Looks like the fight for .hotel gTLD is over

One of the longest-running fights over a new gTLD may be over, after three unsuccessful applicants for .hotel appeared to throw in the towel on their four-year-old legal fight with ICANN.

In a document quietly posted by ICANN last week, the Independent Review Process panel handling the .hotel case accepted a joint request from ICANN and applicants Fegistry, Radix and Domain Venture Partners to close the case.

The applicants lawyers had told ICANN they were “withdrawing all of their claims” and the panel terminated the case “with prejudice”.

They had been fighting to get ICANN to overturn its decision to award .hotel to HOTEL Top-Level-Domain (HTLD), formerly affiliated with Afilias, which had won a controversial Community Priority Evaluation.

CPE was a process under the 2012 new gTLD program rules that allowed applicants in contention sets to avoid an auction if they could show sufficient “community” support for their bids, which HTLD managed to do.

The Fegistry complaint was the second IRP to focus on this decision, which was perceived as unfair and inconsistent with other CPE cases. The first ran from 2015 to 2016 and led to an ICANN win.

Part of the complaints focused on allegations that an HTLD executive improperly accessed private information on competing applicants using a vulnerability in ICANN’s applications portal.

The IRP complainants had also sued in Los Angeles Superior Court, but that case was thrown out in July due to the covenant not to sue (CNTS) that all new gTLD applicants had to agree to when they applied.

The fight for .hotel had been going on for longer than that for .web, but unlike .web it appears that this fight may finally be over.

ICANN throws out another challenge to the Donuts-Afilias deal

ICANN is set to reject a plea for it to reconsider its decision to allow Donuts to buy Afilias last December.

Its Board Accountability Mechanisms Committee recently threw out a Request for Reconsideration filed by Dot Hotel and Domain Venture Partners, part of a multi-pronged assault on the outcome of the .hotel gTLD contention set.

The RfR was “summarily dismissed”, an infrequently used way of disposing of such requests without considering their merits. BAMC concluded that the requestors had failed to sufficiently state how they’d been harmed by ICANN’s decision, and therefore lacked standing.

The requestors, both applicants for .hotel, had said that they were harmed by the fact that Donuts now owns two applications for .hotel — its own open, commercial one and Afilias’ successful community-based one.

It also said that ICANN’s seemingly deliberate opacity when it came to approving the deal broke its bylaws and sowed confusion and risk in the registry industry.

At some point before the December 17 board meeting that approved the acquisition, ICANN staff briefed the board on its decision to approve the deal, but no formal resolution was passed.

By exploiting this loophole, it’s not clear whether the board actually voted on the deal, and ICANN was not obliged by its bylaws to publish a rationale for the decision.

But BAMC, acting on the advice of ICANN’s lawyers, decided (pdf) that the statements of alleged harm were too vague or seemed to rely on potential future harms.

DVP and Dot Hotel are also party to a lawsuit and an Independent Review Process case against ICANN related to .hotel.

A Documentary Information Disclosure Request related to the Afilias acquisition was also thrown out in March.

BAMC’s dismissal will be rubber-stamped by ICANN’s full board at a later date.

ICANN refuses to say why it allowed Donuts to buy Afilias

ICANN appears determined to make its decision-making process when it comes to industry consolidation as opaque as possible.

The Org has denied a request from two rival registries for information about how it approved the acquisition of Afilias by Donuts last December, apparently exploiting a loophole in its bylaws.

The transaction got the nod from ICANN after its December 17 board of directors meeting, at which the board discussed the deal and gave CEO Göran Marby the nod to go ahead and process the request.

What it didn’t do was pass a formal resolution approving the deal, which seems to have given it the room to wriggle out of its transparency requirements, such as publishing its rationale and briefing materials.

It’s a trick it also used last year when it decided to bar Ethos Capital from acquiring Public Interest Registry.

In response to a Documentary Information Disclosure Process request (pdf) last month, filed by Dot Hotel and Domain Venture Partners, ICANN said:

ICANN org makes available, as a matter of due course, on the ICANN website the resolutions taken, preliminary report, minutes, and the Board briefing materials for each Board meeting… ICANN org has already published all materials for the 17 December 2020 Board meeting.

No new information was published.

The DIDP was filed by two applicants for the new gTLD .hotel, which are competing with applications originally filed by both Donuts and Afilias.

They’d also asked for ICANN’s rationale for allowing Donuts to own two .hotel applications post-acquisition, but ICANN said it had no documents reflecting that rationale.

The .hotel contest is also the subject of an Independent Review Process case and a lawsuit, in which DVP is a plaintiff.

Got beef with ICANN? Why you may not want to use the Ombudsman

Complaining to the independent Ombudsman may not be the best way to start a beef with ICANN, and that’s according to the Ombudsman himself.

Herb Waye told DI this week that consulting him as a first port of call may well lock complainants out of escalating their complaints through his office in future procedures.

Earlier this week, I reported on a lawsuit filed by three so-far unsuccessful .hotel gTLD applicants, which among other things alleges that ICANN’s Request for Reconsideration appeals process is a “sham”.

Reconsideration has quite a high barrier to success, and complaints are rarely successful. Requests are dealt with by the Board Accountability Mechanisms Committee, a subset of the very same board of directors that passed the resolution being complained about, advised by the same ICANN lawyers.

But RfRs are also automatically sent to the Ombudsman for a determination before the BAMC looks into them, which should provide a valuable and ostensibly independent second set of critical eyes.

However, in practice this has almost never happened since the provision was added to the ICANN bylaws five year ago.

The .hotel plaintiffs tallied up the 14 RfRs related to the new gTLD program since 2017 and found that the Ombudsman had recused himself, without detailed explanation, on every single occasion. Their complaint in California Superior Court reads:

Neither ICANN nor the Ombudsman has provided any intelligible reason for this gross flouting of ICANN’s bylaws and the Ombudsman’s dereliction of duty, other than a naked and vague claim of “conflict of interest”. The lack of any Ombudsman process not only violates ICANN’s bylaws and its contracts with Plaintiffs, but it renders the promise of a fair and independent Reconsideration process null and illusory, and the notion of true accountability a farce.

The ICANN bylaws state that the Ombudsman must recuse himself from considering RfRs “involving matters for which the Ombudsman has, in advance of the filing of the Reconsideration Request, taken a position while performing his or her role as the Ombudsman”.

According to Waye’s explanation, this is a very broad standard indeed. He told DI in an email:

it is not just me but over 18(?) years of Office of the Ombudsman involvement in complaints or investigations. So I need to go back through the archives when I receive an RR to make sure neither Chris [LaHatte] nor Frank [Fowlie] have made a determination (it doesn’t have to be a public report (or position) or a report to the Board to qualify for recusal).

Among other factors, it also doesn’t have to be a past determination directly involving the RR requestor either… if the substance of the RR has been reviewed by the Office in the past, or if the RR is about an issue similar to one that has been the subject of a complaint and a determination, then recusal is also required to avoid inconsistencies or perceived bias.

He consults with his “independent outside counsel”, Dave Marglin, when figuring out whether recusal is necessary, he said.

Waye published an explanation of his role in Reconsideration on page 19 of the Ombusdman’s most-recent annual report (pdf).

I wondered whether a 2015 decision by Waye predecessor LaHatte related to the new gTLD program’s controversial Community Priority Evaluation might account for the spate of recusals over the last few years, but Waye would not be drawn.

“I can’t identify specifics about each recusal as I must at all cost avoid identifying past complainants or subjects of complaints,” he said. “As I mentioned, some published reports may be the reason for a recusal but it may also be the result of the RfR issue having passed through my Office prior to the RfR being filed as a complaint; which may or may not be a known fact, so I err on the side of caution and treat all recusals the same.”

Given that the Ombudsman also deals with sensitive interpersonal interactions, including sexual harassment complaints, a code of confidentiality could be a good thing.

But it also means that there are an unknown number of undisclosed topics, dating back the best part of two decades, that the Ombudsman is apparently powerless to address via the Reconsideration process.

And that list of untouchable topics will only get longer as time goes by, incrementally weakening ICANN’s accountability mechanisms.

It seems to me that for companies with no interest in confidentiality but with serious complaints against an ICANN board action, complaining to the Ombudsman as the first port of call in a case that would likely be escalated to Reconsideration, Cooperative Engagement Process and Independent Review Process may be a bad idea.

Not only would they be locking the Ombudsman out of their own subsequent RfR, but they’d be preventing him or her getting involved in related RfRs for eternity.

Waye does not disagree. He said:

I think anyone considering bringing a complaint to the Office of the Ombuds should now consider their desired outcome if there is any possibility the issue may be something that could eventually take the RfR route. Do they want an informal (potentially confidential) determination from the Ombuds or do they want something more “public” from the Ombuds in the form of a substantive evaluation made directly to the BAMC. It’s still a new process and my participation in the RfR accountability mechanism is still a work in progress for the people considering using the RfR. But it’s what the community wanted and we will make it work.

It strikes me that the Reconsideration policy outlined in the ICANN bylaws is, by accident or design, self-terminating and opaque. It becomes less useful the more often it is used, as the range of topics the Ombudsman is permitted to rule on are slowly whittled away in secret.

It also occurs to be that it might be open to abuse and gaming.

Worried that a rival company will try to use Reconsideration to your disadvantage? Why not file a preemptive Ombudsman complaint on the same topic, forcing him to recusing himself and leaving the eventual RfR in the hands of the far-from-objective BAMC and ICANN board?

Waye said:

I suppose it would be possible, though it would require me making a determination or taking a position of sorts related to the eventual RfR… a complaint doesn’t automatically mean recusal. And of course it would mean me and my counsel not seeing through the “gaming” agenda and declining the complaint at the outset.

.hotel battle lands ICANN in court over accountability dodges

ICANN’s accountability mechanisms, or lack thereof, have landed the Org in court.

Three applicants for the .hotel new gTLD have sued in California’s Superior Court in LA, claiming ICANN has consistently failed to provide true accountability, refusing for over seven years to implement fundamental mechanisms required by its bylaws.

They want the court to force ICANN to stick to its bylaws and to also temporarily freeze an Independent Review Process case related to .hotel.

The registries in question are Fegistry, Domain Venture Partners and Radix. They filed their complaint at the end of October, but ICANN did not publish it until the end of January, after its terse reply, and an administrative ruling, had also been filed with the court.

While the endgame is presumably to get the .hotel contention set pushed to auction, the lawsuit barely mentions the gTLD at all. Rather, it’s a broad-ranging challenge to ICANN’s reluctance to submit to any kind of accountability at all.

The main beef is that ICANN has not created a so-called “Standing Panel” of judges to preside over IRP cases, something that its bylaws have required since 2013.

The Standing Panel is meant to comprise seven legal experts, trained up in all things ICANN, from which the three panelists presiding over each IRP would be selected.

It would also operate as a final appeals court for IRP rulings, with all seven panelists involved in such “en banc” challenges.

The idea is to have knowledgeable panelists on a retainer to expedite IRPs and ensure some degree of consistency in decision-making, something that has often been lacking in IRP decisions to date.

Despite this requirement being in the bylaws since 2013, ICANN has consistently dragged its feet on implementation and today there still is no Standing Panel.

The .hotel plaintiffs reckon ICANN has dodged $2.7 million in fees by refusing to pick a panel, all the while offloading certain fees onto complainants.

It didn’t get the ball rolling until January 2018, but the originally anticipated, rather streamlined, selection process quickly devolved into the usual mess of ICANN bureaucracy, red tape and circular community consultation.

The latest development was in November 2020, when ICANN announced that it was looking for volunteers for a cross-community “IRP Community Representatives Group”, a team similar to the Nominating Committee. which would be responsible for picking the Standing Panel members.

The deadline to apply was December 4, and we’ve not heard anything else about the process since.

The .hotel litigants also have beef with the “sham” Request for Reconsideration process, which is notorious for enabling the board to merely reinforce its original position, which was drafted by ICANN staff lawyers, based on advice provided by those same ICANN staff lawyers.

They also take aim at the fact that ICANN’s independent Ombudsman has recused himself from any involvement in Reconsideration related to the new gTLD program, for unclear reasons.

The lawsuit (pdf) reads:

ICANN promised to implement these Accountability Mechanisms as a condition of the United States government terminating its formal oversight of ICANN in 2016 — yet still has wholly failed to do so.

Unless this Court forces ICANN to comply with its bylaws in these critical respects, ICANN will continue to force Plaintiffs and any other complaining party into the current, sham “Reconsideration” and Independent Review processes that fall far short of the Accountability Mechanisms required in its bylaws.

The plaintiffs say that ICANN reckons it will take another six to 12 months to get the Standing Panel up and running. The plaintiffs say they’re prepared to wait, but that ICANN is refusing and forcing the IRP to continue in its absence.

They also claim that ICANN was last year preparing to delegate .hotel to HTLD, the successful applicant now owned by Donuts, which forced them to pay out for an emergency IRP panelist to get the equivalent of an injunction, which cost $18,000.

That panelist declined to force ICANN to immediately appoint a Standing Panel or independent Ombudsman, however.

The .hotel plaintiffs allege breach of contract, fraud, deceit, negligence and such among the eight counts listed in the complaint, and demand an injunction forcing ICANN to implement the accountability mechanisms enshrined in the bylaws.

They also want an unspecified amount of money in punitive damages.

ICANN’s response to the complaint (pdf) relies a lot on the fact that all new gTLD applicants, including the plaintiffs in this case, signed a covenant not to sue as part of their applications. ICANN says this means they lack standing, but courts have differed of whether the covenant is fully enforceable.

ICANN also claims that the .hotel applicants have failed to state a factual case for any of their eight counts.

It further says that the complaint is just an effort to relitigate what the plaintiffs failed to win in their emergency hearing in their IRP last year.

It wants the complaint dismissed.

The court said (pdf) at the end of January that it will hold a hearing on this motion on DECEMBER 9 this year.

Whether this ludicrous delay is related to the facts of the case or the coronavirus pandemic is unclear, but it certainly gives ICANN and the .hotel applicants plenty of time for their IRP to play out to conclusion, presumably without a Standing Panel in place.

So, a win-by-default for ICANN?

Rival wants the truth about the Afilias-Donuts deal amid “collusion” claims

Portfolio gTLD investor Domain Venture Partners wants ICANN to fully explain its decision to approve Donuts’ acquisition of Afilias, claiming the deal gives the combined company an unfair advantage in the long-running battle for the .hotel gTLD.

DVP has filed a formal Request for Reconsideration with ICANN, tearing it a new one for seemingly going out of its way to avoid its transparency obligations when it came to the December approval of the acquisition.

ICANN’s board of directors had been scheduled to discuss the mega-deal at a special meeting December 17, but instead it carried out these talks off-the-books, in such a way as to avoid bylaws rules requiring it to publish a rationale and meeting minutes.

As I noted recently, it was the second time in 2020 (after the Ethos-PIR deal) the board resorted to this tactic to avoid publicly stating why it was approving or rejecting a large M&A transaction.

DVP notes the contrast with the Ethos-PIR proposal, which endured months of public scrutiny and feedback, adding in its RfR:

Why did the ICANN Board have a Special Meeting on this topic? Why did they not publish or otherwise identify a single background fact or point of discussion from the Special Meeting? Why did they not identify a single source of evidence or advice relied upon in coming to the decision? Why have they refused to provide even the slightest hint as to anything they considered or any reason why they came to their decision? How did they vote, was there any dissent? Nobody knows, because ICANN has kept all that secret.

The company argues that all this secrecy leaves itself and other registries at a loss to predict what might happen should they be involved in future acquisitions, particularly given the allegedly anti-bylaws “discriminatory” treatment between PIR on the one hand and Afilias on the other.

DVP stops short of asking for ICANN to overturn its decision to permit the acquisition — it would be moot anyway, as the deal has already closed — but it does demand that ICANN:

Provide complete, published rationale for the Resolution of Dec. 17, 2020 to essentially approve the Afilias acquisition of Donuts, including identification of all materials relied upon by the Board and/or Staff in evaluating the transaction, publication of all communications between Board, Staff and/or outside advisors relating to the transaction, and publication of all communications regarding the transaction between ICANN on the one hand, and Afilias, Donuts and/or Ethos Capital on the other hand.

Develop, implement, publish and report results of a clear policy as to what registry combination transactions will be approved or rejected, including clearly defined criteria to be assessed — and clearly defined process to assess that criteria – as to each and every future proposed transaction.

It’s interesting that nobody has filed a Documentary Information Disclosure Policy request for this information yet.

But it’s not all just about transparency for DVP. Its big concern appears to be its application for .hotel, which is in one of the few new gTLD contention sets still not resolved almost a decade after the 2012 application round.

DVP is the Gibraltar investment vehicle that controls the 16 new gTLDs that were formerly managed by Famous Four Media and are now managed by GRS Domains (which I believe is owned by PricewaterhouseCoopers). Dot Hotel Limited is one of its application shells.

Donuts is now in possession of two competing .hotel applications — its own, which is for an open, unrestricted space gTLD, and the Afilias-owned HTLD application, which is for a restricted Community-based space.

Back in 2014, HTLD won a Community Evaluation Process, which should have enabled it to skip a potentially expensive auction with its rival bidders and go straight to contracting and delegation.

But its competing applicants, including DVP and Donuts, challenged the CPE’s legitimacy with an Independent Review Process appeal.

To cut a long story short, they lost the IRP but carried on delaying the contention set and came back with a second IRP (this one not including Donuts as a complainant), which involves claims of “hacking”, one year ago.

The contention set is currently frozen, but DVP thinks Donuts owning two applications is a problem:

Donuts now owns or controls both that Community Application, and another pending standard application in the contention set for .hotel. There is no provision in the Applicant Guidebook for applicants to own more than one application for the same gTLD string. It certainly indicates collusion among applicants within a contention set, since two of them are owned by the same master.

…

DVP is concerned that Donuts may have no intention of honoring those Community commitments, and instead intends to operate an open registry.

DVP wants ICaNN to publish a rationale for why it’s allowing Donuts to own two applications for the same TLD.

It also wants ICANN to either force Donuts to cancel its HTLD application — which would likely lead to a .hotel auction among the remaining applicants, with the winning bid flowing to either ICANN or the losing applicants — or force it to stick to its Community designation commitments after launch, which isn’t really Donuts’ usual business model.

RfRs are usually resolved by ICANN’s lawyers Board Accountability Mechanisms Committee in a matter of weeks, and are rarely successful.

ICANN ordered to freeze .hotel after “serious questions” about trade secrets “theft”

ICANN has been instructed to place the proposed .hotel gTLD in limbo after four applicants for the string raised “sufficiently serious questions” that ICANN may have whitewashed the “theft” of trade secrets.

The order was handed down last month by the emergency panelist in the Independent Review Process case against ICANN by claimants Fegistry, MMX, Radix and Domain Ventures Partners.

Christopher Gibson told ICANN to “maintain the status quo” with regards the .hotel contention set, meaning currently winning applicant Hotel Top Level Domain, which is now owned by Afilias, won’t get contracted or delegated until the IRP is resolved.

At the core of the decision (pdf) is Gibson’s view that the claimants raised “sufficiently serious questions related to the merits” in allegations that ICANN mishandled and acted less than transparently in its investigation into a series of data breaches several years ago.

You may recall that ICANN seriously screwed up its new gTLD application portal, configuring in such a way that any applicant was able to search for and view the confidential data, including financial information such as revenue projections, of any other competing applicant.

Basically, ICANN was accidentally publishing applicants’ trade secrets on its web site for years.

ICANN discovered the glitch in 2015 and conducted an audit, which initially fingered Dirk Krischenowski — who at time was the half-owner of a company that owned almost half of HTLD as well as a lead consultant on the bid — as the person who appeared to have accessed the vast majority of the confidential data in March and April 2014.

ICANN did not initially go public with his identity, but it did inform the affected applicants and I managed to get a copy of the email, which said he’d downloaded about 200 records he shouldn’t have been able to access.

It later came to light that Krischenowski was not the only HTLD employee to use the misconfiguration to access data — according to ICANN, then-CEO of HTLD Katrin Ohlmer and lawyer Oliver Süme had too.

HTLD execs have always denied any wrongdoing, and as far as I know there’s never been any action against them in the proper courts. Krischenowski has maintained that he had no idea the portal was glitched, and he was using it in good faith.

Also, neither Ohlmer nor Krischenowski are still involved with HTLD, having been bought out by Afilias after the hacking claims emerged.

These claims of trade secret “theft” are being raised again now because the losing .hotel applicants think ICANN screwed up its probe and basically tried to make it go away out of embarrassment.

Back in August 2016, the ICANN board decided that demands to cancel the HTLD application were “not warranted”. Ohlmer barely gets a mention in the resolution’s rationale.

The losing applicants challenged this decision in a Request for Reconsideration in 2016, known as Request 16-11 (pdf). In that request, they argued that the ICANN board had basically ignored Ohlmer’s role.

Request 16-11 was finally rejected by the ICANN board in January last year, with the board saying it had in fact considered Ohlmer when making its decision.

But the IRP claimants now point to a baffling part of ICANN’s rationale for doing so: that it found “no evidence that any of the confidential information that Ms. Ohlmer (or Mr. Krischenowski) improperly accessed was provided to HTLD”.

In other words, ICANN said that the CEO of the company did not provide the information that she had obtained to the company of which she was CEO. Clear?

Another reason for brushing off the hacking claims has been that HTLD could have seen no benefit during the application process by having access to its rivals’ confidential data.

HTLD won the contention set, avoiding the need for an auction, in a Community Priority Evaluation. ICANN says the CPE was wholly based on information provided in its 2012 application, so any data obtained in 2014 would have been worthless.

But the losing applicants say that doesn’t matter, as HTLD/Afilias still have access to their trade secrets, which could make the company a more effective competitor should .hotel be delegated.

This all seems to have been important to Gibson’s determination. He wrote in his emergency ruling (pdf) last month:

The Emergency Panelist determines that Claimants have raised “sufficiently serious questions related to the merits” in in relation to the Board’s denial of Request 16-11, with respect to the allegations concerning the Portal Configuration issues in Request 16-11. This conclusion is made on the basis of all of the above information, and in view of Claimants’ IRP Request claim that ICANN subverted the investigation into HTLD’s alleged theft of trade secrets. In particular, Claimants claim that ICANN refused to produce key information underlying its reported conclusions in the investigation; that it violated the duty of transparency by withholding that information; that the Board’s action to ignore relevant facts and law was a violation of Bylaws; and further, to extent the BAMC and/or Board failed to have such information before deciding to disregard HTLD’s alleged breach, that violated their duty of due diligence upon reasonable investigation, and duty of independent judgment.

The Emergency Panelist echoes concerns that were raised initially by the Despegar IRP Panel regarding the Portal Configuration issues, where that Panel found that “serious allegations” had been made188 and referenced Article III(1) of ICANN’s Bylaws in effect at that time, but declined to make a finding on those issues, indicating “that it should remain open to be considered at a future IRP should one be commenced in respect of this issue.” Since that time, ICANN conducted an internal investigation of the Portal Configuration issues, as noted above; however, the alleged lack of disclosure, as well as certain inconsistencies in the decisions of the BAMC and the Board regarding the persons to whom the confidential information was disclosed and their relationship to, or position with HTLD, as well as ICANN’s decision to ultimately rely on a “no harm no foul” rationale when deciding to permit the HTLD application to proceed, all raise sufficiently serious questions related to the merits of whether the Board breached ICANN’s Article, Bylaws or other polices and commitments.

It’s important to note that this is not a final ruling that ICANN did anything wrong, it’s basically the ICANN equivalent of a ruling on a preliminary injunction and Gibson is saying the claimants’ allegations are worthy of further inquiry.

And the ruling did not go entirely the way of the claimants. Gibson in fact ruled against them on most of their demands.

For example, he said their was insufficient evidence to revisit claims that a review of the CPE process carried out by FTI Consulting was a whitewash, and he refused to order ICANN to preserve documentation relating to the case (though ICANN has said it will do so anyway).

He also ruled against the claimants on a few procedural issues, such as their demands for an Ombudsman review and for IRP administrator the International Center for Dispute Resolution to recuse itself.

Some of their claims were also time-barred under ICANN’s equivalent of the statute of limitations.

But ICANN will be prevented from contracting with HTLD/Afilias for now, which is a key strategic win.

ICANN reckons the claimants are just using the IRP to try to force deep-pocketed Afilias into a private auction they can be paid to lose, and I don’t doubt there’s more than a grain of truth in that claim.

But if it exposes another ICANN cover-up in the process, I for one can live with that.

The case continues…

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.
The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.
It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.
The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).
The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.
There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.
This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.
There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.
HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.
CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.
Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.
There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.
Naturally, the remaining applicants were not happy about this, and started to fight back.
The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.
That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.
The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.
Guess what? That got rejected too.
So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.
The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.
While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.
ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.
Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.
Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”
The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.
When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.
The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.
But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.
Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.
Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.
And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.
A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.
A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.
In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.
The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.
It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.
This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.
It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.
FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.
They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.
The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.
It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.
The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”
“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.
“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.
ICANN is yet to file its response to the complaint.
Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.
Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.
The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.
ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.
The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.
With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

.music and .gay possible in 2018 after probe finds no impropriety

Five more new gTLDs could see the light of day in 2018 after a probe into ICANN’s handling of “community” applications found no wrongdoing.
The long-running investigation, carried out by FTI Consulting on ICANN’s behalf, found no evidence to support suspicions that ICANN staff had been secretly and inappropriately pulling the strings of Community Priority Evaluations.
CPEs, carried out by the Economist Intelligence Unit, were a way for new gTLD applicants purporting to represent genuine communities to avoid expensive auctions with rival applicants.
Some applicants that failed to meet the stringent “community” criteria imposed by the CPE process appealed their adverse decisions and an Independent Review Process complaint filed by Dot Registry led to ICANN getting crucified for a lack of transparency.
While the IRP panel found some hints that ICANN staff had been nudging EIU’s arm when it came to drafting the CPE decisions, the FTI investigation has found:

there is no evidence that ICANN organization had any undue influence on the CPE Provider with respect to the CPE reports issued by the CPE Provider or engaged in any impropriety in the CPE process.

FTI had access to emails between EIU and ICANN, as well as ICANN internal emails, but it did not have access to EIU internal emails, which EIU declined to provide. It did have access to EIU’s internal documents used to draft the reports, however.
Its report states:

Based on FTI’s review of email communications provided by ICANN organization, FTI found no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process. FTI found that the vast majority of the emails were administrative in nature and did not concern the substance or the content of the CPE results. Of the small number of emails that did discuss substance, none suggested that ICANN acted improperly in the process.

FTI also looked at whether EIU had applied the CPE rules consistently between applications, and found that it did.
It also dug up all the sources of information EIU used (largely Google searches, Wikipedia, and the web pages of relevant community groups) but did not directly cite in its reports.
In short, the FTI reports very probably give ICANN’s board of directors cover to reopen the remaining affected contention sets — .music, .gay, .hotel, .cpa, and .merck — thereby removing a significant barrier to the gTLDs getting auctioned.
If there were to be no further challenges (which, admittedly, seems unlikely), we could see some or all of these strings being sold off and delegated this year.
The probe also covered the CPEs for .llc, .inc and .llp, but these contention sets were resolved with private auctions last September after applicant Dot Registry apparently decided it couldn’t be bothered pursuing the ICANN process any more.
The FTI’s reports can be downloaded from ICANN.

.music and .gay CPE probe could end this month

An ICANN-commissioned investigation into the fairness of its Community Priority Evaluation process for new gTLDs could wind up before the end of June.
In an update Friday, ICANN also finally revealed who is actually conducting the probe, which has been slammed by affected applicants for being secretive.
A tentative timeline sketched out in the update means applicants for gTLDs including .gay and .music could find their applications closer to release from limbo in just a few weeks.
ICANN revealed that FTI Consulting’s Global Risk and Investigations Practice and Technology Practice have been looking into claims ICANN staff meddled in the Economist Intelligence Unit’s supposedly independent CPE reviews for the last several months.
FTI is reviewing how ICANN staff interacted with the EIU during the CPE processes, how the EIU conducted its research and whether the EIU applied the CPE criteria uniformly across different gTLDs.
ICANN said that FTI finished collected material from ICANN in March and hopes to have all the information it has asked the EIU for by the end of this week.
It could deliver its findings to ICANN two weeks after that, ICANN said.
Presumably, there would be little to prevent ICANN publishing these findings very shortly thereafter.
ICANN has been harangued by some of the applicants for .music, .gay, hotel, .cpa, .llc, .inc, .llp and .merck, all of which have been affected by controversial CPE decisions and have been delayed by the investigation, for months.