Latest news of the domain name industry

Recent Posts

Registries propose PKI-based new gTLD sunrises

Kevin Murphy, September 12, 2012, Domain Tech

Neustar and ARI Registry Services have come up with an alternative to ICANN’s proposed new gTLDs sunrise period process, based on a secure Public Key Infrastructure.

The concept was outlined in a draft paper published today, following an intensive two-day tête-à-tête between domain companies and Trademark Clearinghouse providers IBM and Deloitte last month.

It’s presented as an alternative to the implementation model proposed by ICANN, which would use unique codes and was criticized for being inflexible to the needs of new gTLD registries.

The PKI-based alternative from Neustar and ARI would remove some of the cost and complexity for registries, but may create additional file-management headaches for trademark owners.

Under the ICANN model, which IBM and Deloitte are already developing, each trademark owner would receive a unique code for each of their registered trademarks and each registry would be given the list of codes.

If a trademark owner wanted a Sunrise registration, it would submit the relevant code to their chosen registrar, which would forward it to the registry for validation against the list.

One of the drawbacks of this method is that registries don’t get to see any of the underlying trademark data, making it difficult to restrict Sunrise registrations to certain geographic regions or certain classes of trademark.

If, for example, .london wanted to restrict Sunrise eligibility to UK-registered trademarks, it would have no easy way of doing so using the proposed ICANN model.

But IP interests participating in the development of the Trademark Clearinghouse have been adamant that they don’t want registries and registrars getting bulk access to their trademark data.

They’re worried about creating new classes of scams and have competitive concerns about revealing their portfolio of trademarks.

Frankly, they don’t trust registries/rars not to misuse the data.

(The irony that some of the fiercest advocates of Whois accuracy are so concerned about corporate privacy has not been lost on many participants in the TMCH implementation process.)

The newly proposed PKI model would also protect trademark owners’ privacy, albeit to a lesser extent, while giving registries visibility into the underlying trademark data.

The PKI system is rather like SSL. It used public/private key pairs to digitally sign and verify trademark data.

Companies would submit trademark data to the Clearinghouse, which would validate it. The TMCH would then sign the data with its private key and send it back to the trademark owner.

If a company wished to participate in a Sunrise, it would have to upload the signed data — most likely, a file — to its registrar. The registrar or registry could then verify the signature using the TMCH’s public key.

Because the data would be signed, but not encrypted, registrars/ries would be able to check that the trademark is valid and also get to see the trademark data itself.

This may not present a privacy concern for trademark owners because their data is only exposed to registries and registrars for the marks they plan to register as domains, rather than in bulk.

Registries would be able to make sure the trademark fits within their Sunrise eligibility policy, and would be able to include some trademark data in the Whois, if that’s part of their model.

It would require more file management work by trademark owners, but it would not require a unique code for each gTLD that they plan to defensively register in.

The Neustar/ARI proposal suggests that brand-protection registrars may be able to streamline this for their clients by enabling the bulk upload of trademark Zip files.

The overall PKI concept strikes me as more elegant than the ICANN model, particularly because it’s real-time rather than using batch downloads, and it does not require the TMCH to have 100% availability.

ICANN is understandably worried that about the potentially disastrous consequences for the new gTLD program if it creates a TMCH that sits in the critical registration path and it goes down.

The PKI proposal for Sunrise avoids this problem, as registries and registrars only need a stored copy of the TMCH’s public key in order to do real-time validation.

Using PKI for the Trademark Claims service — the second obligatory rights protection mechanism for new gTLD launches — is a much trickier problem if ICANN is to stick to its design goals, however.

ARI and Neustar plan to publish their Trademark Claims proposal later this week. For now, you can read the Sunrise proposal in PDF format here.

“Whistleblower” accuses Nominet of trying to dodge freedom of information law

Kevin Murphy, September 11, 2012, Domain Policy

Nominet, the .uk registry, tried to evade the Freedom Of Information Act by using private email addresses to communicate with the British government, according to emails leaked by a disgruntled former executive.

Copies of the emails provided to DI by former policy director Emily Taylor appear to show that Nominet and the Department for Business, Enterprise and Regulatory Reform worked secretly in 2008 to invite government regulatory oversight of the .uk namespace.

Back then, Nominet’s elected board of directors was seen as being in danger of being taken over by domainers who were hostile to Nominet’s management and the rest of its board.

The company was ultimately restructured following an independent review, and Parliament passed legislation that enables the government to take over .uk if it appears to be in danger of capture.

The party line to date has been that the review was commissioned in October 2008, only after BERR wrote to Nominet to express concerns about its governance problems.

That position is looking increasingly open to question, however.

As I reported for The Register last month, an employment tribunal seemed to agree with Taylor that Nominet had approached BERR to discuss this so-called “Plan G” first.

The latest leaked emails, assuming they’re genuine, also make the Nominet position appear less believable.

This is the text of an email apparently sent from the personal email account of BERR civil servant Geoff Smith to the personal email account of Nominet senior policy adviser Martin Boyle:

Martin

Thanks. It was helpful to talk earlier. I have had a look at your mark up and the additional point by Emily. All good stuff but – as I said – I think the heart of our letter has to be a set of reasonable and intelligent questions that a senior civil servant, not familiar with the inner workings of the company, might ask. As I said earlier, if it needs translation from the Mandarin, then it has failed. Equally, if it reads like a Nominet management position paper on BERR letterhead then it has also failed. I will look seriously at your amendments and try and produce a version for David’s signature over the next two days.

It feels wonderful to work free from fear of FOI !!

Geoff

The email is dated October 8, 2008, a week before the BERR letter (pdf) that kicked off the independent governance review.

The “fear of FOI” is of course a reference to the Freedom Of Information Act, which enables British citizens to request government documentation including emails.

By using personal email accounts, Nominet and BERR would have been able to keep their negotiations out of reach of the FOIA.

The emails, again assuming they’re genuine, also show that Mark Carvell, senior advisor at BERR and longstanding UK representative on ICANN’s Governmental Advisory Committee, was using his personal email account to communicate with Nominet executives during the same period.

In one email, Boyle encourages Carvell and Smith to delete emails in anticipation of a FOI request.

Sent: Fri, 31 October, 2008 18:55:18
Subject: FW: [nom-steer] Save Nom-steer!

Geoff, Mark

This e-mail (below) – posted on nom-steer – makes me think that a FoI is just around the corner!

Most obvious would be the e-mail from me asking when we might expect the letter, but Pauline used this as the mail to reply to with the signed letter from David.

You might wish to trawl over your mails – in and out – to do a bit of pruning and suggest to Pauline that a couple might need to be deleted, too.

I’ve spoken to Tom and he is aware, too.

Martin Boyle

Attached is a forwarded email from domainer Andrew Bennett, then a member of Nominet’s Policy Advisory Board, which appears to show Bennett researching relationships between the company and BERR.

There’s no evidence that Smith or Carvell did delete any emails.

BERR has changed names a couple of times under successive governments, and is now the Department of Business, Innovation and Skills. Carvell is now at the Department for Culture, Media and Sport.

Taylor has provided her documents to Nominet’s local MP, Andrew Smith, who has referred the matter to the Head of the Home Civil Service and the chair of the Culture, Media and Sport Select Committee.

Trying to avoid FOI is frowned upon.

Last year, the Information Commissioner’s Office said that “information held in private email accounts can be subject to Freedom of Information law if it relates to official business”.

In addition to the FOIA claims, Taylor alleges that there is “an inappropriately close relationship between government officials in DCMS, BIS, and possibly Ofcom, and Nominet.”

Nominet told DI today that it is looking into the matter but declined to comment further.

Last month, when Taylor’s employment tribunal documents became public, the company issued a statement in which it denied instigating the government’s request for an independent review, saying:

This is not the case. Two major organisations (an ISP and a major British trade body) had already been in contact with BERR prior to any discussions between Nominet and the Government. Again, Nominet took actions focussed on supporting the ongoing trust in .uk and that we believed supported the goals of our membership as a whole. As you would expect of an organisation responsible for a piece of critical UK Internet infrastructure, we maintain a constant dialogue with the Government – but all conversations on this matter post-date the initial raising of concerns by stakeholders.

Taylor claims, however, that the ISP and the trade body (BT and the Confederation of British Industry) approached BERR at the behest of herself and other Nominet executives.

As previously reported, Taylor resigned from her position at Nominet in 2009, not long after returning to work following a period of stress-related sick leave.

An employment tribunal found last year that she had been constructively dismissed — that is, essentially forced out — by Nominet after she filed a grievance against her colleagues and they grew to distrust her. She’s currently an independent consultant.

ICANN dragging its feet on new gTLD refunds?

Kevin Murphy, September 10, 2012, Domain Registries

Former new gTLD applicants are having to wait for months to have their deposits refunded by ICANN, according to two companies that withdrew applications before Reveal Day.

One company withdrew four applications and requested a refund on May 7, some weeks before the TLD Application System closed to new applicants, according to the consultancy Sedari.

But the company, a Sedari client, is still waiting for the return of its $20,000 TAS access fee over four months later, according to Sedari.

Another applicant, GJB Partners, filed a complaint with the California Attorney General in July after waiting for over a month for the refund of a $185,000 application fee.

According to the complaint, the application was withdrawn June 6, a week before Reveal Day, after the company had TAS password problems and suspected foul play.

The company eventually received its refund July 11, shortly after filing the AG complaint.

Sedari’s client has yet to received its refunds, according to the company.

Are any other readers experiencing similar problems?

Secret ICANN briefing fuels IGO new gTLDs debate

Kevin Murphy, September 10, 2012, Domain Policy

The Universal Postal Union, newly installed .post registry manager, has launched a withering attack on ICANN for protecting some intergovernmental organizations and not others.

Its salvo follows the release of briefing materials — previously redacted — that ICANN’s board was given when it approved the new gTLD program at the Singapore meeting in June 2011.

The UPU says that the documents show that ICANN engaged in “ex post facto attempts at justifying legally-flawed decisions” when it decided to give extra protection to the Olympics and Red Cross/Red Crescent movements.

As you may recall, these protections were granted by the ICANN board when the program was approved, following lobbying of the Governmental Advisory Committee by both organizations.

In the current round, nobody was allowed to apply for gTLDs such as .redcross or .olympic, or translations in dozens of languages. There are also ongoing talks about extending this protection to the second level.

Some have argued that this would lead to a “slippery slope” that would resurrect the problematic Globally Protected Marks List, something ICANN and the GAC have denied.

They have maintained that the IOC/RC/RC movements are unique — their marks are protected by international treaty and many national laws — and no other groups qualify.

Other IGOs disagree.

Almost 40 IGOs, including the United Nations and International Telecommunications Union, are lobbying for an additional 1,108 strings to be given the same protection as the Olympics.

If they get what they want, four applied-for gTLDs could be rejected outright and dozens of others would be put at risk of failing string similarity reviews.

According to the UPU’s latest letter, ICANN’s newly disclosed rationale for giving only the IOC/RC/RC organizations special privileges was based on a flawed legal analysis:

most of the recommendations contained in documents such as the Unredacted Paper seem to reflect, in an unambiguous way, ex post facto attempts at justifying legally-flawed decisions in order to narrow even further the necessary eligibility “criteria” for protection of certain strings, apparently so that only two organizations would merit receiving such safeguards under the new gTLD process.

In other words, according to the UPU and others, ICANN found itself in a position in June 2011 where it had to throw the GAC a few bones in order to push the new gTLD program out of the door, so it tried to grant the IOC/RC/RC protections in such a way that the floodgates were not opened to other organizations.

You can read the unredacted ICANN briefing materials here. The UPU letter, which deconstructs the document, is here.

It’s worth noting that the Applicant Guidebook already gives IGOs the explicit right to file Legal Rights Objections against new gTLD applications, even if they don’t have trademark protection.

Big brands ask US for published list of known cybersquatters, other stuff

Kevin Murphy, September 6, 2012, Domain Policy

A public, published list of repeat cybersquatters was among the demands that the trademark lobby took to a meeting with the US government in Washington DC yesterday.

The summit, hosted by the Department of Commerce, was the latest stage in the US government’s response to the campaign for more new gTLD rights protection mechanisms kicked off by the Association of National Advertisers a little over a year ago.

About 30 big brand owners, along with several trade associations and campaign groups, took part.

The Internet Commerce Association somehow managed to blag an invitation too, and was the only representative of domain registrants, according to a blog post by ICA counsel Phil Corwin.

The companies, which included tech companies such as Microsoft, Facebook, AOL, Yahoo and eBay and offline brand owners such as Nike, Coca-Cola, Time Warner and News Corp, met in early June to formulate a set of recommendations to take to Commerce.

These recommendations are outlined in an August 29 letter (pdf), a copy of which DI has obtained.

Notably, the companies asked for a published list of “bad actors” who have repeatedly lost Uniform Rapid Suspension cases. The letter states:

Recidivist bad actors should be tracked via a list of common Respondents and that list should be published and publicly available.

However, we understand that this request is a low-priority item, discussed only briefly yesterday, and that Commerce representatives did not immediately embrace it.

The bulk of the discussions related to tweaks trademark owners want to see in the Trademark Claims service — which alerts them and the registrant when somebody tries to register a potentially infringing domain name — and the URS.

The brand owners want Trademark Claims, which new gTLD registries are only obliged to offer for the first 60 days of general availability, extended for a longer period, possibly up to three years.

On the face of it, this is among the most reasonable longstanding demands from the IP crowd, but ICANN has resisted it to date as it’s worried about creating a monopoly in the pre-existing market for trademark monitoring services.

If the Trademark Clearinghouse is alerting you every time somebody registers a domain name with your brand in it, why pay MarkMonitor or Melbourne IT for the same service?

The letter also says that Trademark Claims should cover brand+keyword registrations, and domains containing registered trademarks, rather than just exact matches.

The worrisome aspect of this request is that there’s quite a high risk of false positives due to run-on words, very short trademarks, acronyms and dictionary words.

Non-commercial ICANN stakeholders dislike this due to the possibility of a chilling effect on free speech, while registries and registrars don’t like anything that puts unnecessary obstacles in the registration path.

With URS, the trademark owners want a full loser-pays system, though they acknowledge that it could raise the filing fee, which is something they don’t want.

To keep costs down, they want a lower filing fee for cases where the registrant does not respond and a URS panelist is not appointed, which seems like a reasonable idea.

The idea of ICANN (and, ultimately, registrants) subsidizing URS fees has also been put forward.

Finally, the trademark owners want registries to implement defensive blocking systems with one-time fees, modeled on the Sunrise B process that ICM Registry used with the launch of .xxx.

Some of the ideas — such as lower filing fees for uncontested URS cases — seem fairly reasonable and I can see them gaining traction.

Others, such as the brand+keyword protections, seem harder to implement and less likely to pass through ICANN unchallenged.

So what happens next? According to ICA’s Corwin:

For their part, the hosts of the meeting [Commerce] listened politely but did not to endorse any of the suggestions, although they did commit to follow-up interagency discussions. It was pointed out that some of the proposals have been raised before and went nowhere within ICANN, and questions were raised about what process would be utilized to place them before the broader ICANN community and its Board. It was also indicated that the U.S. would be reluctant to undertake any unilateral communications on these matters to ICANN’s Board.

Given this reluctance, I wouldn’t be surprised to see some of these ideas bubbling up through the Governmental Advisory Committee instead, as ideas from the US trademark lobby are wont to do.

As with every ICANN meeting, expect to see further discussions in Toronto next month.