Latest news of the domain name industry

Recent Posts

You won’t need a password for ICANN 68 after all

Kevin Murphy, June 17, 2020, Domain Policy

ICANN has ditched plans to require all ICANN 68 participants to enter a password whenever they enter one of the Zoom sessions at the meeting next week.

The org said today that it will use URLs with embedded passwords, removing the need for user input, after reviewing changes Zoom made last month.

These included features such as a waiting room that enables meeting hosts to vet participants manually before allowing them to enter the meeting proper.

ICANN said: “Please use these links cautiously, only share them on secure channels such as encrypted chat or encrypted e-mail, and never post them publicly.”

ICANN had said last month, before the Zoom changes, that it would require passwords in order to limit the risk of Zoombombing — where trolls show up and spam the meeting with offensive content. One ICANN Zoom session had been trolled in this way in March.

The org also said today that participants will be asked to give their consent to be recorded upon entry to a session.

“It is our hope that this small change empowers attendees by providing quick access and more control over the acceptance of our policies as it relates to attending virtual meetings,” ICANN lied, to cover for the obvious piece of legal ass-covering.

Refuse consent and see how far you get.

ICANN confirms Hamburg cancellation

Kevin Murphy, June 16, 2020, Domain Policy

With ICANN 68 due to start online next Monday, ICANN has confirmed that its annual general meeting in October is going to be online-only also.

ICANN 69 will now be held on Zoom, instead of at Hamburg’s new convention center, the organization confirmed on Friday.

It’s because of coronavirus, of course. ICANN’s taking the depressing yet realistic view that mass gatherings of international travelers will still be inadvisable and maybe even illegal four months hence.

It’s bad news for ICANN’s core staff in Los Angeles who, if ICANN sticks to the Hamburg time zone as it has with canceled meetings in Cancun and Kuala Lumpur, will start their working day at 0130 local time for a week straight.

It’s particularly bad news for me. I had a whole range of Ombudsman-enraging jokes lined up related to “sausage fests”, “69s”, etc.

Still, I suppose it could be wurst.

Three big registries will take down opioid domains for US govt

Verisign, Public Interest Registry and Neustar (now part of GoDaddy) will suspend domain names being used to illegally sell opioids under a pilot scheme with the US government.

The Food and Drug Administration announced this week that this new “trusted notifier” program will go into effect for 120 days.

When the FDA finds a site suspected of selling opioids illegally, it will notify the registry as well as the web site’s owner and hosting provider.

The registries will then be able to decide whether to suspend the domain or not. It’s voluntary.

The National Telecommunications and Information Administration will also take part in the project.

Verisign runs .com and .net, PIR runs .org and Neustar runs .us, .co and .biz.

Opioids are legal, pharmaceutical pain-killers derived from opium. They’re ridiculously addictive and account for as many drug overdose deaths in the US as heroin, but are over-prescribed by US doctors.

It’s not the first time registries have agreed to trusted notifier programs. Some new gTLD registries have deals with the movie and music industries to suspend domains involved in copyright infringement.

The announcement comes just a few weeks after ICANN rejected a deal that would have seen PIR create a community oversight body with responsibilities to monitor domain-suspension policies in .org.

ICANN board tries to redefine mediocrity — literally

Kevin Murphy, June 9, 2020, Domain Policy

After 21 years of covering this stuff, the volume and extent of ICANN’s navel-gazing no longer amazes me, but every now and then I stumble upon something that forces a little angry smile from my lips.

It appears the ICANN board of directors is seeking to redefine mediocrity itself, in a very literal way, and it may well cost your money to do so.

I’ll explain.

Every two years, the board conducts a self-evaluation via a survey put together by ICANN staff. That survey recently came up for review by the board’s seven-person Board Governance Committee.

According to the meeting’s minutes, the BGC decided it was unhappy with the word “neutral” to describe a score of #3 on what I’m guessing is a five-point scale used for rating directors’ performances.

The word “seems somewhat vague”, the BGC noted, asking staff to “consult with external resources and suggest replacement for the term ‘neutral’ on the rating scale”.

I really hope “consult with external resources” means “google it” rather than “piss away registrants’ money on pricey consultants”, but I’m not confident.

The word I’d use is “mediocre”. If you have a better suggestion there’s a comments section below.

Will ICANN swap Hamburg for Zoom for 69?

Kevin Murphy, June 8, 2020, Domain Policy

ICANN’s board of directors is meeting this week to discuss arrangements for ICANN 69, and I think there’s a reasonable chance it will decide to take the meeting online-only.

The last official word from ICANN was that it is working on the assumption that normality will have resumed by September, and that October’s meeting could go ahead in Hamburg, Germany as planned.

But will it?

Current German coronavirus-related travel restrictions, which have been in place since March, forbid non-citizen incoming travelers from pretty much anywhere, even elsewhere in the EU.

Some travelers are being asked to self-quarantine for 14 days upon entry, which is obviously impractical for conference travel.

However, German is loosening its rules next week for EU travelers and will treat countries on a case-by-case basis, based on how many infections they’re recording at the time.

Americans will still not be allowed to travel to Germany and there’s no word on when the ban will be lifted.

German guidelines also currently prohibit any large gatherings of people, including conferences, until at least the end of August.

ICANN’s obviously going to have to do a bit of crystal ball-gazing, to guess whether business travel is going to be safe and permitted in October.

It’s also going to have to guess whether a large enough number of people will actually want to attend to make an in-person meeting worthwhile.

With many medical experts predicting a third-quarter resurgence of the pandemic, the so-called “second wave”, inviting guests from every continent to gather in the same room might be seen as risky.

Conferences in other industries that had been due to take place in Germany in October have been canceled or postponed.

Notably, Oktoberfest in Munich (which starts in September but runs into October) is not going ahead this year, but I’ve found examples of conventions in publishing, gaming and catering sectors that have also been canceled.

However, some events due to take place in March and April have been postponed UNTIL October, suggesting a level of confidence that the virus will be low-risk by that time.

Top-level reshuffle as ICANN loses its COO

Kevin Murphy, June 4, 2020, Domain Policy

ICANN today announced a series of organizational changes at the highest level of management after its COO decided to quit.

Susanna Bennett, senior veep and chief operations officer, will leave July 1 for pastures new after seven years on the job, and her role will be split between other senior figures.

ICANN also said today that Theresa Swinehart has been appointed head of the Global Domains Division, a role she’s been filling on an interim basis since Cyrus Namazi quit a few months back.

She’s also senior VP of multistakeholder strategy and strategic initiatives and CEO Göran Marby’s co-deputy. She’ll be keeping both of those jobs too.

In terms of ops, Bennett’s functions will be split between CFO Xavier Calvez, senior VP of HR Gina Villavicencio, and general counsel John Jeffrey. Calvez will also take on some of the MSSI responsibilities previously held by Swinehart.

The fact that Bennett and Namazi, who together were compensated to the tune of $860,000 in ICANN’s fiscal 2019, had functions that can be easily redistributed among other staffers does rather beg the question of whether ICANN has been spending domain registrants’ money as efficiently as possible.

Still, the rejigger will presumably be welcomed by those who believe that ICANN has in recent years become overly bloated and bureaucratic.

ICANN recently slashed its FY21 budget by 8% due to the expected impact of the coronavirus-related recessions.

Amazon finally gets its dot-brands despite last-minute government plea

Amazon’s three long-sought dot-brand gTLDs were added to the DNS root last night, despite an eleventh-hour attempt by South American governments to drag the company back to the negotiating table.

.amazon, along with the Japanese and Chinese translations — .アマゾン (.xn--cckwcxetd) and .亚马逊 (.xn--jlq480n2rg) — and its NIC sites have already gone live.

Visiting nic.amazon today will present you with a brief corporate blurb and a link to Amazon’s saccharine social-responsibility blog. As a dot-brand, only Amazon will be allowed to use .amazon domains.

The delegations come despite a last-minute plea to ICANN by the eight-government Amazon Cooperation Treaty Organization, which unsuccessfully tried to insert itself into the role of “joint manager” of the gTLDs.

ACTO believes its historical cultural right to the string outweighs the e-commerce giant’s trademark, and that its should have a more or less equal role in the gTLD’s management.

This position was untenable to Amazon, which countered with a collection of safeguards protecting culturally sensitive strings and various other baubles.

Talks fell through last year and ICANN approved the gTLDs over ACTO’s objections.

ACTO’s secretary-general, Alexandra Moreira, wrote to ICANN (pdf) May 21 to take one last stab at getting Amazon back in talks, telling CEO Göran Marby:

the name “Amazon” pertains to a geographical region constituting an integral part of the heritage of its countries. Therefore, we Amazonians have the right to participate in the governance of the “.amazon” TLD.

Our side is ready to resume negotiations on the TLD’s governance with the Amazon Corporation., from the point where their side interrupted it, with a view to arriving at a satisfactory agreement.

Her letter came in response to an earlier Marby missive (pdf) that extensively set out ICANN’s case that talks fell apart due to ACTO repeatedly postponing and cancelling scheduled meetings.

Despite the fact that Amazon’s basically got what it wanted, seven years after filing its gTLD applications, ACTO’s members didn’t get nothing.

The contracts Amazon signed with ICANN back in December have Public Interest Commitments in them that allow the governments to reserve up to 1,500 culturally sensitive strings from registration, as well as giving each nation its own .amazon domain.

Is ICANN chickening out of Whois access role?

Kevin Murphy, May 26, 2020, Domain Policy

As talks over a centralized system for Whois access enter their eleventh hour, confusion has been sown over whether ICANN still wants to play ball.

The ICANN working group tasked with creating a “unified access model” for Whois data, currently rendered private by the GDPR privacy law, was forced last week to ask ICANN’s board of directors three blunt questions about how it sees its future role.

The group has been working for two years on a system of Whois access based around a central gateway for requests, which could be made only by those given credentials by an accreditation authority, which would also be able to revoke access rights if abused.

The proposed model as a whole has come to be known as SSAD, for System for Standardized Access/Disclosure.

The assumption has been that ICANN would act in these roles, either hands-on or by subcontracting the functions out to third parties, largely because ICANN has given every indication that it would and is arguably inventor of the concept.

But that assumption was thrown into doubt last Thursday, during a working group teleconference, when ICANN board liaison Chris Disspain worried aloud that the group may be pushing ICANN into areas beyond its remit.

Disspain said he was “increasingly uncomfortable with the stretching of ICANN’s mandate”, and that there was no guarantee that the board would approve a policy that appeared to push it outside the boundaries of its mission statement and bylaws.

“While it may be convenient and it might seem to solve the problem to say ‘Well, let ICANN do it’, I don’t think anyone should assume that ICANN will,” he said.

He stressed that he was speaking in his personal capacity rather on behalf of the board, but added that he was speaking based on his over eight years of experience on the board.

He spoke within the context of a discussion about how Whois access accreditation could be revoked in the event that the user abused their privileges, and whether an ICANN department such as Compliance should be responsible.

Several working group members expressed surprise at his remarks, with Milton Mueller of the Non-Commercial Stakeholders Group later calling it “a sudden and rather suspicious departure from nearly two years of ICANN Org statements and activities”.

The confusion comes at a critical juncture for the working group, which has to wrap up its work before chair Janis Karklins quits on June 30.

Karklins wrote to the board late last week to ask:

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the Accreditation Authority function?

If SSAD becomes an adopted consensus policy, would ICANN Org will perform the central Gateway function?

If SSAD becomes an adopted consensus policy, would ICANN Org enforces compliance of SSAD users and involved parties with its consensus policy?

It’s a kinda important set of questions, but there’s no guarantee ICANN will provide straight answers.

When the working group, known as the EPDP, wraps up, the policy will go to the GNSO Council for approval before it goes to the board.

Irony alert! Data protection agency complains it can’t get access to private Whois data

Kevin Murphy, May 26, 2020, Domain Policy

A European data protection authority has complained to ICANN after a registrar refused to hand over one of its customers’ private Whois records, citing the GDPR data protection regulation, according to ICANN.

Compounding the irony, the DPA wanted the data as part of its probe into an alleged GDPR violation at the domain in question.

This is the frankly hilarious scenario outlined in a letter (pdf) from ICANN boss Göran Marby to Andrea Jelinek, chair of the European Data Protection Board, last week.

Since May 2018, registrars and registries have been obliged under ICANN rules to redact all personally identifiable information from public Whois records, because of the EU’s General Data Protection regulation.

This has irked the likes of law enforcement and intellectual property owners, who have found it increasingly difficult to discover the identities of suspected bad actors such as fraudsters and cybersquatters.

Registrars are still obliged to hand over data upon request in certain circumstances, but the rules are vague, requiring a judgement call:

Registry and Registrar MUST provide reasonable access to Personal Data in Registration Data to third parties on the basis of a legitimate interests pursued by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Registered Name Holder or data subject pursuant to Article 6(1)(f) GDPR.

While an ICANN working group has been attempting to come up with a clearer-cut set of guidelines, administered by a central body, this so-called SSAD (System for Standardized Access/Disclosure) has yet to come to fruition.

So when an unidentified European DPA recently asked a similarly unidentified non-EU registrar for the Whois data of somebody they suspected of GDPR violations, the registrar told it to get stuffed.

It told the DPA it would “not act against a domain name without any clear and unambiguous evidence for the fraudulent behavior” and said it would respond to legal requests in its own jurisdiction, according to ICANN.

The DPA complained to ICANN, and now ICANN is using that complaint to shame the EDPB into getting off the fence and providing some much-needed clarity about when registrars can declassify Whois data without breaking the law.

Marby wrote that registrars are having to apply their “subjective judgment and discretion” and will most often come down on the side of registrants in order to reduce their GDPR risk. He wrote:

ICANN org would respectfully suggest to the EDPB that a more explicit recognition of the importance of certain legitimate interests, including the relevance of public interests, combined with clearer guidelines on balancing, could address these problems.

ICANN org would respectfully suggest to the EDPB to consider issuing additional specific guidance on this topic to ensure that entities with a legitimate interest in obtaining access to non-public gTLD registration data are able to do so. Guidance would in particular be appreciated on how to balance legitimate interests in access to data with the interests of the data subject concerned

ICANN and the EDPB have been communicating about this issue for a couple of years now, with ICANN looking for some clarity on this largely untested area of law, but the EDPB’s responses to data have been pretty vague and unhelpful, almost as if it doesn’t know what the hell it’s doing either.

Will this latest example of the unintended consequences of GDPR give the Board the kick up the bum it needs to start talking in specifics? We’ll have to wait and see.

ICANN dissenter explains why she wanted .org sale approved

ICANN has finally published the dissenting statement made by one of its directors following the vote to deny Ethos Capital the right to acquire Public Interest Registry from the Internet Society.

Avri Doria was one of only two directors to vote against the majority on the April 30 resolution, and the only one to file a written statement for the record, which ICANN has now published (pdf). It reads:

Briefly, I believe that the contractual conditions have been met by PIR and Ethos and that they have gone beyond these required contractual conditions to offer significant public interest commitments currently missing from the current contract.

On balance after intense study of the proposal I have come to conclusion that the Public Interest of registrants and users is better served by the PICs offered by PIR, though they could
be stronger, than by forcing PIR to remain within ISOC without any guarantees on public interest related to data usage and freedom of expression.

In exchange for ICANN approval of the deal, Ethos had promised to cap its price increases at 10% for eight years and to create a largely independent stewardship council to monitor issues related to privacy and free speech in .org.

With ICANN voting to deny the acquisition, PIR is not required to live up to those commitments, but opponents of the deal feel that its not-for-profit status under ISOC control provide stronger protections against bad behavior.

ICANN said it rejected the deal on “public interest” grounds for a variety of reasons including the lack of transparency into Ethos’ ultimate ownership, distrust that Ethos would be able to service its debt, doubt over its management in the long term, and the sheer volume of dissent from the community.

Also playing a strong role was an objection from the California attorney general, who pulled rank and informed ICANN that it should reject the deal, reminding the organization that it was subject to his oversight. This has been described as a dangerous precedent.