Latest news of the domain name industry

Recent Posts

Kafka turns in grave as ICANN crowbars “useless” Greek TLD into the root

Kevin Murphy, September 9, 2019, Domain Policy

ICANN has finally approved a version of .eu in Greek script, but it’s already been criticized as “useless”.

Yesterday, ICANN’s board of directors rubber-stamped .ευ, the second internationalized domain name version of the European Union’s .eu, which will be represented in the DNS as .xn--qxa6a.

There’s a lot of history behind .ευ, much of it maddeningly illustrative of ICANN’s Kafkaesque obsession with procedure.

The first amusing thing to point out is that .ευ is technically being approved under ICANN’s IDN ccTLD Fast Track Process, a mere NINE YEARS after EURid first submitted its application.

The “Fast Track” has been used so far to approve 61 IDN ccTLDs. Often, the requested string is merely the name of the country in question, written in one of the local scripts, and the TLD is approved fairly quickly.

But in some cases, especially where the desired string is a two-character code, a string review will find the possibility of confusion with another TLD. This runs the risk of broadening the scope of domain homograph attacks sometimes used in phishing.

That’s what happened to .ευ, along with Bulgaria’s Cyrillic .бг and Greece’s own .ελ, which were rejected on string confusion grounds back in 2010 and 2011.

Under pressure from the Governmental Advisory Committee, ICANN then implemented an Extended Process Similarity Review Panel, essentially an appeals process designed to give unsuccessful Fast Track applicants a second bite at the apple.

That process led to Bulgaria being told that .бг was not too similar to Brazil’s .br, and Greece being told that .ελ did not look too much like .EA, a non-existent ccTLD that may or may not be delegated in future, after all.

But the EU’s .ευ failed at the same time, in 2014. The appeals review panel found that the string was confusable with upper-case .EY and .EV.

Again, these are not ccTLDs, just strings of two characters that have the potential to become ccTLDs in future should a new country or territory emerge and be assigned those codes by the International Standards Organization, a low-probability event.

I reported at the time that .ευ was probably as good as dead. It seemed pretty clear based on the rules at the time that if a string was confusable in uppercase OR lowercase, it would be rejected.

But I was quickly informed by ICANN that I was incorrect, and that ICANN top brass needed to discuss the results.

That seems to have led to ICANN tweaking the rules yet again in order to crowbar .ευ into the root.

In 2015, the board of directors reached out to the GAC, the ccNSO and the Security and Stability Advisory Committee for advice.

They dutifully returned two years later with proposed changes (pdf) that seemed tailor-made for the European Union’s predicament.

A requested IDN ccTLD that caused confusion with other strings in only uppercase, but not lowercase (just like .ευ!!!) could still get delegated, provided it had a comprehensive risk mitigation strategy in place, they recommended.

The recommendation was quickly approved by ICANN, which then sent its implementation guidelines (again, tailor-made for EURid (pdf)) back to the ccNSO/SSAC.

It was not until February this year that the ccNSO/SSAC group got back to ICANN (pdf) to approve of its implementation plan and to say that it has already tested it against EURid’s proposed risk-mitigation plan (pdf).

Basically, the process in 2009 didn’t produce the desired result, so ICANN changed the process. It didn’t produced the desired result again in 2014, so the process was changed again.

But at least Greek-speaking EU citizens are finally going to get a meaningful ccTLD that allows them to express their EUishness in their native script, right?

WRONG!

I recently read with interest and surprise a blog post by domainer-blogger Konstantinos Zournas, in which he referred to .ευ as the “worst domain extension ever”.

Zournas, who is Greek, opened my eyes to the fact that “.ευ” is meaningless in his native tongue. It’s just two Greek letters that visually resemble “EU” in Latin script. It’s confusing by design, but with .eu, a ccTLD that EURid already manages.

While not for a moment doubting Zournas’ familiarity with his own language, I had to confirm this on the EU’s Greek-language web site.

He’s right, the Greek for “European Union” is “Ευρωπαϊκής Ένωσης”, so the sensible two-letter IDN ccTLD would be .ΕΈ (those are Greek characters that look a bit like Latin E).

That would have almost certainly failed the ICANN string similarity process, however, as .ee/EE is the current, extant ccTLD for Estonia.

In short (too late), it seems to have taken ICANN the best part of a decade, and Jesus H Christ knows how many person-hours, to hack its own procedures multiple times in order to force through an application for a TLD that doesn’t mean anything, can’t be confused with anything that currently exists on the internet, and probably won’t be widely used anyway.

Gratz to all involved!

Sorry, you still can’t sue ICANN, two-faced .africa bidder told

Kevin Murphy, September 9, 2019, Domain Policy

Failed .africa gTLD applicant DotConnectAfrica appears to have lost its lawsuit against ICANN.

A California judge has said he will throw out the portions of DCA’s suit that had not already been thrown out two years ago, on the grounds that DCA was talking out of both sides of its mouth.

DCA applied for .africa in 2012 but lost out to rival applicant ZA Central Registry because ZACR had the backing of African governments and DCA did not.

It filed an Independent Review Process complaint against ICANN in 2013 and won in 2015, with the IRP panel finding that ICANN broke its own bylaws by paying undue deference to Governmental Advisory Committee advice.

It also emerged that ICANN had ghost-written letter of government support on behalf of the African Union, which looked very dodgy.

DCA then sued ICANN in 2016 on 11 counts ranging from fraud to breach of contract to negligence.

The Los Angeles Superior Court decided in 2017 that five of those charges were covered by the “covenant not to sue”, a broad waiver that all new gTLD applicants had to sign up to.

But the remaining six, relating to ICANN’s alleged fraud, were allowed to go ahead.

ICANN relied in its defense on a principle called “judicial estoppel”, where a judge is allowed to throw out a plaintiff’s arguments if it can be shown that it had previously relied on diametrically opposed arguments to win an earlier case.

The judge has now found that estoppel applies here, because DCA fought and won the IRP in part by repeatedly claiming that it was not allowed to sue in a proper court.

It had made this argument on at least seven occasions during the IRP, Judge Robert Broadbelt found. He wrote in his August 22 ruling (pdf):

DCA’s successfully taking the first position in the IRP proceeding and gaining significant advantages in that proceeding as a result thereof, and then taking the second position that its totally inconsistent in this lawsuit, presents egregious circumstances that would result in a miscarriage of justice if the court does not apply the doctrine of judicial estoppel to bar DCA from taking the second position in this lawsuit. The court therefore exercises its discretion to find in favor of ICANN, and against DCA, on ICANN’s affirmative defense of judicial estoppel and to bar DCA from bringing or maintaining its claims against ICANN alleged in the [First Amended Complaint] in this lawsuit.

In other words, ICANN’s won.

The case is not yet over, however. DCA still has an opportunity to object to the ruling, and there’s a hearing scheduled for December.

Amazon wins! ICANN on verge of approving .amazon despite government outrage

Amazon has one foot over the finish line in its seemingly endless battle for the .amazon gTLD.

ICANN last week nudged its application along to probably its final hurdle and gave the strongest indication yet that the controversial dot-brand will soon be delegated in the root.

Amazon has essentially won, beating off objections from the eight South American nations of the Amazon Cooperation Treaty Organization.

In a May 15 resolution, published late Friday, the ICANN board of directors resolved that there is “no public policy reason for why the .AMAZON applications should not be allowed to proceed”.

It now plans to approve the application for .amazon, along with the Chinese and Japanese translations, after Amazon’s “Public Interest Commitments” — enforceable voluntary commitments that would be incorporated into its registry contract — have been subject to 30-day public comment period.

These PICs would require Amazon to give each of the eight nations, and ACTO itself, one domain name under .amazon that they could use to provide non-commercial information about the region whose name the company shares.

Amazon would also have to block up to 1,500 culturally sensitive terms in each of the TLDs, so that nobody could use them.

There’d be a steering committee comprising Amazon and the ACTO members, which would get to decide which domains are blocked. Amazon would have the ultimate veto, but ACTO states could appeal by filing PIC Dispute Resolution Procedure complaint with ICANN.

The text of Amazon’s proposed PICs can be found in an April 17 letter to ICANN (pdf).

As far as I can tell, the public comment period has not yet been opened. If it has, it’s so well-hidden on the ICANN web site that even my voodoo powers have been ineffective in unearthing it.

It seems likely that it will attract comment from ACTO and its members, along with others with an interest in protecting the Amazon region.

Whether their comments will be enough to make ICANN change its mind about eventually delegating .amazon seems highly unlikely.

Amazon, in my view, has basically won at this point.

The victory comes over seven years after the original application was filed.

Amazon fought off a Community Objection from the Independent Objector in 2013, but its applications were rejected by ICANN after receiving consensus advice from the Governmental Advisory Committee.

The GAC reached consensus against Amazon only after the United States, which had been protecting what is one of its largest technology companies’ interests, caved to pressure from the rest of the committee.

But Amazon filed an Independent Review Process complaint, which in July 2017 came back in the company’s favor. The IRP panel ruled that the GAC’s advice had been flimsy and baseless, and that ICANN should un-reject the .amazon applications.

Since then, it’s been a fight between Amazon and ACTO, with ICANN trapped in the middle.

As far as ICANN is concerned, the GAC had only advised it to “facilitate” a resolution between the two parties. It does not appear to believe it was under an obligation to assure that both parties were happy with the outcome.

ACTO had wanted much stronger protections from Amazon including majority control of the policy steering committee and, hilariously, a button on every single .amazon web page linking to an ACTO site promoting the Amazon region.

The company rejected those requests, and instead put its own unilateral proposal to ICANN.

Following ICANN’s approval, it’s now very possible that Amazon could start using .amazon this year.

However, given the usual speed at which the company launches its delegated gTLDs, some time in the 2030s is just as likely.

Governments demand Whois reopened within a year

Kevin Murphy, April 29, 2019, Domain Policy

ICANN’s government advisers wants cops, trademark owners and others to get access to private Whois data in under a year from now.

The Governmental Advisory Committee wants to see “considerable and demonstrable progress, if not completion” of the so-called “unified access model” for Whois by ICANN66 in Montreal, a meeting due to kick off November 4 this year.

The demand came in a letter (pdf) last week from GAC chair Manal Ismail to her ICANN board counterpart Cherine Chalaby.

She wrote that the GAC wants “phase 2” of the ongoing Expedited Policy Development Process on Whois not only concluded but also implemented “within 12 months or less” of now.

It’s a more specific version of the generic “hurry up” advice delivered formally in last month’s Kobe GAC communique.

It strikes me as a ludicrously ambitious deadline.

Phase 2 of the EPDP’s work involves deciding what “legitimate interests” should be able to request access to unredacted private Whois data, and how such requests should be handled.

The GAC believes “legitimate interests include civil, administrative and criminal law enforcement, cybersecurity, consumer protection and IP rights protection”.

IP interests including Facebook want to be able to vacuum up as much data as they want more or less on demand, but they face resistance from privacy advocates in the non-commercial sector (which want to make access as restrictive as possible) and to a lesser extent registries and registrars (which want something as cheap and easy as possible to implement and operate that does not open them up to legal liability).

Ismail’s letter suggests that work could be sped up by starting the implementation of stuff the EPDP group agrees to as it agrees to it, rather than waiting for its full workload to be complete.

Given the likelihood that there will be a great many dependencies between the various recommendations the group will come up with, this suggestion also comes across as ambitious.

The EPDP group is currently in a bit of a lull, following the delivery of its phase 1 report to ICANN, which is expected to approve its recommendations next month.

Since the phase 1 work finished in late February, there’s been a change of leadership of the group, and bunch of its volunteer members have been swapped out.

Volunteers have also complained about burnout, and there’s been some pressure for the pace of work — which included four to five hours of teleconferences per week for six months — to be scaled back for the second phase.

The group’s leadership has discussed 12 to 18 months as a “realistic and desirable” timeframe for it to reach its Initial Report stage on the phase 2 work.

For comparison, it published its Initial Report for phase 1 after only six stressful months on the job, and not only have its recommendations not been implemented, they’ve not even been approved by ICANN’s board of directors yet. That’s expected to happen this Friday, at the board’s retreat in Istanbul.

With this previous experience in mind, the chances of the GAC getting a unified Whois access service implemented within a year seem very remote.

Amazon tells power-hungry governments to get stuffed

Kevin Murphy, April 23, 2019, Domain Policy

Amazon has rejected attempts by South American governments to make the would-be gTLD .amazon “jointly owned”.

In a letter to ICANN last week, Amazon VP of public policy Brian Huseman finally publicly revealed the price Amazon is willing to pay for its dot-brand, but said members of the Amazon Cooperation Treaty Organization are asking for way too much power.

It turns out three of ACTO’s eight national government members have proposed solutions to the current impasse, but Amazon has had to reject them all for commercial and security reasons. Huseman wrote (pdf):

Some member states require that we jointly own and manage the .AMAZON TLDs. Some require that we give the member states advance notice and veto authority over all domain names that we want to register and use—for both trademarked terms as well as generic words. Some suggest a Governance Committee can work only if it has governance that outweighs Amazon’s voice (i.e. the Governance Committee has a representative from one of each of the eight member states, while Amazon has one); and some want to use .AMAZON for their own commercial purposes.

From Huseman’s description, it sounds like the ACTO nations basically want majority control (at least in terms of policy) of .amazon and the Chinese and Japanese translations, applications for which have been essentially frozen by ICANN for years.

Huseman told ICANN that Amazon cannot comply.

If the company were to give eight South American governments advanced notice and veto power over .amazon domains it planned to register, it would make it virtually impossible to contain its business secrets prior to the launch of new services, he said.

The governments also want the right to block certain unspecified generic strings, unrelated to the Amazon region, he wrote. Amazon can’t allow that, because its range of businesses is broad and it may want to use those domains for its own commercial purposes.

Amazon has offered to block up to 1,500 strings per TLD that “represent the culture and heritage of the Amazonia region”.

Nine .amazon domains would be set aside for actual usage, one for ACTO and one each for its members, “that have primary and well-recognized significance to the culture and heritage of the region”, but they’d have to use those domains non-commercially.

The proposal seems to envisage that the countries would select their two-letter country code as their freebie domain. Brazil could get br.amazon, for example.

They could also select the names of Amazonian indigenous peoples’ groups or “the specific terms OTCA, culture, heritage, forest, river, and rainforest, in English, Dutch, Portuguese, and Spanish.”

They would not to be allowed to use third-level domains, other than “www”.

The governments would have up to two years to populate the list of 1,500 banned terms. The strings would have to have the same “culture and heritage” nexus, and Amazon would get veto power over whether the proposed strings actually meet that test.

As the whole policy would be enshrined as a Public Interest Commitment in the .amazon registry contract with ICANN, ACTO members would be able to protest such rejections using the PIC Dispute Resolution Policy.

Amazon would also get veto power over the content of the web sites at the domains used by the governments. They’d have to be basically static sites, and all user-generated content would be strictly verboten.

It’s a power struggle, with little evident common ground once you get down into the details, and it’s likely going to be up to ICANN to decide whether Amazon’s proposal is sufficient to overrule the ACTO and Governmental Advisory Committee concerns.

ICANN had set a deadline of April 21 to receive the proposal. The timetable it has previously set out would see its board of directors make a decision (or punt it back to Amazon) at the Marrakech public meeting in late June.

However, board chair Cherine Chalaby has told ACTO that if it wants to negotiate a joint proposal with Amazon, it can still do so. ICANN would need to receive this revised proposal by June 7, he said.