Latest news of the domain name industry

Recent Posts

BREAKING: ICANN’s number two Cyrus Namazi quits. Probably due to sexual discrimination claims.

Kevin Murphy, April 1, 2020, Domain Policy

The head of ICANN’s Global Domains Division, Cyrus Namazi — arguably ICANN’s number-two exec — has resigned from the organization, according to multiple sources. I believe it’s related to allegations of sexual discrimination.

ICANN staffers were told this evening that he’s resigned “effective immediately” and that a public announcement will follow.

Long-time ICANN staffer Theresa Swinehart, currently senior VP of multistakeholder strategy and strategic initiatives, will run GDD while a replacement is sought.

While I don’t expect ICANN to announce the reasons for Namazi’s departure, I believe it’s related to allegations of sexual indiscretions.

I’ve been aware for a few months of allegations against Namazi for sexual discrimination and/or sexual harassment, but I’ve been unable to get sufficient on-the-record information to run a story.

What I do know, from digging around on court web sites, is that ICANN was sued about a year ago by a former staffer called Jennifer Gore for alleged disability and gender discrimination, allegedly carried out by Namazi.

Gore’s complaint can be read here (pdf). ICANN’s response can be read here (pdf).

I’ve also been made aware of a few other female ICANN staffers who have quit allegedly due to Namazi’s behavior.

And I gather he’s been on-leave recently. Anyone who was at ICANN 67 will have noted his absence.

I’ve not heard of any allegations that could be described as remotely criminal. We’re just talking about allegations of inappropriate comments and actions at work.

I have absolutely no idea how many of the allegations, if any, are true. None. I just know that there are a lot of them.

I do know that ICANN’s PR team have been banned from talking to me for the last few weeks, since I learned about these allegations — by senior VP of global communications Sally Newell Cohen — because I talked offensive smack about Namazi to him and to another senior staffer on social media messaging channels.

ICANN grants Verisign its price increases, of course

Kevin Murphy, March 30, 2020, Domain Registries

ICANN has given Verisign its ability to increase .com prices by up to 7% a year, despite thousands of complaints from domain owners.

The amendments give Verisign the right to raise prices in each of the last four years of its six-year duration. The current price is $7.85 a year.

Because the contract came into effect in late 2018, the first of those four years begins October 26 this year, but Verisign last week said that it has frozen the prices of all of its TLDs until 2021, due to coronavirus.

Not accounting for discounts, .com is already already worth $1.14 billion in revenue to Verisign every year, based on its end-of-2019 domains under management.

In 2019, Verisign had revenue of $1.23 billion, of which about half was pure, bottom-line, net-income profit.

In defending this shameless money-grab, ICANN played up the purported security benefits of the deal, while offering a critique of the domainers and registrars that had lobbied against it.

Göran Marby, ICANN’s CEO, said in a blog post.

I believe this decision is in the best interest of the continued security, stability, and resiliency of the Internet.

Overall, the decision to execute the .COM Registry Agreement amendment and the proposed binding Letter of Intent is of benefit to the Internet community.

The decision was explained in more detail in a eight-page analysis document (pdf) published late last week.

I’ll summarize this paper in three bullet points (my words, not ICANN’s):

  • Domainers are hypocrites.
  • The deal is good for DNS security.
  • Our hands were tied anyway.

First, while ICANN received over 9,000 comments about the proposed amendment, almost all negative, it said that publicity campaigns from domainer group the Internet Commerce Association and domainer registrar Namecheap were behind many of them.

the Internet Commerce Association (ICA) and Namecheap, are active players in the so called “aftermarket” for domain names, where domain name speculators attempt to profit by “buying low and selling high” on domain names, forcing end users to pay higher than retail prices for desirable domain names

It goes on to cite data from NameBio, which compiles lists of secondary market domain sales, to show that the average price of a resold domain is somewhere like $1,600 (median) to $2,400 (mean).

Both Namecheap and ICA supporter GoDaddy, which sells more .coms than any other registrar, have announced steep increases in their .com retail renewal fees in recent years — 20% in the case of GoDaddy — the ICANN document notes.

This apparent hypocrisy appears to be reason ICANN felt quite comfortable in disregarding many of the negative public comments it received.

Second, ICANN reckons other changes to the .com contract will benefit internet security.

Under a side deal (pdf) Verisign’s going to start giving ICANN $4 million a year, starting next January and running for five years, for what Marby calls “ICANN’s initiatives to preserve and enhance the security, stability, and resiliency of the DNS.” These include:

activities related to root server system governance, mitigation of DNS security threats, promotion and/or facilitation of Domain Name System Security Extensions (DNSSEC) deployment, the mitigation of name collisions, and research into the operation of the DNS.

Note that these are without exception all areas in which ICANN already performs functions, usually paid for out of its regular operating budget.

Because it looks like to all intents and purposes like a quid pro quo, to grease the wheels of getting the contract amendments approved, Marby promised that ICANN will commit to “full transparency” as to how its new windfall will be used.

The new contract also has various new provisions that standardize technical standardization and reporting in various ways, that arguably could provide some minor streamlining benefits to internet security and stability.

But ICANN is playing up new language that requires Verisign to require its registrars to forbid their .com registrants from doing stuff like distributing malware and operating botnets. Verisign’s registrar partners will now have to include in their customer agreements:

a provision prohibiting the Registered Name Holder from distributing malware, abusively operating botnets, phishing, pharming, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law and providing (consistent with applicable law and any related procedures) consequences for such activities, including suspension of the registration of the Registered Name;

Don’t expect this to do much to fight abuse.

It’s already a provision that applies to hundreds of other TLDs, including almost all gTLDs, and registrars typically incorporate it into their registration agreements by way of a link to the anti-abuse policy on the relevant registry’s web site.

Neither Verisign nor its registrars have any obligation to actually do anything about abusive domains under the amendments. As long as Verisign does a scan once a month and keeps a record of the total amount of abuse in .com — and this is data ICANN already has — it’s perfectly within the terms of its new contract.

Third and finally, ICANN reckons its hands were pretty much tied when it comes to the price increases. ICANN wrote:

ICANN org is not a competition authority or price regulator and ICANN has neither the remit nor expertise to serve as one. Rather, as enshrined in ICANN’s Bylaws, which were
developed through a bottom up, multistakeholder process, ICANN’s mission is to ensure the security and stability of the Internet’s unique identifier systems. Accordingly, ICANN must defer to relevant competition authorities and/or regulators, and let them determine if any conduct or behavior raises anticompetition concerns and, if so, to address such concerns, whether it be through price regulation or otherwise. As such, ICANN org has long-deferred to the DOC and the United States Department of Justice (DOJ) for the regulation of wholesale pricing for .COM registry services.

It was of course the DoC, under the Obama administration, that froze Verisign’s ability to raise prices and, under the Trump administration, thawed that ability in November 2018.

If you’re pissed off that the carrying cost of your portfolio is about to go up, you can blame Trump, in other words.

No .com price increases this year. Thanks, coronavirus!

Kevin Murphy, March 26, 2020, Domain Registries

Verisign won’t increase prices on .com or any of its other TLDs this year.

The promise comes as part of a package of coronavirus-related measures the company announced on its blog yesterday. Verisign said:

In order to support individuals and small businesses affected by this crisis, Verisign will freeze registry prices for all of our Top-Level Domains (TLDs), including .com and .net, through the end of 2020. In addition, we will soon deploy a program, available to all retail registrars, to provide support and assistance for domain name registrants whose domain names will be expiring in the coming months.

No additional details on the proposed registrant support program were made available.

The pricing news sounds good, especially for high-volume domain owners such as domainers and trademark owners, but it should be noted that in the case of .com it amounts to a mere two-month price freeze.

Under the terms of its current agreement with ICANN, it can’t raise prices at all. The controversial proposed amendments that recently attracted about 9,000 objections, would reinstate price-raising powers.

However, assuming ICANN approves the new contract, which seems likely, Verisign would only be able to up its fees in the final four years of its six-year deal. The first of those four years begins October 20 this year.

Conceivably, it could have announced a 7% price hike for .com on October 21, but the company has now said that it will not.

Verisign also said yesterday that it’s donating an “initial” $2 million to “first responders and medical personnel in the Northern Virginia area, the United Way’s COVID-19 relief efforts, and the Semper Fi & America’s Fund”.

It is also doubling the funding available to the scheme where it matches employees’ charitable donations, which could increase (and incentivize) giving to coronavirus-related causes.

US senators tell ICANN to reject .org deal

Kevin Murphy, March 20, 2020, Domain Registries

Five US senators have called on ICANN to not approve the acquisition of Public Interest Registry by Ethos Capital.

The senators — all Democrats — said in a March 18 letter published today that the proposed $1.13 billion deal is “against the public interest”.

The surprisingly detailed nine-page letter (pdf) was signed by Ron Wyden, Richard Blumenthal, Elizabeth Warren and Anna Eshoo, following up from a similar letter sent in January. The new letter also has Ed Markey as a signatory. They write:

We were concerned that the sale would be contrary to ICANN’s commitment to the public benefit, that it might undermine the reliability of .ORG websites, and that Ethos is unlikely to be a responsible steward of the .ORG registry. New information we have obtained in the last two months, including statements made by ISOC, PIR, and Ethos, has validated these concerns. Accordingly, we write to reiterate our view that ICANN should block the proposed change of control of the .ORG registry.

Chief among their concerns is the lack of transparency about who is actually bankrolling the deal. Ethos has confirmed it will be partially funded by loans, but the identities of its actual owners have not been confirmed.

It’s been said that two of the backers are investment firms linked to high-profile Republicans — Senator Mitt Romney and the late Ross Perot.

The senators are also worried that the business plan Ethos has publicly laid out may not be realistic, suggesting that PIR will be forced to rip off customers in order to recoup the cost of the acquisition.

They go on to say that Ethos’ promise to only increase prices by 10% per year, enforceable via a Public Interest Commitment in its ICANN contract, is “weak”, particularly given that the commitment would automatically expire seven years from now.

They’re also not buying the notion that PIR’s proposed Stewardship Council, made up of outside .org stakeholders, would have enough power to guide registry policy, calling the council “toothless”.

ICANN is of course under no obligation to take its lead from a handful of legislators, but it’s yet another voice stacked against a deal that already had very little support.

ICANN has until April 20 to make a decision about the change of control.

More ICANN events cancelled for May

Kevin Murphy, March 20, 2020, Domain Policy

ICANN has cancelled its annual GDD Industry Summit and DNS Symposium, which had been scheduled to take place in Paris, France, in May.

“The decision to cancel these events was made in light of the rapidly evolving COVID-19 virus outbreak and, for the GDD Summit, included conversations with the Contracted Parties House,” ICANN said in a statement.

The two events had been due to take place back to back from May 3 to 6 and May 7 and 8, respectfully.

The GDD event is for commercial members of the domain name industry — registries and registrars — while the Symposium focuses on the technical side of the industry and had planned to focus on DNS security.

It appears that, unlike ICANN 67, neither is being replaced with a virtual meeting.

.org decision delayed another month

Kevin Murphy, March 18, 2020, Domain Registries

ICANN has been given another month to decided whether or not to approve Ethos Capital’s proposed $1.13 billion acquisition of Public Interest Registry from the Internet Society.

PIR said today that it has agreed to give ICANN until April 20 to give it the yay or nay on the controversial deal.

It seems the disruption and distraction caused by the coronavirus pandemic played at least a small role in the decision. PIR said:

To ensure ICANN and the California Attorney General’s office, with which we have been communicating, have the time they need to address any outstanding questions regarding the transaction, especially in light of current events, we have agreed to an ICANN deadline extension to April 20th. We look forward to ICANN’s decision by this date.

Yesterday, opponents of the deal suggested that the acquisition could interfere with the global pandemic response, but PIR has dismissed these claims today as “misleading and alarmist” and “deceiving the public”.

Meanwhile, PIR has updated the proposed contractual Public Interest Commitments that it believes will address some of its critics’ concerns.

Future changes to the PICs will be subject to ICANN’s public comment process, the company said. This is presumably designed to calm fears that the registry will simply dump the PICs next time its contract comes up for renegotiation.

Given the level of confidence in the efficacy of the public comment process — which I would argue is currently close to zero — I doubt this new promise will have its intended effect.

PIR has also taken on criticism that its proposed .ORG Stewardship Council, designed to make sure .org continues to be managed in the public interest, could easily be captured by Ethos yes-men.

Now, instead of appointing the first five members of the council itself, Ethos will instead recruit an “internationally-recognized executive search firm” to find five suitable candidates from stakeholder groups including ICANN’s Non-Commercial Stakeholder Group and At-Large Advisory Committee.

Those nominations will still be subject to final approval by the PIR board, however, so again I think the deal’s critics will still have complaints to cling to.

PIR expects to announce further details of the council selection process next Monday, March 23.

Delay .org deal because of… coronavirus? Gimme a break

Kevin Murphy, March 18, 2020, Domain Policy

Opponents of Public Interest Registry’s proposed acquisition by Ethos Capital are now claiming that ICANN should delay approval of the deal due to coronavirus.

A statement, released yesterday by digital rights group Access Now with the apparent approval of several other like-minded groups, outlines a few reasons why coronavirus means ICANN should reject, or at least delay its consideration of, the deal.

ICANN is currently working towards a March 20 deadline to deliver its verdict.

Peter Micek, general counsel for Access Now, said in the statement:

Far from routine, this transfer would further imperil crucial channels of trusted information in a precarious time. From Médecins Sans Frontières to Wikipedia to many of the world’s hospitals, organizations that disseminate accurate health information and connect affected communities with public resources depend on the .ORG domain. Now is not the time to shift the ground beneath their online activities.

Could a $0.97 increase in the cost of wikipedia.org this year see Wikipedia’s hive mind crumble and turn into the digital equivalent of Jenny McCarthy’s brain? Will it prompt MSF volunteers to retreat, screaming, from the front lines? I don’t think so.

The statement goes on to suggest that China would be able to use its substantial financial and political clout to lean on Ethos’ secretive backers to something something something coronavirus. Kenneth Roth, executive director of Human Rights Watch said:

The Chinese government routinely uses economic pressure to censor critics or inconvenient information, such as about its disastrous early cover-up of the coronavirus outbreak. Investors in the private equity firm that wants to buy the .ORG domain inevitably will have economic interests that Beijing could threaten.

While there may well be a nugget of truth in there, I fail to see how it applies to the current pandemic. Is the argument that China will pressure Ethos’ billionaire money men to close down domains belonging to organizations disseminating accurate Covid-19 information? It seems a stretch.

China already has substantial powers to shut down domains within its own borders, and requires registries operating in the country to comply with Draconian censorship rules. I’m not aware of any cases of these existing powers being exercised against domains globally.

A third argument is that ICANN is using coronavirus as a convenient smokescreen to quietly approve the acquisition while everyone else is busy ram-raiding corner stores for toilet paper.

Daniel Eriksson, head of technology at Transparency International, said in the statement:

If this transfer goes ahead during the current crisis as planned, we’ll look back on it as an example of vested interests taking advantage of the extraordinary situation created by the COVID-19 pandemic to further their own concerns at the expense of the broader good of society. We need to be vigilant against any such actions, and this is precisely the role of many civil society organizations that have a watchdog function. We need maximum transparency and integrity around the sale of .ORG, and that is simply not possible if the sale is rushed through at a moment when peoples’ attention is elsewhere.

Again, this seems like a stretch. The announcement of the acquisition predates the discovery of Covid-19 by weeks, and it has been subject to intense scrutiny, engagement, comment and unprecedented — albeit imperfect — levels of transparency ever since. This is an acquisition being negotiated to a large extent in the public square.

I’ll be generous and suggest a fourth explanation: this is probably just a poor-taste (but, let’s face it, successful) attempt to grab headlines by linking the #SaveDotOrg campaign, however thinly, to the pandemic currently occupying the world’s collective conscious.

There are plenty of good arguments that could be — and are being — made in favor of further delay and scrutiny of the deal, but I don’t think coronavirus is one of them.

At ICANN 67, nobody knew you’re a dog

Kevin Murphy, March 16, 2020, Gossip

Want to see what your fellow ICANN 67 attendees looked like on the other side of the Zoom chat room?

The meeting may have been held entirely remotely, but that hasn’t stopped the ICANN org from populating its Flickr page with a big wedge of photos, one of which seems to prove the old adage that “On the internet, nobody know’s you’re a dog.”

Virtual Photo Gallery #42

Photo credit: @icannphotos

At regular, face-to-face ICANN meetings, there’s a professional photographer doing the rounds, doing his or her level best to make jet-lagged, bearded. middle-aged men sitting in circles at laptops look thrusting and dynamic.

This time, it was largely up to remote participants to submit their own mug shots, taken in their home offices, kitchens, and lounges, for your viewing delight. And what a jolly nice bunch of people they look.

The batch of photos from 67 also includes a number taken on-site at ICANN’s Los Angeles headquarters, which had been hastily rigged up to act as the meeting’s hub after the face-to-face meeting in Cancun, Mexico was cancelled over coronavirus fears.

Here.

WE’RE ALL GONNA DIE! In other news, ICANN 67 was… “muted”

Kevin Murphy, March 13, 2020, Domain Policy

Without wishing to scaremonger about Covid-19, I don’t mind admitting that I’ve never been so terrified of anything as much in my adult life.

I have relatives in their nineties or with existing lung conditions, and I’m generally a pretty unhealthy middle-aged bloke myself. In the last few days, I’ve become increasingly concerned that not every member of the clan is going to make it out of 2020 alive.

I’m sure many readers are feeling the same way right now.

The UK government’s response may or may not be scientifically sound, but it seems to me the underlying strategy is not to prevent people from getting the disease, which may well no longer be possible, but rather to spread out infections over as long a period as possible, so as to reduce the peak strain on the National Health Service.

My feeling, which I don’t think is particularly paranoid, is that Boris Johnson, in apparent contrast to other world leaders, has made the call to throw a generation of British grannies under the bus in the name of herd immunity.

We’re living in dark times, and it’s going to get worse before it gets better.

I hope all my readers stay safe. And, in all seriousness, keep washing those hands and stay at home if you start coughing!

Awkward segue incoming.

There was little doubt in my mind that ICANN made the correct decision three weeks ago when it cancelled the in-person Cancun public meeting and quickly organized a much-truncated online-only ICANN 67 instead. There seemed a possibility that it was acting through an over-abundance of caution.

But, given the developments in the coronavirus pandemic since ICANN pulled the plug on Cancun, all such doubt has surely been eliminated. ICANN made entirely the right call.

That’s not to say that 67 was a roaring success. It suffered from the entirely predictable and unavoidable limitations of online conferencing.

When I say it was “muted”, I mean that in two senses of the word.

Watching the American late-night talk show hosts last night performing to empty audiences this morning was a surreal experience. Like watching survivors of the zombie apocalypse broadcasting a plaintive SOS into an eerily silent ether.

I kinda felt the same listening to ICANN 67.

While I’m no stranger to remote participation — that’s how I experience most ICANN meetings — there’s usually a detectable sense of place, of a jostling community on the other side of the Zoom room. I hesitate to use a word as strong as “vibrancy”, but you probably know what I’m getting at.

There was none of that at 67, which largely played out in much the same way as a regular policy working group call.

And that’s when we get to the other sense of the word “muted” — I lost count of the amount of time squandered to technical issues such as dropped or laggy connections, background noise, and, most commonly, people not realizing that they have to unmute their lines before speaking.

I don’t think a single session I attended was not plagued by periods of uncomfortable silence.

As I said, this was entirely predictable and largely unavoidable. I don’t think the fact that each session’s Zoom room appeared to be configured differently helped, but it’s probably a problem that will be mitigated as people become more accustomed to the Zoom platform.

The next ICANN meeting, numbered 68, is currently still scheduled to take place in Kuala Lumpur, Malaysia, from June 22, but I think that it’s almost inevitable that we’ll be looking at another online-only session.

Malaysia currently has 158 confirmed cases of coronavirus, suggesting that it’s still in the relatively early stages of the pandemic compared to, say, Europe.

With UK experts predicting peak infections here around late May, it’s entirely possible ICANN 68 would take place while Malaysia’s problem is significantly worse than it is today.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.

Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.

In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.

In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.

Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.

The complaint is very similar to one filed against OnlineNIC (pdf) in October.

And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.

Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.

Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.

The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.

Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.

Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.

The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.