ICANN ordered to freeze .hotel after “serious questions” about trade secrets “theft”

ICANN has been instructed to place the proposed .hotel gTLD in limbo after four applicants for the string raised “sufficiently serious questions” that ICANN may have whitewashed the “theft” of trade secrets.

The order was handed down last month by the emergency panelist in the Independent Review Process case against ICANN by claimants Fegistry, MMX, Radix and Domain Ventures Partners.

Christopher Gibson told ICANN to “maintain the status quo” with regards the .hotel contention set, meaning currently winning applicant Hotel Top Level Domain, which is now owned by Afilias, won’t get contracted or delegated until the IRP is resolved.

At the core of the decision (pdf) is Gibson’s view that the claimants raised “sufficiently serious questions related to the merits” in allegations that ICANN mishandled and acted less than transparently in its investigation into a series of data breaches several years ago.

You may recall that ICANN seriously screwed up its new gTLD application portal, configuring in such a way that any applicant was able to search for and view the confidential data, including financial information such as revenue projections, of any other competing applicant.

Basically, ICANN was accidentally publishing applicants’ trade secrets on its web site for years.

ICANN discovered the glitch in 2015 and conducted an audit, which initially fingered Dirk Krischenowski — who at time was the half-owner of a company that owned almost half of HTLD as well as a lead consultant on the bid — as the person who appeared to have accessed the vast majority of the confidential data in March and April 2014.

ICANN did not initially go public with his identity, but it did inform the affected applicants and I managed to get a copy of the email, which said he’d downloaded about 200 records he shouldn’t have been able to access.

It later came to light that Krischenowski was not the only HTLD employee to use the misconfiguration to access data — according to ICANN, then-CEO of HTLD Katrin Ohlmer and lawyer Oliver Süme had too.

HTLD execs have always denied any wrongdoing, and as far as I know there’s never been any action against them in the proper courts. Krischenowski has maintained that he had no idea the portal was glitched, and he was using it in good faith.

Also, neither Ohlmer nor Krischenowski are still involved with HTLD, having been bought out by Afilias after the hacking claims emerged.

These claims of trade secret “theft” are being raised again now because the losing .hotel applicants think ICANN screwed up its probe and basically tried to make it go away out of embarrassment.

Back in August 2016, the ICANN board decided that demands to cancel the HTLD application were “not warranted”. Ohlmer barely gets a mention in the resolution’s rationale.

The losing applicants challenged this decision in a Request for Reconsideration in 2016, known as Request 16-11 (pdf). In that request, they argued that the ICANN board had basically ignored Ohlmer’s role.

Request 16-11 was finally rejected by the ICANN board in January last year, with the board saying it had in fact considered Ohlmer when making its decision.

But the IRP claimants now point to a baffling part of ICANN’s rationale for doing so: that it found “no evidence that any of the confidential information that Ms. Ohlmer (or Mr. Krischenowski) improperly accessed was provided to HTLD”.

In other words, ICANN said that the CEO of the company did not provide the information that she had obtained to the company of which she was CEO. Clear?

Another reason for brushing off the hacking claims has been that HTLD could have seen no benefit during the application process by having access to its rivals’ confidential data.

HTLD won the contention set, avoiding the need for an auction, in a Community Priority Evaluation. ICANN says the CPE was wholly based on information provided in its 2012 application, so any data obtained in 2014 would have been worthless.

But the losing applicants say that doesn’t matter, as HTLD/Afilias still have access to their trade secrets, which could make the company a more effective competitor should .hotel be delegated.

This all seems to have been important to Gibson’s determination. He wrote in his emergency ruling (pdf) last month:

The Emergency Panelist determines that Claimants have raised “sufficiently serious questions related to the merits” in in relation to the Board’s denial of Request 16-11, with respect to the allegations concerning the Portal Configuration issues in Request 16-11. This conclusion is made on the basis of all of the above information, and in view of Claimants’ IRP Request claim that ICANN subverted the investigation into HTLD’s alleged theft of trade secrets. In particular, Claimants claim that ICANN refused to produce key information underlying its reported conclusions in the investigation; that it violated the duty of transparency by withholding that information; that the Board’s action to ignore relevant facts and law was a violation of Bylaws; and further, to extent the BAMC and/or Board failed to have such information before deciding to disregard HTLD’s alleged breach, that violated their duty of due diligence upon reasonable investigation, and duty of independent judgment.

The Emergency Panelist echoes concerns that were raised initially by the Despegar IRP Panel regarding the Portal Configuration issues, where that Panel found that “serious allegations” had been made188 and referenced Article III(1) of ICANN’s Bylaws in effect at that time, but declined to make a finding on those issues, indicating “that it should remain open to be considered at a future IRP should one be commenced in respect of this issue.” Since that time, ICANN conducted an internal investigation of the Portal Configuration issues, as noted above; however, the alleged lack of disclosure, as well as certain inconsistencies in the decisions of the BAMC and the Board regarding the persons to whom the confidential information was disclosed and their relationship to, or position with HTLD, as well as ICANN’s decision to ultimately rely on a “no harm no foul” rationale when deciding to permit the HTLD application to proceed, all raise sufficiently serious questions related to the merits of whether the Board breached ICANN’s Article, Bylaws or other polices and commitments.

It’s important to note that this is not a final ruling that ICANN did anything wrong, it’s basically the ICANN equivalent of a ruling on a preliminary injunction and Gibson is saying the claimants’ allegations are worthy of further inquiry.

And the ruling did not go entirely the way of the claimants. Gibson in fact ruled against them on most of their demands.

For example, he said their was insufficient evidence to revisit claims that a review of the CPE process carried out by FTI Consulting was a whitewash, and he refused to order ICANN to preserve documentation relating to the case (though ICANN has said it will do so anyway).

He also ruled against the claimants on a few procedural issues, such as their demands for an Ombudsman review and for IRP administrator the International Center for Dispute Resolution to recuse itself.

Some of their claims were also time-barred under ICANN’s equivalent of the statute of limitations.

But ICANN will be prevented from contracting with HTLD/Afilias for now, which is a key strategic win.

ICANN reckons the claimants are just using the IRP to try to force deep-pocketed Afilias into a private auction they can be paid to lose, and I don’t doubt there’s more than a grain of truth in that claim.

But if it exposes another ICANN cover-up in the process, I for one can live with that.

The case continues…

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.
The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.
It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.
The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).
The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.
There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.
This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.
There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.
HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.
CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.
Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.
There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.
Naturally, the remaining applicants were not happy about this, and started to fight back.
The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.
That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.
The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.
Guess what? That got rejected too.
So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.
The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.
While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.
ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.
Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.
Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”
The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.
When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.
The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.
But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.
Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.
Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.
And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.
A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.
A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.
In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.
The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.
It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.
This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.
It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.
FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.
They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.
The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.
It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.
The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”
“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.
“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.
ICANN is yet to file its response to the complaint.
Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.
Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.
The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.
ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.
The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.
With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

ICANN strikes back at “offensive” .gay bidder

ICANN has responded harshly to claims that a probe of its handling of applications for the .gay gTLD was fixed from the outset.
Writing to dotgay LLC lawyer Arif Ali this week, ICANN lawyer Kate Wallace said claims that the investigation “had a pre-determined outcome in mind” were “as offensive as they are baseless”.
FTI Consulting gave ICANN the all-clear in January, dismissing allegations that ICANN staff had interfered with Community Priority Evaluations of .gay and other gTLDs conducted by the Economist Intelligence Unit.
But dotgay quickly responded by calling the FTI report a “whitewash”, saying “a strong case could be made that the purported investigation was undertaken with a pre-determined outcome in mind.”
Now, in an unusually pointed letter (pdf) Wallace calls dotgay out for its “insulting” implications.

While dotgay LLC may have preferred a different evaluation process and may have desired a different outcome, that is not evidence that FTI undertook its investigation “with a pre-determined outcome in mind.”
Your accusations in this regard are as offensive as they are baseless. The Board initiated the CPE Process Review in its oversight role of the New gTLD Program to provide greater transparency into the CPE process. There was no pre-determined outcome in mind and FTI was never given any instruction that it was expected to come to one conclusion over another.
…
Your assertions that FTI would blatantly violate best investigative practices and compromise its integrity is insulting and without any support, and ICANN rejects them unequivocally.

Wallace works for ICANN outside counsel Jones Day — which contracted with FTI for the investigation — but states that she is writing at the behest of the ICANN board of directors.
The board “is in the process of considering the issues” raised by Ali and gay rights expert lawyer William Eskridge, she wrote.
The board’s agendas for next week’s ICANN 61 public meeting in Puerto Rico have not yet been published.
dotgay wants to avoid a costly (or lucrative) auction against other .gay applicants by gaining “community” status, but it failed its CPE in 2014, largely because its definition of “gay” over-stretches, and has been appealing the decision ever since.

Economist would sue ICANN if it publishes private emails

The Economist Intelligence Unit has threatened to sue ICANN if it publishes emails related to its evaluations of “community” gTLDs.
That’s according to a document published by ICANN this week, in which the organization refused to reveal any more information about a controversial probe into the Community Priority Evaluations the EIU conducted on its behalf.
EIU “threatened litigation” should ICANN publish emails sent between the two parties, the document states.
New gTLD applicant DotMusic, which failed its CPE for .music but years later continues to fight for the decision to be overturned, filed a Documentary Information Disclosure Policy request with ICANN a month ago.
DIDP is ICANN’s equivalent of a Freedom of Information Act.
DotMusic’s request among many other items sought the release of over 100,000 emails, many sent between ICANN and the EIU, that ICANN had provided to FTI Consulting during FTI’s investigation into whether the CPEs were fair, consistent and absent ICANN meddling.
But in its response this week, ICANN pointed out that its contract with EIU, its “CPE Provider”, has confidentiality clauses:

ICANN organization endeavored to obtain consent from the CPE Provider to disclose certain information relating to the CPE Process Review, but the CPE Provider has not agreed to ICANN organization’s request, and has threatened litigation should ICANN organization breach its contractual confidentiality obligations. ICANN organization’s contractual commitments must be weighed against its other commitments, including transparency. The commitment to transparency does not outweigh all other commitments to require ICANN organization to breach its contract with the CPE Provider.

DotMusic’s DIDP sought the release of 19 batches of information, which it hopes would bolster its case that both the EIU’s original reviews and FTI’s subsequent investigation were flawed, but all requests were denied by ICANN on various grounds.
In more than one instance, ICANN claims attorney-client privilege under California law, as it was actually ICANN’s longstanding law firm Jones Day, rather than ICANN itself, that contracted with FTI.
The FTI report cleared ICANN of all impropriety and said the EIU’s CPE process had been consistent across each of the gTLD applications it looked at.
The full DIDP request and response can be found here.
ICANN has yet to make a decision on .music, along with .gay, .hotel, .cpa, and .merck, all of which were affected by the CPE reviews.

dotgay lawyer insists it is gay enough for .gay gTLD

What do Airbnb, the Stonewall riots and the 2016 Orlando nightclub shooting have in common?
They’re all cited in a lengthy, somewhat compelling memo from a Yale law professor in support of dotgay LLC’s argument that it should be allowed to proceed with its .gay gTLD application unopposed by rival applicants.
The document (pdf), written by William Eskridge, who has decades of publications on gay rights under his belt, argues that dotgay’s Community Priority Evaluation and the subsequent review of that evaluation were both flawed.
At the crux of the dispute is whether the word “gay” can also be used to describe people who are transgender, intersex, and “allied” straight — dotgay says it can, but the Economist Intelligence Unit, which carried out the CPE, disagreed.
dotgay scored 10 out of 16 points on its CPE, four shy of a passing grade. An acceptance of dotgay’s definition of the “gay” community could have added 1 to 4 extra points to its score.
The company also lost a point due to an objection from a gay community center, despite otherwise broad support from gay-oriented organizations.
Eskridge spends quite a lot of time on the history of the word “gay”, from Gertrude Stein and Cary Grant using it as a wink-wink code-word in less-tolerant times, via the 1969 Stonewall riots, to today’s use in the media.
The argument gets a bit grisly when it is pointed out that some of the 49 people killed in the 2016 mass shooting at the Pulse nightclub in Orlando, Florida — routinely described as a “gay” club in the media — were either transgender or straight.

My research associates and I read dozens of press and Internet accounts of this then-unprecedented mass assault by a single person on American soil. Almost all of them described Pulse as a “gay bar,” the situs for the gay community. But, like the Stonewall thirty-seven years earlier, Pulse was a “gay bar” and a “gay community” that included lesbians, bisexual men and women, transgender persons, queer persons, and allies, as well as many gay men.

Eskridge argues that EIU erred by applying an overly strict definition of the applied-for string with dotgay, but not with successful community applicants for other strings.
For example, he argues, a manufacturer of facial scrubs would qualify for a “.spa” domain, and Airbnb and the Orient Express train line would qualify for “.hotel” domains under that applicant’s definition of its community, even though it could be argued that they do not fit into the narrow categories of “spas” and “hotels”.
Similarly, a transgender person may not consider themselves “gay” and a straight person certainly would not, but both might feel a part of the broader “gay community” when they get shot at a gay nightclub.
It’s an unpleasant way to frame the argument, but in my view it’s compelling nevertheless.
Eskridge also thinks that dotgay should have picked up an extra point or two in the part of the CPE dealing with community support.
It dropped one point there because the Q Center, a community center for LGBTQ people in Portland, Oregon, sent a letter objecting to the dotgay application (an objection apparently later revoked, then reinstated).
Eskridge spend some time questioning the Q Center’s bona fides as a big-enough organization to warrant costing dotgay a point, noting that it was the only member of a 200-strong umbrella organization, CenterLink, to object. CenterLink itself backed the bid.
He then goes on to cite articles seemingly showing that Q Center was in the midst of some kind of liberal paranoia meltdown — accused of racial insensibility and “transphobia” — and allegations of mismanagement at about the same time as it was objecting to dotgay’s application.
He also insinuates that Q’s base in Portland is suspicious because it’s also where rival applicant Top Level Design is based.
In summary, Eskridge reckons the EIU CPE and FTI Consulting’s subsequent investigation were both flimsy in their research, unfairly applying criteria to .gay that they did not apply to other strings, and that dotgay should have picked up enough points to pass the CPE.
It’s important to remember that this is not a case of ICANN getting decide whether the gTLD .gay gets to exist — it’s going to exist one way or the other — but rather whether the winning registry is selected by auction or not.
If dotgay wins either by getting another CPE or winning the auction then .gay will be restricted to only vetted members of the “gay” community. This could mean less homophobic abuse in .gay domains but probably also less opportunity for self expression.
If it goes to Top Level Design, MMX or Donuts, it will be open to all comers. That could increase cyber-bulling with .gay domains, but would remove barriers to entry to those who would otherwise be excluded from registering a domain.
ICANN has had .gay on hold for years while the dispute over the CPE has worked itself out, and it now has a piece of paper from FTI declaring the result hunky-dory. I doubt there’s any appetite to reopen old wounds.
My feeling is that we’re looking at an auction here.

CPE probe: “whitewash” or “fig leaf”?

A few weeks ago, when I was reporting the conclusions of a probe into ICANN’s new gTLD program, I wrote a prediction on a piece of paper and placed it into a sealed envelope.*
I wrote: “They’re gonna call this a whitewash.”
And I was correct! Ta-dah! I’m here all week.
The lawyer for applicants for .music and .gay gTLDs has written to ICANN to complain that a purportedly independent review of the Community Evaluation Process was riddled with errors and oversights and should not be trusted.
In a letter on behalf of dotgay LLC, Arif Ali calls the report a “whitewash”. In a letter on behalf of DotMusic, he calls it a “fig leaf”.
Both companies think that the CPE probe was designed to give ICANN cover to proceed with auctions for five outstanding gTLD contention sets, rather than to get to the bottom of perceived inconsistencies in the process.
Both of Ali’s clients applied for their respective gTLDs as “community” applicants, trying to avoid auctions by using the Community Priority Evaluation process.
During their CPEs, both carried out by the Economist Intelligence Unit, neither applicant scored highly enough to win the exclusive right to .gay or .music, meaning the next stage was to auction the strings off to the highest bidder.
After repeated complaints from applicants and an Independent Review Process finding that ICANN lacked transparency and that staff may have had inappropriate influence over the EIU, ICANN hired FTI Consulting to look into the whole CPE process.
FTI’s report was finally delivered late last year, clearing ICANN on all counts of impropriety and finding that the EIU’s evaluations had been consistent across each of the applications it looked at.
The remaining gTLDs affected by this are .music, .gay, .hotel, .cpa, and .merck.
ICANN’s board of directors is due to meet to discuss next steps this weekend, but Ali says that it should “critically evaluate the [FTI] Report and not accept its wholesale conclusions”. He wrote, on behalf of DotMusic:

The report reveals that FTI’s investigation was cursory at best; its narrow mandate and evaluation methodology were designed to do little more than vindicate ICANN’s administration of the CPE process.
…
It is evident that FTI engaged in a seemingly advocacy-driven investigation to reach conclusions that would absolve ICANN of the demonstrated and demonstrable problems that afflicted the CPE process.

Among the applicants’ list of complaints: their claim that FTI did not interview affected applicants or take their submissions seriously, and the fact that ICANN was less than transparent about who was conducting the probe and what its remit was.
The same letter quotes ICANN chair Cherine Chalaby, then vice-chair, saying in a January 2017 webinar that he had observed inconsistencies in how the CPEs were carried out; inconsistencies FTI has since found did not occur.
That should be enough to provoke discussion when the board meets to discuss this and other issues in Los Angeles on Saturday.
* I didn’t actually do this of course, I just thought about it, but you get my point.

.music and .gay possible in 2018 after probe finds no impropriety

Five more new gTLDs could see the light of day in 2018 after a probe into ICANN’s handling of “community” applications found no wrongdoing.
The long-running investigation, carried out by FTI Consulting on ICANN’s behalf, found no evidence to support suspicions that ICANN staff had been secretly and inappropriately pulling the strings of Community Priority Evaluations.
CPEs, carried out by the Economist Intelligence Unit, were a way for new gTLD applicants purporting to represent genuine communities to avoid expensive auctions with rival applicants.
Some applicants that failed to meet the stringent “community” criteria imposed by the CPE process appealed their adverse decisions and an Independent Review Process complaint filed by Dot Registry led to ICANN getting crucified for a lack of transparency.
While the IRP panel found some hints that ICANN staff had been nudging EIU’s arm when it came to drafting the CPE decisions, the FTI investigation has found:

there is no evidence that ICANN organization had any undue influence on the CPE Provider with respect to the CPE reports issued by the CPE Provider or engaged in any impropriety in the CPE process.

FTI had access to emails between EIU and ICANN, as well as ICANN internal emails, but it did not have access to EIU internal emails, which EIU declined to provide. It did have access to EIU’s internal documents used to draft the reports, however.
Its report states:

Based on FTI’s review of email communications provided by ICANN organization, FTI found no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process. FTI found that the vast majority of the emails were administrative in nature and did not concern the substance or the content of the CPE results. Of the small number of emails that did discuss substance, none suggested that ICANN acted improperly in the process.

FTI also looked at whether EIU had applied the CPE rules consistently between applications, and found that it did.
It also dug up all the sources of information EIU used (largely Google searches, Wikipedia, and the web pages of relevant community groups) but did not directly cite in its reports.
In short, the FTI reports very probably give ICANN’s board of directors cover to reopen the remaining affected contention sets — .music, .gay, .hotel, .cpa, and .merck — thereby removing a significant barrier to the gTLDs getting auctioned.
If there were to be no further challenges (which, admittedly, seems unlikely), we could see some or all of these strings being sold off and delegated this year.
The probe also covered the CPEs for .llc, .inc and .llp, but these contention sets were resolved with private auctions last September after applicant Dot Registry apparently decided it couldn’t be bothered pursuing the ICANN process any more.
The FTI’s reports can be downloaded from ICANN.

.music and .gay CPE probe could end this month

An ICANN-commissioned investigation into the fairness of its Community Priority Evaluation process for new gTLDs could wind up before the end of June.
In an update Friday, ICANN also finally revealed who is actually conducting the probe, which has been slammed by affected applicants for being secretive.
A tentative timeline sketched out in the update means applicants for gTLDs including .gay and .music could find their applications closer to release from limbo in just a few weeks.
ICANN revealed that FTI Consulting’s Global Risk and Investigations Practice and Technology Practice have been looking into claims ICANN staff meddled in the Economist Intelligence Unit’s supposedly independent CPE reviews for the last several months.
FTI is reviewing how ICANN staff interacted with the EIU during the CPE processes, how the EIU conducted its research and whether the EIU applied the CPE criteria uniformly across different gTLDs.
ICANN said that FTI finished collected material from ICANN in March and hopes to have all the information it has asked the EIU for by the end of this week.
It could deliver its findings to ICANN two weeks after that, ICANN said.
Presumably, there would be little to prevent ICANN publishing these findings very shortly thereafter.
ICANN has been harangued by some of the applicants for .music, .gay, hotel, .cpa, .llc, .inc, .llp and .merck, all of which have been affected by controversial CPE decisions and have been delayed by the investigation, for months.

.gay, .music and others in limbo as ICANN probes itself

Several new gTLD applicants have slammed ICANN for conducting an investigation into its own controversial practices that seems to be as opaque as the practices themselves.
Seven proposed new gTLDs, including the much-anticipated .music and .gay, are currently trapped in ICANN red tape hell as the organization conducts a secretive probe into how its own staff handled Community Priority Evaluations.
The now broad-ranging investigation seems have been going on for over six months but does not appear to have a set deadline for completion.
Applicants affected by the delays don’t know who is conducting the probe, and say they have not been contacted by anyone for their input.
At issue is the CPE process, designed to give genuine “community” gTLD applicants a way to avoid a costly auction in the event that their choice of string was contested.
The results of the roughly 25 CPE decisions, all conducted by the independent Economist Intelligence Unit, were sometimes divergent from each other or just baffling.
Many of the losers complained via ICANN’s in-house Requests for Reconsideration and then Independent Review Process mechanisms.
One such IRP complaint — related to Dot Registry’s .inc, .llc, .llp applications — led to two of the three-person IRP panel deciding last July that ICANN had serious questions to answer about how the CPE process was carried out.
While no evidence was found that ICANN had coached the EIU on scoring, it did emerge that ICANN staff had supplied margin notes to the supposedly independent EIU that had subsequently been incorporated into its final decision.
The IRP panel majority wrote that the EIU “did not act on its own in performing the CPEs” and “ICANN staff was intimately involved in the process”.
A month or so later, the ICANN board of directors passed a resolution calling for the CEO to “undertake an independent review of the process by which ICANN staff interacted with the CPE provider”.
Another month later, in October, the Board Governance Committee broadened the scope of the investigation and asked the EIU to supply it with documents it used to reach its decisions in multiple controversial CPE cases.
A couple of weeks ago, BGC chair Chris Disspain explained all this (pdf) to the applicants for .music, .gay, hotel, .cpa, .llc, .inc, .llp and .merck, all of which are affected by the delay caused by the investigation.
He said that the investigation would be completed “as soon as practicable”.
But in response, Dot Registry and lawyers for fellow failed CPE applicant DotMusic have fired off more letters of complaint to ICANN.
(UPDATE: Dot Registry CEO Shaul Jolles got in touch to say his letter was actually sent before Disspain’s, despite the dates on the letters as published by ICANN suggesting the opposite).
Both applicants note that they have no idea who the independent party investigating the CPEs is. That’s because ICANN hasn’t identified them publicly or privately, and the evaluator has not contacted the applicants for their side of the story.
DotMusic’s lawyer wrote (pdf):

DotMusic’s rights are thus being decided by a process about which it: (1) possesses minimal information; (2) carried out by an individual or organization whose identity ICANN is shielding; (3) whose mandate is secret; (4) whose methods are unknown; and (5) whose report may never be made public by ICANN’s Board.

He added, pointedly:

The exclusion of directly affected parties from participation eerily reproduces the shortcomings of the EIU evaluations that are under scrutiny in the first place.

Dot Registry CEO Shaul Jolles, in his letter (pdf), quoted Disspain saying at a public forum in Copenhagen this March that a blog post addressing the concerns had been drafted and would be published “shortly”, but wasn’t.
He suggested the investigation is “smoke and mirrors” and, along with DotMusic, demanded more information about the investigator’s identity and methods.
It does strike me as a looking a bit like history repeating itself: ICANN comes under fire for non-transparently influencing a supposedly independent review and addresses those criticisms by launching another non-transparent supposedly independent review.
No matter what I feel about the merits of the “community” claims of some of these applicants, it has been over five years now since they submitted their applications and the courtesy of transparency — if closure itself its not yet possible — doesn’t seem like a great deal to ask.

Spurned applicant crowd-funding to fight ICANN for .gay gTLD

The community-driven applicant for .gay is attempting to raise hundreds of thousands of dollars via crowd-funding to challenge a series of adverse decisions that look set to lock it out of running the gTLD.
Alongside the fundraising, dotgay LLC has launched an extraordinary broadside at its frustrators, accusing ICANN of “discrimination” and rival applicants of trying to “exploit” the gay community.
The company wants to raise $360,000 via this Generosity.com page, “to challenge decisions that have stalled community efforts for .GAY.”
Although the campaign has been running for 23 days, so far only three people (including a former employee) have donated a total of $110.
Given the vast number of LGBTQIA organizations that have lent their support to dotgay, I can only assume a lack of publicity is to blame for the $359,890 shortfall.
A five-minute video announcing the campaign has been on YouTube since August 3, but at time of writing has only been viewed 100 times.
In the video, embedded below, dotgay says that only it can properly represent the LGBTQIA (Lesbian, Gay, Bisexual, Transgender, Queer, Intersex and Ally) community.

ICANN is dividing the community by accepting the Economist Intelligence Unit’s decision that the company should fail its Community Priority Evaluation (largely because the TQIA are not necessarily “gay”), the video voiceover suggests.

This is an old game that highlights how LGBTQIA continue to be disadvantaged and discriminated against. If .gay is not recognized as a community domain, ICANN will simply auction the namespace to the highest bidder and pocket the proceeds. If ICANN assigns to the right to operate the registry for .gay to a company seeking to exploit it for profit — very possibly without community participation in policy development for the domain, or taking into consideration LGBTQIA interests and concerns — the community will have no assurances .gay will be s safe space on the internet… In the end, ICANN and the three other applicants for the .gay domain have shown no respect for the global gay community’s wishes.

Neither the video not the crowdfunding page specify exactly what the $360,000 would be used for.
However, in order to challenge the CPE decision(s) against it, a lawsuit or an Independent Review Process — either of which could wind up costing over a million dollars — would be the most usual avenues of attack.
Perhaps eager to avoid the possibility of a legal challenge, the three other applicants — Minds + Machines, Rightside and Top Level Design — this week wrote to ICANN to demand a hasty resolution of the long-running saga.
Writing on behalf of all three, Rightside VP Statton Hammock wrote (pdf):

It has been more than FOUR years since the Applicants filed their applications for .GAY. Since this time long ago, dotGay has filed THREE community objections, one against each of the Applicants; TWO community priority applications, ONE Independent Review Panel request (later withdrawn) and ONE motion for reconsideration with the BGC which has been carefully considered by the members of that Committee and found insufficient to be granted. In total dotGay has had SIX “bites of the apple” and has been unsuccessful each time… It is simply time for the Board to affirm these decisions and allow the .GAY applications to proceed to contention set resolution.

The ICANN board had been due to consider dotgay’s latest Request for Reconsideration at at a meeting August 9, but the agenda item was removed, the letter notes. The applicants called on the board to meet again soon to make a decision.
After the board processes the RfR, .gay would presumably go to auction. Whether the auction resulted in ICANN pocketing the cash (as dotgay claims) or being distributed between the three losing applicants remains to be seen.
Whether the auction is public or private, the crowdfunding campaign strongly suggests that dotgay does not currently have the resources to win.