Latest news of the domain name industry

Recent Posts

Donuts backs away from .spa fight

Kevin Murphy, November 26, 2018, Domain Registries

Donuts has finally admitted defeat in its long-running fight to run the .spa gTLD, withdrawing its application and leaving rival Asia Spa and Wellness Promotion Council the victor.

ASWPC, run from Hong Kong by .asia’s Edmon Chung, has now entered into contracting with ICANN.

The company had won a Community Priority Evaluation back in 2015, with a passing score of 14 out of 16, which Donuts has been challenging ever since.

Donuts and ICANN were in a so-called Cooperative Engagement Process, a form of informal arbitration designed to stave off a more expensive Independent Review Process fight, from January 2016 until this month.

This meant ASWPC has been sitting twiddling its thumbs, unable to sign its contract or launch its TLD, for the better part of three years.

It’s not clear why Donuts decided not to go to a full-blown IRP. The company declined to comment for this article.

As a community applicant, the company had the backing of hundreds of spas worldwide.

It also had the backing of the Belgian government, which was important because spas are (little-known fact alert!) named after the tiny Belgian town of Spa.

It is believed that ASWPC promised up to 25% of its profits to Spa in order to gain this backing, but only from domains registered by Belgian, Dutch, Luxembourgish, French or German registrants.

First chance to have your say on the future of Whois

Kevin Murphy, November 23, 2018, Domain Policy

RIP: the Whois Admin.

Standard Whois output is set to get slimmed down further under newly published policy proposals.

The community working group looking at post-GDPR Whois has decided that the Admin Contact is no longer necessary, so it’s likely to get scrapped next year.

This is among several recommendations of the Expedited Policy Development Process working group on Whois, which published its initial report for public comment late Wednesday.

As expected, the report stops short of addressing the key question of how third-parties such as intellectual property interests, domain investors, security researchers and the media could get streamlined access to private Whois data.

Indeed, despite over 5,000 person-hours of teleconferences and face-to-face meetings and about 1,000 mailing list messages since work began in early August, the EPDP’s 50 members have yet to reach consensus on many areas of debate.

What they have reached is “tentative agreement” on 22 recommendations on how to bring current ICANN Whois policy into line with EU privacy law, the General Data Protection Regulation.

The work is designed to replace the current Temporary Specification, a Band-Aid imposed by the ICANN board of directors, which is due to expire next May.

The EPDP initial report proposes a few significant changes to what data is collected and publicly displayed by the Whois system.

The most notable change is the complete elimination of the Admin Contact fields.

Currently, Whois contains contact information for the registrant, admin contact and technical contact. It’s often the same data replicated across all three records, and under the Temp Spec the large majority of the data is redacted.

Under the EPDP’s proposal, the Admin Contact is superfluous and should be abandoned altogether. Not only would it not be displayed, but registrars would not even collect the data.

The Tech Contact is also getting a haircut. Registrars would now only be able to collect name, phone and email address, and it would be optional for the registrant whether to provide this data at all. In any event, all three fields would be redacted from public Whois output.

For the registrant, all contact information except state/province and country would be redacted.

There’s no agreement yet on whether the optional “organization” field would be redacted, but the group has agreed that registrars should provide better guidance to registrants about whether they need to provide that data.

While data on legal persons such as companies is not protected by GDPR, some fear that natural person registrants may just naively type their own name into that box when registering a name, inadvertently revealing their identities to the public.

Those providing Whois output would be obliged, as they are under the Temp Spec, to publish an anonymized email address or web-based contact form to allow users to contact registrants without personal information being disclosed.

That German lawsuit

The recommendation to slash what data is collected could have an impact on ICANN’s lawsuit against Tucows’ German subsidiary, EPAG.

ICANN is suing EPAG after the registrar decided that collecting admin and tech contact info was not compliant with GPDR. It’s been looking, unsuccessfully, for a ruling forcing the company to carry on collecting this data.

Tucows is of the view that if the admin and tech contacts are third parties to the registration agreement, it has no right to collect data about them under the GDPR.

If ICANN’s own community policy development process is siding with Tucows, this could guide ICANN’s future legal strategy, but not, it appears, until it becomes firm consensus policy.

I asked ICANN general counsel John Jeffrey about whether the EPDP’s work could affect the lawsuit during an interview October 5, shortly after it became clear that the admin/tech contact days might be numbered.

“Maybe,” he said. “If it becomes part of the policy we’ll have to assess that. Until there’s a new policy though, what we’re working with is the Temp Spec. The Temp Spec we believe is enforceable, we believe have the legal support for that, and we’ll continue down that path.”

(It might be worth noting that Thomas Rickert, whose law firm represents EPAG in this case, is on the EPDP working group in his capacity of head of domains for German trade group eco. He is, of course, just one of the 31 EPDP members developing these recommendations at any given time.)

IP wheel-spinning

The main reason it’s taken the EPDP so long to reach the initial report stage — the report was originally due during the ICANN 63 Barcelona meeting a month ago — has been the incessant bickering between those advocating for, and opposing, the rights of intellectual property interests to access private Whois data.

EPDP members from the IP Constituency and Business Constituency have been attempting to future-proof the work by getting as many references to IP issues inserted into the recommendations as they can, before the group has turned its attention to addressing them specifically.

But they’ve been opposed every step of the way by the Non-Commercial Stakeholders Group, which is concerned the IP lobby is trying to policy its way around GDPR as it relates to Whois.

Many hours have been consumed by these often-heated debates.

My feeling is that the NCSG has been generally winning, but probably mainly because the working group’s charter forbade discussion about access until other issues had been addressed.

As it stands today, the initial report contains this language in Recommendation #2:

Per the EPDP Team Charter, the EPDP Team is committed to considering a system for Standardized Access to non-public Registration Data once the gating questions in the charter have been answered. This will include addressing questions such as:

• What are the legitimate purposes for third parties to access registration data?

• What are the eligibility criteria for access to non-public Registration data?

• Do those parties/groups consist of different types of third-party requestors?

• What data elements should each user/party have access to?

In this context, amongst others, disclosure in the course of intellectual property infringement and DNS abuse cases will be considered

This is basically a placeholder to assure the IP crowd that their wishes are still on the table for future debate — which I don’t think was ever in any doubt — but even this basic recommendation took hours to agree to.

The EPDP’s final report is due February 1, so it has just 70 days to discuss this hypothetical “Standardized Access” model. That’s assuming it started talks today, which it hasn’t.

It’s just nine weeks if we assume not a lot is going to happen over the Christmas/New Year week (most of the working group come from countries that celebrate these holidays).

For context, it’s taken the working group about 115 days just to get to the position it is in today.

Even if Standardized Access was the only issue being discussed — and it’s not, the group is also simultaneously going to be considering the public comment on its initial report, for starters — this is an absurdly aggressive deadline.

I feel fairly confident in predicting that, come February 1, there will be no agreement on a Standardized Access framework, at least not one that would be close to implementable.

Have your say

All 22 recommendations, along with a long list of questions, have now been put out for public comment.

The working group is keen to point out that all comments should provide rationales, and consider whether what they’re asking for would be GDPR-compliant, so comments along the lines of “Waaah! Whois should be open!” will likely be rapidly filed to the recycle bin.

It’s a big ask, considering that most people have just a slim grasp of what GDPR compliance actually means.

Complicating matters, ICANN is testing out a new way to process public comments this time around.

Instead of sending comments in by email, which has been the norm for two decades, a nine-page Google form has been created. This is intended to make it easier to link comments to specific recommendations. There’s also a Word version of the form that can be emailed.

Given the time constraints, it seems like an odd moment to be testing out new processes, but perhaps it will streamline things as hoped. We’ll see.

Uniregistry working on bulk trademark blocking service

Kevin Murphy, November 21, 2018, Domain Registries

Uniregistry is planning to launch a bulk trademark block service, along the same lines as Donuts’ Domain Protected Marks List.

But it’s going to be roughly 50% more expensive than DPML, on a per-TLD basis.

The company has applied to ICANN to run what it calls “Uni EP” across its whole portfolio of 26 gTLDs.

Uni EP would be “largely identical” to DPML, according to Uniregistry’s Registry Service Evaluation Requests.

This means that anyone who has their trademark registered in the Trademark Clearinghouse will be able to block the matching string in all of Uniregistry’s TLDs.

Nobody else would be able to register that mark unless they also had a TMCH-validated trademark for the same string.

The pricing would be lower than if the brand owner individually defensively registered in each of the 26 TLDs.

With Donuts, which manages a portfolio almost 10 times as large, DPML tends to be priced around the $6,000 mark retail for a five-year block. That works to about $5 per TLD per year.

Uniregistry CEO Frank Schilling said Uni EP could be priced as low as $200 per year. That would work out to about $7.70 per TLD.

The relatively higher pricing might make sense when you consider the larger variation in regular pricing for Uniregistry TLDs, compared to Donuts.

It has several that retail for around $100 a year, and three — .cars, .car and .auto — that sell for close to $3,000 a year.

Still, the Uni EP price is obviously going to be a lot cheaper than regular defensive registrations.

Companies that have already purchased defensively would get to add their domains to the block service after the current registration expires, the RSEP states.

Like DPML, Uni EP would also have a “Plus” version, in which confusingly similar strings in eight scripts would also be blocked.

Uniregistry says it consulted with three brand protection registrars — CSC, MarkMonitor and Safenames — about the service and that their reactions were “favorable”.

Uniregistry’s current portfolio comprises .country, .audio, .car, .blackFriday, .auto, .cars, .christmas, .click, .diet, .flowers, .game, .gift, .guitars, .help, .hiphop, .hiv, .hosting, .juegos, .link, .lol, .mom, .photo, .pics, .property, .sexy, and .tattoo.

ICANN urged to reject .com price increases

Kevin Murphy, November 21, 2018, Domain Registries

The Internet Commerce Association has asked ICANN to refuse to allow Verisign to raise its wholesale prices for .com domain names.

The domainer trade group wrote to ICANN last week to point out that just because the Trump administration has dropped the US government objection to controlled price increases, that doesn’t necessarily mean ICANN has to agree.

Verisign’s deal with the National Telecommunications and Information Administration “does not of course, compel ICANN to agree to any such increases. Any such decision regarding .com pricing
remains with ICANN” ICA general counsel Zak Muscovitch wrote.

The deal allows Verisign to increase the price of .com registrations, renewals and transfers by 7% per year in four of the next six years, leading to a compound 30% increase by the time it concludes.

The arguments put forth Muscovitch’s letter are pretty much the same as the arguments ICA made when it was lobbying NTIA to maintain the price freeze.

Namely: Verisign already makes a tonne of money from .com, it has a captive audience, it cannot claim credit for .com’s success, and .com is not constrained by competition.

“As NTIA makes clear, it is up to Verisign to request a fee increase and ICANN that may agree or disagree. ICANN should not agree. Indeed, it would be a dereliction of ICANN’s responsibilities to the ICANN community if Verisign were permitted to raise its fees when it is already very well paid for the services which it provides,” Muscovitch’s letter (pdf) concludes.

For many years ICANN has been reluctant to get involved in price regulation. It remains to be seen whether it will make an exception for .com.

ICANN probing Donuts and Tucows over anti-Jewish web site

Kevin Murphy, November 16, 2018, Domain Policy

ICANN is investigating Tucows and Donuts over a web site that hosts antisemitic, white supremacist content.

CEO Goran Marby said in a letter published this week that he has referred a complaint about the web site judas.watch to ICANN’s Compliance department.

The web site in question says it is dedicated to documenting “anti-White traitors, agitators and subversives & highlighting Jewish influence.” It appears to be half database, half blog.

Its method of “highlighting Jewish influence” is possibly the most disturbing part — the site tags people it believes are Jewish with a yellow Star of David, mimicking the way the Nazis identified Jews during the Holocaust.

The site is quite liberal in how it applies these stars, going so far as to label UK Labour Party leader Jeremy Corbyn, who has been fighting off his own allegations of antisemitism for years, as Jewish.

Over 1,600 people and organizations are currently listed. Posts there also seem keen to highlight its subjects’ sexual orientation.

As far as I can tell, there are no direct calls to violence on the site, and the level of what you might call “hate speech” is pretty mild. It publishes the social media handles of its subjects, but I could not find any physical addresses or phone numbers.

The complaint to ICANN (pdf) came from WerteInitiative (“Values Initiative”), which appears to be a small, relatively new Jewish civil society group based in Germany.

WerteInitiative said judas.watch “poses a direct threat to the named persons with unforeseeable consequences for them, and especially so for the identified Jews”.

“We want this site banned from the Internet and ask for your help in doing so: can you help us to find out who behind this page is, so we can get it banned in Germany?” the letter concludes.

The domain has been behind Whois privacy since it was registered in 2014, so the registrant’s name was not public even prior to GDPR.

Marby, in response (pdf), says the complaint “raises a serious issue”.

While he goes to some lengths to explain that ICANN does not have the authority, contractual or otherwise, to demand the suspension of any domain name, he said he has nevertheless referred the complaint to Compliance.

Compliance has already reached out to the organization for more information, Marby said.

He also encouraged WerteInitiative to talk to .watch registry Donuts and judas.watch registrar eNom (owned by Tucows), as well as the hosting company, to see if that could help resolve the issue.

While ICANN is always adamant that it does not venture into content regulation, it strikes me that this exchange shows just what a tightrope it walks.

It comes against the backdrop of controversy over the suspension by GoDaddy of the domain Gab.com, a Twitter clone largely hosting far-right voices that have been banned from other social media platforms.