Latest news of the domain name industry

Recent Posts

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.

In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.

The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.

The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.

PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

Losers would either have their domain suspended or, like UDRP, seized by the complainant.

The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.

But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.

The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.

The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.

I understand that ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.

Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.

Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.

Copyright ADRP may not be dead yet, but its future does not look bright.

Hacked ICANN data for sale on black market

Kevin Murphy, February 22, 2017, Domain Services

If you were a user of ICANN’s Centralized Zone Data Service back in 2014 you may wish to think about changing some passwords today.

ICANN has confirmed that a bunch of user names and hashed passwords that were stolen in November 2014 have turned up for sale on the black market.

The batch reportedly contains credentials for over 8,000 users.

ICANN said yesterday:

ICANN recently became aware that some information obtained in the spear phishing incident we announced in 2014 is being offered for sale on underground forums. Our initial assessment is that it is old data and that no new breach of our systems has occurred. The data accessed in the 2014 incident breach included usernames and hashed passwords for our Centralized Zone Data System (CZDS). Once the theft was discovered, we reset all user passwords, and urged users to do the same for any other accounts where they used the same passwords.

While CZDS users have all presumably already changed their CZDS passwords, if they are still using that same password for a non-CZDS web site they may want to think about changing it.

ICANN first announced the hack back in December 2014.

It said at the time that the Government Advisory Committee’s wiki, and a selection of other less interesting pages, had also been compromised.

The attackers got in after a number of ICANN staffers fell for a spear-phishing attack — a narrowly targeted form of phishing that was specifically aimed at them.

If you email with ICANN staff with any regularity you will have noticed that for the last several months your email subject lines get prefixed [EXTERNAL] before the staffer receives them.

That’s to help avoid this kind of attack being successful again.

Blah blah ICANN blah .africa blah delegated blah blah…

Kevin Murphy, February 15, 2017, Domain Registries

Today blah blah ZA Central Registry blah blah .africa blah delegated blah.

ICANN blah blah root blah. Blah blah ZACR blah nic.africa.

Blah blah five years blah blah contention blah lawsuit blah blah DotConnectAfrica blah. Blah blah Bekele blah IRP blah.

ICANN blah blah Governmental Advisory Committee blah blah blah African Union blah blah blah.

Blah blah Geographic Names Panel blah blah controversy blah blah blah blah lawsuit blah blah blah leg to stand on.

Blah racist blah blah conspiracy blah blah blah… nutty. Blah.

Blah reporting blah damned blah story blah forever blah blah bored blah blah blah blah.

Blah blah blah.

.africa to finally go live after judge denies injunction

Kevin Murphy, February 10, 2017, Domain Policy

A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.

Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.

The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.

Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.

Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.

Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.

An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.

Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:

The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages

He balanced this against the harm of NOT delegating .africa:

The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.

So what now?

ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”

As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.

Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.

If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.

Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.

While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.

You can read Halm’s ruling here (pdf).

Antitrust feds probing Verisign’s .web deal

Kevin Murphy, February 10, 2017, Domain Policy

US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.

The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:

On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.

He did not comment further, beyond describing it as “kind of like a subpoena”.

Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.

Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.

ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.

But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.

It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.

It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.

Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.

The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.

It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.