Latest news of the domain name industry

Recent Posts

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

Kevin Murphy, February 7, 2020, Domain Policy

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.

The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.

It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.

The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).

The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.

There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.

This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.

There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.

HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.

CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.

Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.

There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.

Naturally, the remaining applicants were not happy about this, and started to fight back.

The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.

That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.

The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.

Guess what? That got rejected too.

So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.

The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.

While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.

ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.

Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.

Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”

The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.

When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.

The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.

But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.

Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.

Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.

And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.

A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.

A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.

In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.

The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.

It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.

This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.

It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.

FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.

They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.

The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.

It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.

The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”

“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.

“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.

ICANN is yet to file its response to the complaint.

Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.

Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.

The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.

ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.

The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.

With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

.hotel losers gang up to threaten ICANN with legal bills

Kevin Murphy, August 30, 2016, Domain Registries

The six losing applicants for the .hotel new gTLD are collectively threatening ICANN with a second Independent Review Process action.

Together, they this week filed a Request for Reconsideration with ICANN, challenging its decision earlier this month to allow the Afilias-owned Hotel Top Level Domain Sarl application to go ahead to contracting.

HTLD won a controversial Community Priority Evaluation in 2014, effectively eliminating all rival applicants, but that decision was challenged in an IRP that ICANN ultimately won.

The other applicants think HTLD basically cobbled together a bogus “community” in order to “game” the CPE process and avoid an expensive auction.

Since the IRP decision, the six other applicants — Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry — have been arguing that the HTLD application should be thrown out due to the actions of Dirk Krischenowski, a former key executive.

Krischenowski was found by ICANN to have exploited a misconfiguration in its own applicants’ portal to download documents belonging to its competitors that should have been confidential.

But at its August 9 meeting, the ICANN board noted that the timing of the downloads showed that HTLD could not have benefited from the data exposure, and that in any event Krischenowski is no longer involved in the company, and allowed the bid to proceed.

That meant the six other applicants lost the chance to win .hotel at auction and/or make a bunch of cash by losing the auction. They’re not happy about that.

It doesn’t matter that the data breach could not have aided HTLD’s application or its CPE case, they argue, the information revealed could prove a competitive advantage once .hotel goes on sale:

What matters is that the information was accessed with the obvious intent to obtain an unfair advantage over direct competitors. The future registry operator of the .hotel gTLD will compete with other registry operators. In the unlikely event that HTLD were allowed to operate the .hotel gTLD, HTLD would have an unfair advantage over competing registry operators, because of its access to sensitive business information

They also think that HTLD being given .hotel despite having been found “cheating” goes against the spirit of application rules and ICANN’s bylaws.

The RfR (pdf) also draws heavily on the findings of the IRP panel in the unrelated Dot Registry (.llc, .inc, etc) case, which were accepted by the ICANN board also on August 9.

In that case, the panel suggested that the board should conduct more thorough, meaningful reviews of CPE decisions.

It also found that ICANN staff had been “intimately involved” in the preparation of the Dot Registry CPE decision (though not, it should be noted, in the actual scoring) as drafted by the Economist Intelligence Unit.

The .hotel applicants argue that this decision is incompatible with their own IRP, which they lost in February, where the judges found a greater degree of separation between ICANN and the EIU.

Their own IRP panel was given “incomplete and misleading information” about how closely ICANN and the EIU work together, they argue, bringing the decision into doubt.

The RfR strongly hints that another IRP could be in the offing if ICANN fails to cancel HTLD application.

The applicants also want a hearing so they can argue their case in person, and a “substantive review” of the .hotel CPE.

The HTLD application for .hotel is currently “On Hold” while ICANN sorts through the mess.

gTLD auctions net ICANN another $13m

Kevin Murphy, October 27, 2014, Domain Registries

ICANN has raised another $12.9 million from new gTLD auctions.

A small batch of three contention sets — .realty, .salon and .spot — were resolved last Wednesday in the third so-called “last resort” auction.

.realty went to Fegistry for $5,588,888, .salon to Donuts for $5,100,575 and .spot to Amazon for $2.2 million.

ICANN now has accumulated new gTLD auction sales totaling $27.8 million.

It raised $14.3 million selling off .buy, .tech and .vip in September. The auction for .信息 fetched $600,000 in June.

ICANN’s share — after auctioneer Power Auctions is paid off — is being put into a special fund, rather that ICANN’s current account. The community will one day have to decide what to spend it on.

Realtors withdraw five gTLD community objections

Kevin Murphy, August 8, 2013, Domain Registries

The US-based National Association of Realtors has withdrawn its Community Objections against five applicants for .realestate and .realty, according to well-placed sources.

The five separate objections, which had been combined into one action under the auspices of the International Chamber of Commerce’s International Centre for Expertise, were withdrawn today.

NAR is a million-member trade association — apparently the largest in the US — comprising real estate agents that agree to pay dues and abide by its code of conduct.

It owns a trademark on REALTORS® and, judging by its objection and web site, is not shy about letting you know it. In the States, only NAR members get to call themselves “realtors”.

It has applied for .realestate via a subsidiary, dotRealEstate LLC, and had objected to applications for .realestate from Donuts, Top Level Domain Holdings and Uniregistry, and applications for .realty from Donuts and smaller portfolio applicant Fegistry.

The objections were combined in May, with the consent of the responding applicants.

NAR argued (pdf) that the applied-for strings are synonymous with its community of members, and that the other applicants’ proposed open-house registration policies would tarnish their reputation.

To win a Community Objection, you have to show among other things that there’s a strong nexus between the string at issue and the “clearly delineated” community you purport to represent.

While the case seems to have been withdrawn before it was decided by the ICC panel, NAR’s rivals were zeroing in on this as a weak spot in its objections.

The Uniregistry response (pdf) is as amusingly brutal as you’d expect from company counsel John Berryhill, using the NAR’s own marketing materials and positions in previous lawsuits against it.

Uniregistry pointed for example to a video on NAR’s web site that says:

We need your help to ensure that the term ‘REALTOR’ continues to mean member of the National Association of Realtors, and not just any real estate agent.

Uniregistry took this as an admission from NAR that the nexus between the universe of “real estate” professionals and the NAR is not as strong as the organization had tried to make out.

In Donuts’ two responses (pdf and pdf) also attacked this angle, arguing

Objector and its members make up only a fraction of that “community”… myriad divergent interests and countless individuals and organizations populate the sphere of “realty” around the world. Objector does not claim to speak on behalf of any of them, but rather only its own membership in the United States.

Now that the objections have been withdrawn, and all the applications are still active, the .realestate and .realty contentions sets are both heading to auction or private settlement.

Big hotel chains pick a side in .hotel gTLD fight

Kevin Murphy, August 11, 2012, Domain Registries

Many of the world’s major hotel chains say they plan to object to every .hotel new gTLD application but one.

A coalition of many recognizable hotel brands, led by InterContinental, has filed comments against six of the seven .hotel applications, as well as the applications for .hotels, .hoteis and .hoteles.

They say they want the Independent Objector to object to these applications on community grounds. Failing that, they’ll file their own official Community Objections.

The comments (PRO) were filed by the Hotel Consumer Protection Coalition, which appears to be one of those ad hoc organizations that exists purely to send letters to ICANN.

HCPC encourages the Independent Evaluator to submit a formal Community Objection if necessary. (Guidebook, Sec. 3.2.5.) Failing either of these occurrences, HCPC will seriously consider filing a Community Objection of its own – unless, of course, Applicant voluntarily withdraws its application.

The coalition’s members include the Choice Hotels, InterContinental, Hilton, Hyatt, Marriott, Starwood and Wyndham hotel chains. Together, they say they have over 25,000 hotels in over 100 countries.

The lucky recipient of the coalition’s tacit support is HOTEL Top-Level-Domain, the Luxembourg-based applicant managed by Johannes Lenz-Hawliczek and Katrin Ohlmer, which is using Afilias as its back-end.

It’s one of only two .hotel applicants flagged in the DI PRO database as planning to use a “restricted” business model. Only hotels, hotel chains and hotel associations will be able to register.

The other applicant with planned restrictions is a subsidiary of Directi, though its application suggests that any eligibility requirements would only be enforced post-registration.

HOTEL Top-Level Domain is also the only applicant that appears to be pursuing a single gTLD. All but one of the others are portfolio applicants of various ambitions.

Top Level Domain Holdings, Donuts, Famous Four Media and Fegistry all plan “open” business models for .hotel, while Despegar Online is planning a single-registrant space.

The Hotel Consumer Protection Coalition’s support for HOTEL Top-Level Domain is conditional, however. The company has apparently had to agree to explicitly exclude:

“any entity other than a hotel, hotel chain, or organization or association that is not formed or controlled by individual hotels or hotel chains”

It’s also agreed to “immediately suspend” any “clear violations”, such as cases of cybersquatting, when notified by coalition members, and to include its members’ brands on a Globally Protected Hotel Marks List.

The support has apparently been granted extremely reluctantly. InterContinental explicitly does not support the new gTLD program, and Marriott has previously said it thinks .hotel is pointless.

I can’t imagine a .hotel supported by companies that have no plans to use it being particularly successful.