for 16 active gTLDs. They’re all owned by DVP.

Famous Four was a separate company, owned 80:20 by Roache and business partner Geir Rasmussen, hired by DVP to manage the business of actually selling domains.

For many years, myself and pretty much everybody else covering the domain name industry referred to FFM as if it was the owner of the TLDs, more or less interchangeably with DVP.

In fact, FFM was just a DVP contractor and behind the scenes DVP was growing increasingly unhappy with how the domains were being managed, DVP investor Robert Maroney told DI last August.

For about a year now, FFM has been in liquidation. DVP kicked it out of the registry management business and replaced it with a new company that it controls called GRS Domains, managed by a PricewaterhouseCoopers accountant called Edgar Lavarello.

Thirteen of the DVP bid vehicles sued Famous Four to claim ownership of, among other things, the money backing the so-called “Continuing Operations Instruments” that ICANN demanded from each new gTLD applicant.

The COI, usually a letter of credit from a big bank, were used to give ICANN the confidence that new gTLD domain registrants would not be affected by dodgy registries going out of business and their domains immediately going dark. The money would fund ongoing technical operations for a few years, giving registrants time to find a new home for their web sites.

In this case, Famous Four’s liquidator refused to agree that the money backing the COIs was rightfully DVP’s.

What seems to have happened is that in mid-2016 the DVP letters of credit were hastily switched from Credit Suisse to Barclays, after Credit Suisse closed down its Gibraltar branch.

There was a period in which both sets of LoCs were active, in order to remain compliant with ICANN’s rule that there must be an active COI at all times.

The original Credit Suisse LoCs had been funded by DVP, but the Barclays LoCs were funded by FFM, or quite possibly Roache himself, to the tune of about $1.5 million.

FFM was then repaid by the return of the money backing the Credit Suisse LoCs, when those LoCs were closed, according to Chief Justice Anthony Dudley’s ruling.

After the switch of banks, the LoCs were no longer in the names of the DVP bid vehicles; they belonged to FFM. The money DVP put up to originally secure the COIs was now in FFM’s control.

Dudley now seems to have ruled that FFM now owes DVP this money back, and that the liquidator, Grant Jones of Simmons Gainsford, was wrong to withhold it.

In fact, the judge has some quite stern words for Jones, saying that he was “wholly inappropriate” when he temporarily turned over his responsibilities as liquidator to Roache and his law firm. Dudley wrote:

It may be that it arises as a consequence of the Liquidator having limited funds with which to engage in litigation. But whatever the reason, the position adopted by the liquidator of FFM in these proceedings has been unusual and certainly capable of being construed as running counter to the fundamental principle of objectivity required of a Liquidator, now codified in the Insolvency Practitioner Regulations 2014. Rather than formulate his own view (or as urged by me at a preliminary hearing seek his own independent legal advice) by letter dated 1 March 2019 GJ sought to abrogate his responsibility and authorised IR and JSF to act on behalf of FFM

That aside, the main piece of evidence that appears to have caused Dudley to side with DVP was a set of emails from Famous Four chief legal officer Oliver Smith to DVP investors that were sent at the time the LoCs were switching banks.

Smith confirmed in one of these emails that FFM was basically just acting as a conduit for DVPs bid vehicles, which by that point were operational registries.

The judge noted that the Smith email that confirmed this was submitted in evidence by Lavarello and Maroney only after Roache had submitted the rest of the thread, excluding this email, in his own evidence.

Dudley ruled that the DVP companies should get what they asked for, namely the funds associated with the LoCs. It’s not entirely clear from his ruling how much this is, but by my reading it’s around the $1.5 million mark.

The liquidation, which is ongoing, is to the best of my knowledge unrelated to the still unexplained demise of AlpNames, the registrar and close FFM partner also owned by Roache and Rasmussen.

Finally, a disclaimer.

Because I’ve already had one spurious legal threat related to my ongoing coverage of Famous Four’s demise, and don’t really need the arseache of any more, I’m going to state unequivocally for the record that I’m not alleging any wrongdoing by anyone.

If I’ve got anything wrong, as always I will gladly issue a correction. Just ask, and show your working. No need to sic the lawyers on me.

You can read the judge’s decision (pdf) and decide for yourself what’s been going on.

Rumors swirl as AlpNames suffers “days” of downtime

Kevin Murphy, March 12, 2019, Domain Registrars

The web site of controversial registrar AlpNames has been offline for “days”, and rumors have started to circulate that it might not just a technical problem.

At time of writing, alpnames.com resolves to a Cloudflare error page, warning that the AlpNames web server has an invalid SSL certificate. Cloudflare may also show an ugly, bare-bones cached version of the site.

This means that AlpNames customers are unable to log in to manage their domains, according to threads on Namepros and Reddit, and conversations I’ve had with some of those affected.

It’s said that customers are able to manage their domains by logging in directly to LogicBoxes, AlpNames’ registrar-in-a-box provider, but I’ve been unable to personally verify this.

AlpNames is believed to have almost 700,000 names under management, double the size it was last June but well below its peak, at the height of its deep-discounting period in 2017, of over three million.

It’s not known how many individual registrants are affected. The company tends to attract what one might charitably call “bulk-buyers”, so it will be substantially lower than the number of registered domains.

It’s also not entirely clear when the web site went down. It’s not been loading here for at least 12 hours, but the first reference to downtime on Namepros was on Sunday. Multiple other sources have told me today that it’s been unavailable “for a few days”.

A separate AlpNames-owned web site focused on marketing .icu domains to the Chinese market is still online.

But it seems a lot of AlpNames customers have been left hanging in uncertainty, unsure how or when they will be able to manage their domains.

I’ve been unable to reach any of AlpNames’ senior executives for comment on the situation today.

An email sent to CEO Iain Roache this morning, at the address he was using in December, bounced back with a “disabled account” error message. I have received no response to messages I sent to two other email addresses he is known to use.

I understand that fellow AlpNames exec Geir Rasmussen who, with Roache, was enthusiastically pitching grand plans for AlpNames as recently as October, is no longer with the company.

Chief operating officer Damon Barnard also left the company last October and ceased work as a director around the same time.

Records show the salesperson due to represent AlpNames at this week’s ICANN 64 meeting in Japan did not show up and is believed to have also left the company in January.

The company’s Twitter and Facebook accounts, which are not usually particularly active anyway, have not yet addressed the downtime problem.

If it is simply a case of an expired or misconfigured SSL cert, why is it taking so long to fix, and why has there been radio silence from AlpNames?

Opponents and competitors are putting the word around that there may be a more serious problem with the company, but I’ve not seen any conclusive evidence that this is the case.

It’s possible there’s some confusion between AlpNames and Famous Four Media, the now-defunct Roache/Rasmussen venture that managed the portfolio of new gTLDs owned by Domain Venture Partners, an investment vehicle set up by Roache prior to ICANN’s 2012 gTLD application round.

DVP is no longer affiliated with AlpNames and its gTLDs are managed by a new DVP-controlled entity, GRS Domains, after an investor revolt.

Famous Four is DEAD! New registry promises spam crackdown

Kevin Murphy, August 7, 2018, Domain Registries

Famous Four Media’s portfolio of gTLD registries is now under the control of a new company, Global Registry Services Ltd, which has promised to abandon its failed penny-domain strategy and crack down on spam.

(August 9 update: This article contains some incorrect assumptions and speculation. Please read this follow-up piece for clarifications.)

The company, which goes by the name GRS Domains, told registrars yesterday that FFM’s 16 gTLDs are now “controlled by the same parties that control Domain Venture Partners PCC Limited, and are no longer under the management of FFM.”

DVP also owned FFM, so it’s not clear how big of a deal this restructuring is from a management point of view.

My sense is that there’s not really been a substantial change, but it’s certainly more than a simple rebranding exercise.

I’ve learned that DVP was placed into administration under the Insolvency Act back in April, with management of the TLDs handed to a PricewaterhouseCoopers administrator, more or less as I speculated in June.

The TLDs affected are: .loan, .win, .men, .bid, .stream, .review, .trade, .date, .party, .download, .science, .racing, .accountant, .faith, .webcam and .cricket.

GRS told registrars:

Moving forward there are several changes being made with regard to the overall strategy of the portfolio of gTLDs, the main one being a change to a “quality over quantity” ethos and focusing on working with our Registrar Partners to sharply reduce abuse and spam registrations.

As such, all of its current pricing promotions will end August 20 and a “much more transparent and sensible pricing strategy” will come into play.

That means a wholesale reg fee of $9.98 across the board, at least until February 2019.

GRS also plans to take a lot of its lower-priced reserved “premium” names out of the premium program altogether, and to reprice “a considerable portion” of the more expensive ones.

Finally, the company, not known to attend ICANN meetings in the past, said it plans to show up at the Barcelona meeting in October to formally relaunch itself.

Famous Four has become notorious over the last few years for its deep-discounted TLDs, which have become a haven for spammers who want to register large numbers of super-cheap, throwaway domains.

As such, its gTLDs’ volumes have been huge — many racking up hundreds of thousands of names — but their renewals poor and their reputation worse.

If GRS’ new strategy is effective, we’re almost certainly going to see the industry-wide overall number of active new gTLD domains tank over the next year or so, giving more ammunition to those who think the new gTLD program was a huge waste of effort.

It could also have an impact on ICANN’s budget — no matter how cheap FFM sold its names, it still had to pay its ICANN fees on a per-domain basis. Fewer domains equals less money in ICANN’s coffers. FFM’s registries paid over $1.6 million in ICANN fees in the organization’s fiscal 2017.

While GRS is now apparently “controlled by the same parties that control Domain Venture Partners PCC Limited”, it’s not abundantly clear to me whether that’s the same people who’ve been running FFM for the last eight years.

DVP has not immediately responded to a request for comment today.

The DVP web site has not resolved in months. The new grs.domains site doesn’t name anyone, and the NIC sites for the gTLDs in the portfolio only identify a PwC bankruptcy accountant as the primary contact.

All the companies in question are based in tax haven Gibraltar, which isn’t particularly forthcoming about identifying company directors, partners or owners.

DVP’s directors were originally Adrian Hogg, Charles Melvin, Iain Roache, Douglas Smith, Peter Young, Joseph Garcia and a company called Domain Management II (itself chaired by Roache), according to an investor presentation (pdf) DI obtained back in 2013.

I believe Melvin at least, after a legal dispute with the others, is no longer involved.

And it appears that DVP is or was in fact in administration.

I noted back in June that the 16 gTLDs were now all being administered by PwC accountant Edgar Lavarello, and wondered aloud whether this meant FFM was bankrupt.

Today I obtained (read: paid an extortionate sum for) a Gibraltar court order dated April 23 putting DVP into administration under the Insolvency Act and appointing PwC as the administrator.

The application had been made by an investor called Christina Mattin and fellow investor Braganza, a private vehicle owned by a wealthy Scandinavian family, which was (at least last year) a 10% owner.

Other named investors the court heard from were the mysterious Liechtenstein-based Rennes Foundation, something called Northern Assets Investments Limited and Dutch multimillionaire Francis Claessens.

Overall, it smells a bit to me like DVP’s principals, having seen their previous venture put out of business by disgruntled investors, have snapped up its assets and are going to try to make a second go of running the business.

As for FFM? Well, it looks rather like we won’t be hearing that name again.

UPDATE: This article was updated several hours after it was originally posted to clarify that DVP was/is “in administration”.