Latest news of the domain name industry

Recent Posts

ICANN faces first post-transition test of UN power (for real this time)

Kevin Murphy, October 7, 2016, Domain Policy

The ICANN community and United Nations agencies are heading for a clash, with governments accused this morning of trying to bypass the ICANN policy-making process.

According to the leader of an ICANN volunteer working group, governments and UN-affilated intergovernmental organizations (IGOs) have circumvented the usual ICANN consensus-building process in order to extract the policies they want directly from the ICANN board of directors and staff.

It’s the first time since the IANA transition, which happened less than a week ago, that governments have been accused of exploiting their special access to the board, and it may become a hot topic at next month’s ICANN 57 meeting in India.

Governments and UN agencies now stand accused of “bypassing the ICANN community” in order to achieve their policy goals.

But the policy being debated is not directly linked to the IANA transition, nor to the thoroughly debunked notion that the UN has taken over ICANN.

Indeed, the issue in question — the permanent protection of IGO acronyms in gTLDs — is almost embarrassingly narrow and predates the announcement of the IANA transition by at least three years, going back to at least 2011.

Basically, the policy questions that look set to cause even more conflict between governments and others are: should IGO acronyms be protected, and if so, how?

IGO acronyms are strings such as WIPO, UNESCO and OECD.

The ICANN board punted this question in May 2014, when it received conflicting advice from the Governmental Advisory Committee and Generic Names Supporting Organization.

Since then, a GNSO Policy Development Process working group has been working on recommendations. It has not yet issued its initial findings, but is close.

Simultaneously and separately, members of ICANN’s board and staff have been quietly talking to a handful of GAC members and IGOs about the same issue in what has become known as the “small group”.

Because it’s small. And a group.

Yesterday, ICANN divulged the consensus of the small group in a letter (pdf) to the leaders of the GNSO Council.

Its recommendations conflict in almost every respect with what the GNSO working group intends to recommend.

The small group wants ICANN to create IGOs-acronyms-only versions of the Trademark Clearinghouse database, Trademark Claims service and UDRP and URS dispute resolution mechanisms — basically “functionally equivalent” mirrors of almost all of the rights protection mechanisms currently only available to trademark owners.

They would be administered at least partially by the GAC and at no cost to the IGOs themselves (presumably meaning ICANN would pick up the tab).

It seems like a disproportionate amount of faff considering the problem ICANN is trying to solve is the vanishingly small possibility that somebody attempts to cybersquat the United Nations Entity For Gender Equality And The Empowerment Of Women (UNWOMEN) or the Postal Union Of The Americas Spain And Portugal (PUASP).

A lot of it is also in direct opposition to what the GNSO WG plans to recommend, according to chair Phil Corwin and the current draft of the WG’s recommendations.

The WG currently plans to recommend that IGOs should be allowed to use the existing URS and UDRP mechanisms to take down or take over domains that use their acronyms in bad faith. It does not currently seem to recommend anything related to Trademark Claims.

A foundational disagreement relates to the status of IGOs under the law. While IGOs in the small group seem to think they are in a special category of entity that is not subject to regular trademark law, the WG hired expert legal counsel that determined the contrary.

Corwin, in his initial response to the small group letter, said that the implications of the debate go beyond how IGO acronyms should be protected.

IGOs carried out a “near boycott” of the GNSO PDP discussions, he wrote, preferring instead to talk to the small group “behind closed doors”. He wrote:

we continually urged members of the GAC, and IGOs, to participate in our WG. That participation was so sporadic that it amounted to a near-boycott, and when IGO representatives did provide any input they stressed that they were speaking solely as individuals and were not providing the official views of the organizations that employed them.

Of course, why should they participate in the GNSO policy processes when they are permitted to pursue their goals in extended closed door discussions with the Board, and when the Board seeks no input from the GNSO in the course of those talks?

He directly linked the timing of the small group report to the expiration last Friday of ICANN’s IANA functions contract with the US Department of Commerce, and suggested that the IGO acronym issue could be a litmus test for how ICANN and governments function together under the new oversight regime.

I note that transmission of the letter has been delayed until after the completion of the IANA transition, and that the post-transition role of governments within ICANN was a central controversy surrounding the transition.

What is at stake in this matter goes far beyond the relatively rare instance in which a domain registrant infringes upon the name or acronym of an IGO and the IGO seeks relief through a CRP [Curative Rights Protection mechanism]. The larger issue is whether, in a post-transition ICANN, the GAC and the UN agencies that comprise a large portion of IGOs, will participate meaningfully in GNSO policy activities, or will seek their policy aims by bypassing the ICANN community and engaging in direct, closed door discussions with the Board.

The financial effects of this seemingly interminable debate on the gTLD industry are probably pretty minor.

Currently, all new gTLDs have temporarily blocked, from launch, all of the IGO acronyms in question. That’s roughly 200 domains per gTLD that could otherwise be sold.

Many of the strings are three, four and five-letter acronyms that could fetch “premium” prices in the open market (though, in my judgement, not much more than a couple hundreds bucks in most cases).

A small number of the acronyms, such as WHO and IDEA, are potentially more valuable.

Off the top of my head and the back of an envelope, I’d put the cost to the industry as a whole of the IGO acronym blocks probably somewhere in the very low millions.

The harms being prevented are also very minor, in my view. With a small handful of exceptions, the IGOs in question are not attractive cybersquatting targets.

But, as is so often the case in ICANN matters, the arguments in this case boil down to matters of law, principle and process much more than practical impact.

Next new gTLD round could start sooner than expected

Kevin Murphy, August 11, 2016, Domain Policy

The ICANN board of directors is wondering whether the next new gTLD application round should kick off sooner than expected.

Chair Steve Crocker reached out to the Generic Names Supporting Organization this week to ask whether the next round could start before all GNSO policy work has been completed.

Or, he asked, are there any “critical issues” that need to be resolved before ICANN starts accepting more applications.

Akram Atallah, head of ICANN’s Global Domains Division, said in May that 2020 is the earliest the next round could feasibly begin, but Crocker’s letter this week (pdf) suggests that that date could be brought forward.

Crocker asked “whether a future application process could proceed while policy work continues”.

There are a number of reviews that ICANN has committed to carry about before the next round starts.

There’s a consumer choice, competition and trust survey to be completed, for example, and a review of trademark protection mechanisms.

Atallah said in may that these would likely be complete by the end of 2017.

But the GNSO is also conducting policy work designed to highlight flaws and inefficiencies in the current 2012 and recommend changes and improvements.

It’s this so-called GNSO Policy Development Process (PDP) Working Group on New gTLD Subsequent Procedures (or NewgTLD-WG) that Crocker is interested in. He wrote:

assuming all other review activities are completed, it would be helpful to understand whether the GNSO believes that the entirety of the current Subsequent Procedures PDP must be completed prior to advancing a new application process under the current policy recommendations. The Board is cognizant that it may be difficult to provide a firm answer at this stage of the process as the reviews are still underway and the PDP is in its initial stages of work, but if any consideration has been given in relation to whether a future application process could proceed while policy work continues and be iteratively applied to the process for allocating new gTLDs, or that a set of critical issues could be identified to be addressed prior to a new application process, the Board would welcome that input.

The current plan for the NewgTLD-WG is to wrap up two years from now, in the third quarter of 2018 (though this may be optimistic).

Members of the group seem to think that we’re looking at a post-2020 next round with 10,000 to 15,000 applications.

It’s difficult to imagine a second round (or fourth, if you’re a pedant) beginning a whole lot earlier than 2020, given the snail’s pace ICANN and its community moves at.

The WG was chartered over half a year ago and the conversations going on are still at a depressingly high level.

Perhaps Crocker’s letter is an early indication that board will not be the significant drag factor on the process.

Burr to replace Tonkin on ICANN board

Kevin Murphy, April 19, 2016, Domain Policy

ICANN lifer Becky Burr is to replace Bruce Tonkin on the ICANN board of directors when his term expires in November.

She’ll take the seat reserved for the Contracted Parties House of the Generic Names Supporting Organization, following a vote by registries and registrars a few weeks ago.

Tonkin, CTO of Aussie registrar Melbourne IT, has held the seat for the last nine years. He’s limited to three consecutive three-year terms under ICANN bylaws.

Burr, a lawyer by trade, is currently chief privacy officer at TLD registry Neustar, a position she has held since 2012.

Before that, she was a partner at the law firm Wilmer Hale.

But way back in 1998, in a senior role at the US National Telecommunications and Information Administration, she was one of the key people responsible for ICANN’s creation under the Clinton administration.

Pirates lose privacy rights under new ICANN rules

Kevin Murphy, January 22, 2016, Domain Registrars

People operating piracy web sites would have a harder time keeping their personal information private under new ICANN rules.

ICANN’s GNSO Council last night approved a set of recommendations that lay down the rules of engagement for when trademark and copyright owners try to unmask Whois privacy users.

Among other things, the new rules would make it clear that privacy services are not permitted to reject requests to reveal a domain’s true owner just because the IP-based request relates to the content of a web site rather than just its domain name.

The recommendations also contain safeguards that would allow registrants to retain their privacy if, for example, their safety would be at risk if their identities were revealed.

The 93-page document (pdf) approved unanimously by the Council carries a “Illustrative Disclosure Framework” appendix that lays out the procedures in some depth.

The framework only covers requests from IP owners to proxy/privacy services. The GNSO was unable to come up with a similar framework for dealing with, for example, requests from law enforcement agencies.

It states flatly:

Disclosure [of the registrant’s true Whois details] cannot be refused solely for lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; or (iv) a UDRP or URS proceeding; nor can refusal to disclose be solely based on the fact that the Request is founded on alleged intellectual property infringement in content on a website associated with the domain name.

This fairly explicitly prevents privacy services (which in most cases are registrars) using the “we don’t regulate content” argument to shoot down disclosure requests from IP owners.

Some registrars were not happy about this paragraph in early drafts, yet it remains.

Count that as a win for the IP lobby.

However, the new recommendations spend a lot more time giving IP owners a quite strict set of guidelines for how to file such requests in the first place.

If they persistently spam the registrar with automated disclosure requests, the registrar is free to ignore them. They can even share details of spammy IP owners with other registrars.

The registrar is also free to ignore requests that, for example, don’t give the exact or representative URL of an alleged copyright infringement, or if the requester has not first attempted to contact the registrant via an email relay service, should one be in place.

The registrant also gets a 15-day warning that somebody has requested their private details, during which, if they value their privacy more than their web site, they’re able to relinquish their domain and remain anonymous.

If the registrant instead uses that time to provide a good reason why they’re not infringing the requester’s rights, and the privacy service agrees, the request can also be denied.

The guidelines would make it easier for privacy service operators to understand what their obligations are. By formalizing the request format, it should make it easier to separate legit requests from the spurious requests.

They’re even allowed to charge IP owners a nominal fee to streamline the processing of their requests.

While these recommendations have been approved by the GNSO Council, they need to be approved by the ICANN board before becoming the law of the ‘net.

They also need to pass through an implementation process (conducted by ICANN staff and GNSO members) that turns the recommendations into written procedures and contracts which, due to their complexity, I have a hunch will take some time.

The idea is that the rules will form part of an accreditation program for privacy/proxy services, administered by ICANN.

Registrars would only be able to use P/P services that agree to follow these rules and that have been accredited by ICANN.

It seems to me that the new rules may be quite effective at cracking down on rogue, “bulletproof” registrars that automatically dismiss piracy-based disclosure requests by saying they’re not qualified to adjudicate copyright disputes.

ICANN confirms domain privacy is for all

Kevin Murphy, January 22, 2016, Domain Policy

Commercial entities will not be excluded from buying domain privacy services, ICANN’s GNSO Council has confirmed.

The Council last night voted unanimously to approve a set of recommendations that would make it compulsory for privacy and proxy services to be accredited by ICANN for the first time.

The recommendations govern among other things how privacy services are expected to behave when they receive notices of trademark or copyright infringement.

But missing is a proposal that would have prevented the use of privacy for “transactional” web sites, something which caused a great deal of controversy last year.

The newly adopted recommendations clearly state that nobody is to be excluded from privacy on these grounds.

The Council voted to adopt the final, 93-page report of the Privacy and Proxy Services Accreditation Issues (pdf) working group, which states:

Fundamentally, P/P services should remain available to registrants irrespective of their status as commercial or non-commercial organizations or as individuals. Further, P/P registrations should not be limited to private individuals who use their domains for non-commercial purposes.

The minority view that web sites that process financial transactions should not be able to use privacy came from intellectual property, anti-abuse and law enforcement community members.

However, opponents said it would infringe the privacy rights of home business owners, bloggers, political activists and others.

It could even lead to vicious “doxing”-related crimes, such as “swatting”, where idiots call in fake violent crime reports against rivals’ home addresses, some said.

It also turned out, as we revealed last November, that 55% of US presidential candidates operate transactional web sites that use privacy on their domains.

Two separate registrar initiatives, one backed by the Electronic Frontier Foundation, started letter-writing campaigns that resulted in over 20,000 comments being received on the the PPSAI’s initial report last July.

Those comments are acknowledged in the PPSAI final report that the GNSO Council just approved.

The adopted recommendations (which I’ll get into in a separate article) still have to be approved by the ICANN board of directors and have to undergo an implementation process that puts the rather broad policies into concrete processes and procedures.