Latest news of the domain name industry

Recent Posts

Amazon finally gets its dot-brands despite last-minute government plea

Amazon’s three long-sought dot-brand gTLDs were added to the DNS root last night, despite an eleventh-hour attempt by South American governments to drag the company back to the negotiating table.

.amazon, along with the Japanese and Chinese translations — .アマゾン (.xn--cckwcxetd) and .亚马逊 (.xn--jlq480n2rg) — and its NIC sites have already gone live.

Visiting nic.amazon today will present you with a brief corporate blurb and a link to Amazon’s saccharine social-responsibility blog. As a dot-brand, only Amazon will be allowed to use .amazon domains.

The delegations come despite a last-minute plea to ICANN by the eight-government Amazon Cooperation Treaty Organization, which unsuccessfully tried to insert itself into the role of “joint manager” of the gTLDs.

ACTO believes its historical cultural right to the string outweighs the e-commerce giant’s trademark, and that its should have a more or less equal role in the gTLD’s management.

This position was untenable to Amazon, which countered with a collection of safeguards protecting culturally sensitive strings and various other baubles.

Talks fell through last year and ICANN approved the gTLDs over ACTO’s objections.

ACTO’s secretary-general, Alexandra Moreira, wrote to ICANN (pdf) May 21 to take one last stab at getting Amazon back in talks, telling CEO Göran Marby:

the name “Amazon” pertains to a geographical region constituting an integral part of the heritage of its countries. Therefore, we Amazonians have the right to participate in the governance of the “.amazon” TLD.

Our side is ready to resume negotiations on the TLD’s governance with the Amazon Corporation., from the point where their side interrupted it, with a view to arriving at a satisfactory agreement.

Her letter came in response to an earlier Marby missive (pdf) that extensively set out ICANN’s case that talks fell apart due to ACTO repeatedly postponing and cancelling scheduled meetings.

Despite the fact that Amazon’s basically got what it wanted, seven years after filing its gTLD applications, ACTO’s members didn’t get nothing.

The contracts Amazon signed with ICANN back in December have Public Interest Commitments in them that allow the governments to reserve up to 1,500 culturally sensitive strings from registration, as well as giving each nation its own .amazon domain.

Is ICANN chickening out of Whois access role?

Kevin Murphy, May 26, 2020, Domain Policy

As talks over a centralized system for Whois access enter their eleventh hour, confusion has been sown over whether ICANN still wants to play ball.

The ICANN working group tasked with creating a “unified access model” for Whois data, currently rendered private by the GDPR privacy law, was forced last week to ask ICANN’s board of directors three blunt questions about how it sees its future role.

The group has been working for two years on a system of Whois access based around a central gateway for requests, which could be made only by those given credentials by an accreditation authority, which would also be able to revoke access rights if abused.

The proposed model as a whole has come to be known as SSAD, for System for Standardized Access/Disclosure.

The assumption has been that ICANN would act in these roles, either hands-on or by subcontracting the functions out to third parties, largely because ICANN has given every indication that it would and is arguably inventor of the concept.

But that assumption was thrown into doubt last Thursday, during a working group teleconference, when ICANN board liaison Chris Disspain worried aloud that the group may be pushing ICANN into areas beyond its remit.

Disspain said he was “increasingly uncomfortable with the stretching of ICANN’s mandate”, and that there was no guarantee that the board would approve a policy that appeared to push it outside the boundaries of its mission statement and bylaws.

“While it may be convenient and it might seem to solve the problem to say ‘Well, let ICANN do it’, I don’t think anyone should assume that ICANN will,” he said.

He stressed that he was speaking in his personal capacity rather on behalf of the board, but added that he was speaking based on his over eight years of experience on the board.

He spoke within the context of a discussion about how Whois access accreditation could be revoked in the event that the user abused their privileges, and whether an ICANN department such as Compliance should be responsible.

Several working group members expressed surprise at his remarks, with Milton Mueller of the Non-Commercial Stakeholders Group later calling it “a sudden and rather suspicious departure from nearly two years of ICANN Org statements and activities”.

The confusion comes at a critical juncture for the working group, which has to wrap up its work before chair Janis Karklins quits on June 30.

Karklins wrote to the board late last week to ask:

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the Accreditation Authority function?

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the central Gateway function?

If SSAD becomes an adopted consensus policy, would ICANN Org enforces compliance of SSAD users and involved parties with its consensus policy?

It’s a kinda important set of questions, but there’s no guarantee ICANN will provide straight answers.

When the working group, known as the EPDP, wraps up, the policy will go to the GNSO Council for approval before it goes to the board.

Irony alert! Data protection agency complains it can’t get access to private Whois data

Kevin Murphy, May 26, 2020, Domain Policy

A European data protection authority has complained to ICANN after a registrar refused to hand over one of its customers’ private Whois records, citing the GDPR data protection regulation, according to ICANN.

Compounding the irony, the DPA wanted the data as part of its probe into an alleged GDPR violation at the domain in question.

This is the frankly hilarious scenario outlined in a letter (pdf) from ICANN boss Göran Marby to Andrea Jelinek, chair of the European Data Protection Board, last week.

Since May 2018, registrars and registries have been obliged under ICANN rules to redact all personally identifiable information from public Whois records, because of the EU’s General Data Protection regulation.

This has irked the likes of law enforcement and intellectual property owners, who have found it increasingly difficult to discover the identities of suspected bad actors such as fraudsters and cybersquatters.

Registrars are still obliged to hand over data upon request in certain circumstances, but the rules are vague, requiring a judgement call:

Registry and Registrar MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR.

While an ICANN working group has been attempting to come up with a clearer-cut set of guidelines, administered by a central body, this so-called SSAD (System for Standardized Access/Disclosure) has yet to come to fruition.

So when an unidentified European DPA recently asked a similarly unidentified non-EU registrar for the Whois data of somebody they suspected of GDPR violations, the registrar told it to get stuffed.

It told the DPA it would “not act against a domain name without any clear and unambiguous evidence for the fraudulent behavior” and said it would respond to legal requests in its own jurisdiction, according to ICANN.

The DPA complained to ICANN, and now ICANN is using that complaint to shame the EDPB into getting off the fence and providing some much-needed clarity about when registrars can declassify Whois data without breaking the law.

Marby wrote that registrars are having to apply their “subjective judgment and discretion” and will most often come down on the side of registrants in order to reduce their GDPR risk. He wrote:

ICANN org would respectfully suggest to the EDPB that a more explicit recognition of the importance of certain legitimate interests, including the relevance of public interests, combined with clearer guidelines on balancing, could address these problems.

ICANN org would respectfully suggest to the EDPB to consider issuing additional specific guidance on this topic to ensure that entities with a legitimate interest in obtaining access to non-public gTLD registration data are able to do so. Guidance would in particular be appreciated on how to balance legitimate interests in access to data with the interests of the data subject concerned

ICANN and the EDPB have been communicating about this issue for a couple of years now, with ICANN looking for some clarity on this largely untested area of law, but the EDPB’s responses to data have been pretty vague and unhelpful, almost as if it doesn’t know what the hell it’s doing either.

Will this latest example of the unintended consequences of GDPR give the Board the kick up the bum it needs to start talking in specifics? We’ll have to wait and see.

ICANN dissenter explains why she wanted .org sale approved

ICANN has finally published the dissenting statement made by one of its directors following the vote to deny Ethos Capital the right to acquire Public Interest Registry from the Internet Society.

Avri Doria was one of only two directors to vote against the majority on the April 30 resolution, and the only one to file a written statement for the record, which ICANN has now published (pdf). It reads:

Briefly, I believe that the contractual conditions have been met by PIR and Ethos and that they have gone beyond these required contractual conditions to offer significant public interest commitments currently missing from the current contract.

On balance after intense study of the proposal I have come to conclusion that the Public Interest of registrants and users is better served by the PICs offered by PIR, though they could
be stronger, than by forcing PIR to remain within ISOC without any guarantees on public interest related to data usage and freedom of expression.

In exchange for ICANN approval of the deal, Ethos had promised to cap its price increases at 10% for eight years and to create a largely independent stewardship council to monitor issues related to privacy and free speech in .org.

With ICANN voting to deny the acquisition, PIR is not required to live up to those commitments, but opponents of the deal feel that its not-for-profit status under ISOC control provide stronger protections against bad behavior.

ICANN said it rejected the deal on “public interest” grounds for a variety of reasons including the lack of transparency into Ethos’ ultimate ownership, distrust that Ethos would be able to service its debt, doubt over its management in the long term, and the sheer volume of dissent from the community.

Also playing a strong role was an objection from the California attorney general, who pulled rank and informed ICANN that it should reject the deal, reminding the organization that it was subject to his oversight. This has been described as a dangerous precedent.

CSC removes reference to “retiring” new gTLD domain after retiring new gTLD domain

The corporate registrar and new gTLD management consultant CSC Global has ditched a new gTLD domain in favor of a .com, but edited its announcement after the poor optics became clear.

In a brief blog post this week, the company wrote:

We’re retiring cscdigitalbrand.services to give you a more user-friendly interface at cscdbs.com.

From the trusted provider of choice for Forbes Global 2000 companies, this more user-friendly site is filled with information you need to secure and protect your brand. You’ll experience a brand new look and feel, at-a-glance facts and figures, learn about the latest digital threats, access our trusted resources, and see what our customers are saying.

Visit the site to learn more about our core solutions: domain management, domain security, and brand and fraud protection.

But the current version of the post expunges the first paragraph, referring to the retirement of its .services domain, entirely.

I’m going to guess this happened after OnlineDomain reported the move.

But the original text is still in the blog’s cached RSS feed at Feedly.

CSC blog post

It’s perhaps not surprising that CSC would not want to draw attention to the fact that it’s withdrawn to a .com from a .services, the gTLD managed by Donuts.

After all, CSC manages dozens of new gTLDs for clients including Apple, Yahoo and Home Depot, and releases quarterly reports tracking and encouraging activation of dot-brands.

Interestingly, and I’m veering a little off-topic here, there is a .csc new gTLD but CSC does not own it. It was delegated to a company called Computer Sciences Corporation (ironically through an application managed by CSC rival MarkMonitor) which also owns csc.com.

Computer Sciences Corporation never really got around to using .csc, and in 2017 merged with a unit of HP to form DXC Technology.

If you visit nic.csc today, you’ll be redirected to dxc.technology/nic, which bears a notice that it’s the “registry for the .dxc top-level domain”.

Given that the .dxc top-level domain doesn’t actually exist, I think this might make DXC the first company to openly declare its intent to go after a dot-brand in the next round of new gTLDs.

Google launches .meet gTLD after Meet service goes free during lockdown

Google Registry is to launch its .meet gTLD next week with a sunrise period for trademark owners, but, perhaps controversially, it intends to keep the rest of the domains for itself.

It is expected that the company plans to use .meet domains in its Google Meet conferencing service, which was recently revamped and went free-to-use after Google realized that rival Zoom was eating its lunch during the coronavirus lockdown.

Google bought the .meet gTLD from Afilias back in 2015 but has kept it unused so far, even after the Meet service opened in 2017.

But according to ICANN records, it’s due to go into a one-month sunrise period from May 25, with an open-ended Trademark Claims period from June 25.

In a brief statement on its web site Google says:

Google Registry is launching the .meet TLD. This domain is Spec 9/ROCC exempt, which means we will be the registrant for all domains on the TLD and it will not be made generally available. The RRA for the TLD is available upon request, but registrations on behalf of the registry will be processed through a small number of registrars with whom the relevant product teams at Google work.

Translated from ICANN-speak, this means that Google has an exemption from Specification 9 in its .meet registry contract, releasing it from the Registry Operator Code of Conduct, which obliges registries to treat all registrars equally.

This means Google can’t sell the domains to anyone else, nor can it allow them to be controlled by anyone else, and it can use a limited pool of registrars to register names.

Spec 9 is a bit different to Spec 13, which exempts dot-brands from ICANN trademark-protection rules such as sunrise and Trademark Claims. You could argue that Spec 9 is “dot-brand lite”.

But what both Spec 9 and Spec 13 have in common is that they can’t be used in gTLDs ICANN considers a “generic string”, which is defined as:

a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.

Does .meet qualify there? It’s undoubtedly a dictionary word, but does it also describe a class of things? Maybe.

Google’s search engine itself gives one definition of “meet” as “an organized event at which a number of races or other athletic contests are held”, which one could reasonably argue is a class of services.

When Afilias applied for .meet in 2012, it expected it to be used by dating sites.

Google did not addresses the non-genericness of the string in its Spec 9 application. That judgement appears to have been made by ICANN alone.

Previously, requests for Spec 9 exemptions from the likes of .giving, .star, .analytics, .latino, .mutual, and .channel have been rejected or withdrawn.

It seems that Spec 9 exemption is going to somewhat limit .meet’s utility, given that third-parties will not be able to get “control or use of any registrations”.

Spring Break redux! ICANN picks Cancun for 2023 meeting

Kevin Murphy, May 13, 2020, Domain Policy

Having had its plans for a public meeting in Cancun, Mexico concurrent with Spring Break nixed by the nasty coronavirus this March, ICANN has decided to try again not once but twice.

Not only is it planning to hold its Community Forum there next year, but its board of directors has just voted to return in 2023 also, in a meeting that will run from March 11 to 16.

It will be ICANN 76. But the location of ICANN 75, scheduled for September 2022, is still a mystery. The board has authorized negotiations with the proposed venue(s) but has redacted any clues as to where it might be.

We don’t even know which of ICANN’s five rotating geographic regions it will be in, though Asia-Pac seems most likely, given that its last physical meeting there was in March 2019.

ICANN’s .org decision was NOT unanimous, and it was made in secret

When ICANN announced its decision to deny Public Interest Registry’s request to be acquired by Ethos Capital at the end of April, I felt a little foolish.

I’d confidently predicted just days earlier that the decision by the board would not be unanimous, but ICANN, in announcing the decision, said “the entire Board stands by this decision”.

But it turns out I was right after all. Three directors voted against the consensus and one abstained.

The dissenting votes were cast by industry policy consultant Avri Doria, Serbian internet pioneer Danko Jevtović, and former Sudanese ccTLD operator Ihab Osman.

Doria and Jevtović voted against the first resolved clause, which rejected PIR’s request. All three voted against the second resolved clause, which would have allowed PIR to file a second request.

Sarah Deutsch, a private practice lawyer, abstained from both votes, presumably because she also sits on the board of the Electronic Frontier Foundation, the civil liberties group that can, via California’s attorney general, probably be credited most with getting the transaction killed.

All three dissenters and Deutsch are Nominating Committee appointees.

According to the preliminary report of the April 30 meeting, “Doria indicated that she would be voting against the resolution and explained her views about how the public interest would be better served by ICANN granting its consent to PIR’s request.”

What her reasons were are not reflected in the record.

It also seems likely that any substantive minuting of ICANN’s decision is likely to be limited, as it appears to have been made at a different, off-the-books session at an unspecified earlier date.

The preliminary report notes the “the Board discussed and considered alternative draft resolutions for potential Board action as part of an earlier briefing”.

No such earlier meeting is listed on ICANN’s web site. The board’s previous formal meeting, two weeks earlier, had PIR’s request removed from the agenda at the last minute.

So it appears that ICANN’s board decided to reject the deal basically in secret at some point between April 17 and April 29, during a meeting of which ICANN has no obligation to publicly release the minutes.

Nice transparency loophole!

There’s always the Documentary Information Disclosure Policy, I suppose.

.org sale officially dead

Public Interest Registry has formally announced that its proposed $1.13 billion acquisition by Ethos Capital is dead.

The company told ICANN yesterday that it is withdrawing its request for a change of control under its .org contract and that it “will not be pursuing an ICANN Request for Reconsideration or taking any other action to try to revive the Transaction”.

In a statement, CEO Jon Nevett said that PIR is no longer for sale to any other party. It will remain under the Internet Society’s control.

He also pointed out that it’s not within ICANN’s power to arbitrarily transfer .org to another registry, as some critics have called for.

“Such a transfer by ICANN is a contractual impossibility under our registry agreement,” he wrote.

ICANN rejected the change of control request after deciding it was not in the public interest for .org to pass into for-profit hands.

Following the decision, ISOC had indicated that PIR was no longer for sale.

ICANN whistleblower expects to be fired after alleging budget irregularities, bugged meetings

Kevin Murphy, May 6, 2020, Domain Policy

The chair of ICANN’s highly influential Nominating Committee expects to lose his seat after turning whistleblower to expose what he says are budgetary irregularities and process failures that could have altered the outcome of ICANN’s board-selection process.

In a remarkable March 25 letter, Jay Sudowski even accuses ICANN of secretly recording and transcribing NomCom’s confidential deliberations.

The NomCom is the secretive committee responsible for selecting people to fill major policy-making roles at ICANN, including eight members of its board of directors. It’s made up of people drawn from all areas of the community.

Because its role is essentially to conduct job interviews with board hopefuls, it’s one of the few areas of the ICANN community whose conversations are almost entirely held in private.

But Sudowski is attempting to shine a little light on what’s going on behind the scenes by filing a broad and deep request under the Documentary Information Disclosure Policy, which is ICANN’s equivalent of a freedom of information law.

In it, he accuses ICANN Org of some fairly serious stuff.

First, he claims ICANN is fudging its budget by over-reporting how many full-time equivalent (FTE) staff members are involved in NomCom work, and by denying requests for “trivial” reimbursements of as little as $47 even as NomCom cuts costs by moving to a remote-only working model.

ICANN grants NomCom a FY20 budget of $900,000, of which $600,000 is allocated to “personnel costs” related to three FTEs.

“Nowhere near 3 FTEs are allocated to NomCom. Where is this money going?” Sudowski asks, demanding under the DIDP to see records of how much ICANN actually spent supporting NomCom’s work over the last five years.

He also claims that the NomCom process may have been compromised by allowing non-voting members to participate in decision-making meetings during the 2017 cycle, writing:

ICANN Org potentially allowed the NomCom to violate ICANN Bylaws by allowing nonvoting members of the NomCom to participate in outcome determinate components of the assessment and selection process that may have fundamentally alerted [I believe this is a typo for “altered”] the outcome of the 2017 NomCom process.

The non-voting members of the NomCom are the board-appointed chair and chair-elect, as well as appointees from the Root Server System Advisory Committee, Security and Stability Advisory Committee and Governmental Advisory Committee.

The board members appointed by NomCom in 2017 were Avri Doria and Sarah Deutsch. NomCom also picked members of the GNSO Council, ccNSO Council and At-Large Advisory Committee.

Sudowski, whose day job is running a data center company in Colorado, further claims that the ICANN board has been instructed by the Org to refuse to communicate with NomCom members.

“In recent years, ICANN Org has secretly recorded and transcribed confidential deliberations of the NomCom,” he adds.

He wants evidence of all of this to be released under the DIDP, under a nine-point list of documentation requests.

It’s unfortunate that I am forced to make this request in such a public manner, but when there is controversy over a $47 expense to support a NomCom member, I can only come to the conclusion that ICANN Org is unable and unwilling to provide necessary “administrative and operational support” for the NomCom.

He also expects retribution:

I also expect that the Board, which has been instructed to not communicate with me, will remove me from my role as Chair of the NomCom, given the nature of the concerns noted in this letter. Frankly, if this comes to pass, my removal is a clear and direct attack on the autonomy and authority of the entire NomCom.

So far, his request has not been answered.

Under the DIDP, ICANN has a maximum of 30 days to reply to such requests. In reality, this has always been treated as a minimum, with both request and response typically published on the same day, exactly 30 days after the original filing.

Its responses are typically links to information already in the public record and a list of excuses why no more info will be released.

But so far, neither request nor response has been published in the usual place, 42 days after Sudowski sent his letter. ICANN has missed its deadline by almost two weeks.

The only reason the DIDP (pdf) is in the public domain at all is that Sudowski copied it to the mailing list of the Empowered Community, ICANN’s community-based oversight body. Thanks to George Kirikos for posting the link to Twitter last week.

It is a pretty extensive request for information, that presumably would take some time to collate, so I’d be hesitant to cry “cover-up” just yet.

But the fact that the request exists at all serves to highlight the shocking lack of trust between ICANN and one of its most powerful committees.

UPDATE: Sudowski has said that his request was withdrawn. There’s no particular reason it could not be refiled by somebody else, however, as DIDP is open to all.