Latest news of the domain name industry

Recent Posts

Kirikos lawyers up after ICANN etiquette fight

Kevin Murphy, October 25, 2018, Domain Policy

Domain investor George Kirikos has hired lawyers to send nastygrams to ICANN after a fight over the rules of etiquette on a working group mailing list.

Kirikos claims there’s a “campaign of intimidation” against him by fellow volunteers who do not agree with his opinions and forthright tone, but that he “has not done anything wrong”.

In response, ICANN CEO Goran Marby this evening revealed that he has assigned his general counsel and new deputy, John Jeffrey, to the case.

Even by ICANN standards, it’s a textbook case of a) manufacturing mountains out of molehills, and b) how it can become almost impossible to communicate like sensible human beings when everyone’s tangled in red tape.

The dispute started back in May, when Kirikos got into a fight with IP lawyer Greg Shatan on the mailing list of the Rights Protection Mechanisms working group.

Both men are volunteers on the group, which seeks to refine ICANN policy protecting trademark owners in gTLDs.

The argument was about the content of a World Intellectual Property Organization web page listing instances of UDRP cases being challenged in court.

Kirikos took a strident tone, to which Shatan took exception.

Shatan then reported Kirikos to the working group’s co-chairs, claiming a breach of the Expected Standards of Behavior — the informal code of conduct designed to prevent every ICANN discussion turning into a flame war and/or bare-knuckle alley fight.

Under GNSO PDP rules, working group volunteers have to agree to abide by the ESB. Group chairs have the ability to kick participants who repeatedly offend.

At this point, the sensible thing to do would have been for Shatan and Kirikos to hug it out and move on.

But this is ICANN.

What actually happened was a pointless procedural back-and-forth between Kirikos, Shatan, and working group chairs Phil Corwin of Verisign and Brian Beckham of WIPO, which resulted in Kirikos hiring two lawyers — Andrew Bernstein of Torys and regular ICANN participant Robin Gross of IP Justice.

It’s believed to be the first time a WG participant has hired counsel over a mailing list argument.

Far too boring to recount here, Corwin’s timeline of events can be found from page 24 of this transcript (pdf) of remarks delivered here in Barcelona during ICANN 63, while the Bernstein/Kirikos timeline can be found here (pdf).

The rub of it is that Kirikos reckons both Corwin and Beckham are biased against him — Beckham because Kirikos voted against his chairship, Corwin because of a similar dispute in a related working group earlier this year — and that the ESB is unenforceable anyway.

According to Bernstein: “Mr. Kirikos has strong concerns that whatever process ICANN purports to operate with respect to Mr. Shatan’s complaint, it will not be fairly or neutrally adjudicated.”

He added that Kirikos had said that “due to the precise language of Section 3.4 of the Working Group Guidelines, Mr. Shatan lacked a basis to initiate any complaint”.

That language allows complaints to be filed if the ESB is “abused”. According to Corwin’s account, Kirikos — well-known as a detail-oriented ICANN critic — reckons the correct term should be “violated”, which rendered the ESB “null and void and unenforceable” in this instance.

Bernstein has since added that the ICANN board of directors never intended the ESB to be anything but voluntary.

The sum of this appears to be that the dispute has had a chilling effect on the RPM working group’s ability to get anything done, consuming much of its co-chairs’ time.

Kirikos lawyering up seems to have compounded this effect.

Now, as ICANN 63 drew to a close this evening, CEO Marby said in a brief prepared statement that the WG’s work has “more or less stalled for the last several months” and that he’s assigned general counsel John Jeffrey to “look into the issues surrounding this matter”.

ICANN “takes the issue very seriously”, he said.

As well it might. The Kirikos/Shatan incident may have been blown waaaaay out of proportion, but at its core is a serious question about civil discourse in ICANN policy-making.

Personally, I hold out hope it’s not too late for everyone to hug it out and move on.

But this is ICANN.

This is how AppDetex works

Kevin Murphy, October 25, 2018, Domain Services

A small brand-protection registrar with a big friend caused quite a stir at ICANN 63 here in Barcelona this week, after accusing registrars for the second time of shirking their duties to disclose private Whois data to trademark owners.

AppDetex, which has close ties to Facebook, has sent something like 9,000 Whois requests to registrars over the last several months, then complained to ICANN last week that it only got a 3% response rate.

Registrars cried foul, saying that the company’s requests are too vague to action and sometimes seem farcical, suggesting an indiscriminate, automated system almost designed to be overly burdensome to them.

In chats with DI this week, AppDetex CEO Faisal Shah, general counsel Ben Milam and consultant Susan Kawaguchi claimed that the system is nowhere near as spammy as registrars think, then showed me a demo of their Whois Requester product that certainly seemed to support that claim.

First off, Whois Requester appears to be only partially automated.

Tucows had noted in a letter to ICANN that it had received requests related to domains including lincolnstainedglass.com and grifflnstafford.com, which contain strings that look a bit like the “Insta” trademark but are clearly not cybersquatting.

“That no human reviewed these domains was obvious, as the above examples are not isolated,” Tucows CEO Elliot Noss wrote.

“It is abundantly clear to us that the requests we received were generated by an automated system,” Blacknight CEO Michele Neylon, who said he had received similarly odd requests, wrote in his own letter.

But, according to AppDetex, these assumptions are not correct.

Only part of its service is automated, they said. Humans — either customers or AppDetex in-house “brand analysts” — were involved in sending out all the Whois requests generated via its system.

AppDetex itself does not generate the lists of domains of concern for its clients, they said. That’s done separately, using unrelated tools, by the clients themselves.

It’s possible these could be generated from zone files, watch services, abuse reports or something else. The usage of the domain, not just its similarity to the trademark in question, would also play a role.

Facebook, for example, could generate its own list of domains that contain strings matching, partially matching, or homographically similar to its trademarks, then manually input those domains into the AppDetex tool.

The product features the ability to upload lists of domains in bulk in a CSV file, but Kawaguchi told me this feature has never been used.

Once a domain has been input to main Whois Requester web form, a port 43 Whois lookup is automatically carried out in the background and the form is populated with data such as registrar name, Whois server, IANA number and abuse email address.

At this point, human intervention appears to be required to visually confirm whether the Whois result has been redacted or not. This might require also going to the registrar’s web-based Whois, as some registrars return different results over port 43 compared to their web sites.

If a redacted record is returned, users can then select the trademark at issue from a drop-down (Whois Requestor stores its’ customers trademark information) and select a “purpose” from a different drop-down.

The “purposes” could include things like “trademark investigation” or “phishing investigation”. Each generates a different piece of pre-written text to be used in the template Whois request.

Users can then choose to generate, manually approve, and send off the Whois request to the relevant registrar abuse address. The request may have a “form of authorization” attached — a legal statement that AppDetex is authorized to ask for the data on behalf of its client.

Replies from registrars are sent to an AppDetex email address and fed into a workflow tool that looks a bit like an email inbox.

As the demo I saw was on the live Whois Requester site with a dummy account, I did not get a view into what happens after the initial request has been sent.

Registrars have complained that AppDetex does not reply to their responses to these initial requests, which is a key reason they believe them frivolous.

Shah and Milam told me that over the last several months, if a registrar reply has included a request for additional information, the Whois Requester system has been updated with a new template for that registrar, and the request resent.

This, they said, may account for duplicate requests registrars have been experiencing, though two registrars I put this to dispute whether it fits with what they’ve been seeing.

The fact that human review is required before requests are sent out “just makes it worse”, they also said.

Amazon offered $5 million of free Kindles for .amazon gTLD

Kevin Murphy, October 23, 2018, Domain Policy

Amazon offered South American governments $5 million worth of free Kindles, content and cloud services in exchange for their endorsement of its .amazon gTLD application, it has emerged.

The proposal, made in February, also included an offer of four years of free hosting up to a value of $1 million.

The sweeteners came during negotiations with the eight governments of the Amazon Cooperation Treaty Organization, which object to .amazon because they think it would infringe on their geographical and cultural rights.

Amazon has sought to reassure these governments that it will reserve culturally sensitive strings of their choice in .amazon, and that it will actively support any future applications for gTLDs such as .amazonas, which is the more meaningful geographic string in local languages.

I’ve reported on these offers before, but to my knowledge the offer of free Kindles and AWS credits has not been made public before. (UPDATE: Nope.)

According to a September letter from ACTO, published (pdf) this week, Amazon told it:

as an indication of goodwill and support for the people and governments of the Amazonian Region… [Amazon will] make available to the OTCA governments credits for the use of AWS services, Kindles preloaded with mutually agreed upon content, and similar Amazon.com services and products in an amount not to exceed $5,000,000.

Amazon also offered to set up a .amazon web site “to support the Amazonian people’s cultural heritage” and pay up to $1 million to host it for four years.

These kinds of financial sweeteners would not be without precedent.

The applicant for .bar wound up offering to donate $100,000 to fund a school in Montenegro, after the government noted the string match with the Bar region of the country.

The ACTO countries met in August to consider Amazon’s offer, but chose not to accept it.

However, they’re not closing off talks altogether. Instead, they’ve taken up ICANN on its offer to act as a facilitator of talks between Amazon and ACTO members.

The ICANN board of directors passed a resolution last month instructing CEO Goran Marby to “support the development of a solution” that would involve “sharing the use of those top-level domains with the ACTO member states”.

ACTO secretary general Jacqueline Mendoza has responded positively to this resolution (pdf) and invited Marby to ACTO headquarters in Brasilia to carry on these talks.

US not happy with Donuts hiring Atallah

Kevin Murphy, October 22, 2018, Domain Policy

The US government appears to have reservations about Donuts’ recent hiring of ICANN bigwig Akram Atallah as its new CEO.

Speaking at a session of ICANN 63 here in Barcelona today, National Telecommunications and Information Administration head David Redl alluded to the recent hire.

Atallah was president of the Global Domains Division and twice interim CEO.

While most of Redl’s brief remarks today concerned internet security and Whois, he concluded by saying:

While the community has greatly improved ICANN’s accountability through the IANA stewardship transition process, there are still improvements to be made.

As one example, we need safeguards to ensure that ICANN staff and leadership are not only grounded ethically in their professional actions at ICANN, but also in their actions when they seek career opportunities outside of ICANN.

One potential fix could be “cooling off periods” for ICANN employees that accept employment with companies involved in ICANN activities and programs. This is an ethical way to ensure that conflicts of interest or appearances of unethical behavior are minimized.

ICANN faced similar scrutiny back in the 2011, when ICANN chair Peter Dengate Thrush pushed through the new gTLD program and almost immediately began working for a new gTLD applicant.

That was the same year Redl moved from being head of regulatory affairs at CTIA — lobbying for wireless industry legislation — to counsel to the House of Representatives Energy and Commerce Committee — helping to craft wireless industry legislation.

Here are his remarks. Redl starts speaking at around the 38-minute mark.

ICANN denies it’s in bed with trademark lawyers

Kevin Murphy, October 21, 2018, Domain Policy

ICANN chair Cherine Chalaby has strongly denied claims from non-commercial stakeholders that its attitude to Whois reform is “biased” in favour of “special interests” such as trademark lawyers.

In a remarkably fast reply (pdf) to a scathing October 17 letter (pdf) from the current and incoming chairs of the Non-Commercial Stakeholders Group, Chalaby dismissed several of the NCSG’s claims of bias as “not true”.

The NCSG letter paints ICANN’s efforts to bring Whois policy into line with the General Data Protection Regulation as rather an effort to allow IP owners to avoid GDPR altogether.

It even suggests that ICANN may be veering into content regulation — something it has repeatedly and specifically disavowed — by referring to how Whois may be used to combat “fake news”.

The “demonstrated intention of ICANN org has been to ensure the unrestrained and unlawful access to personal data demanded by special interest groups”, the NCSG claimed.

It believes this primarily due to ICANN’s efforts to support the idea of a “unified access model” — a way for third parties with “legitimate interests” to get access to private Whois data.

ICANN has produced a couple of high-level framework documents for such a model, and CEO Goran Marby has posted articles playing up the negative effects of an inaccessible Whois.

But Marby has since insisted that a unified access model is still very much an “if”, entirely dependent on whether the community, in the form of the Whois EPDP working group, decides there should be one.

That message was reiterated in Chalaby’s new letter to the NCSG.

The conversation on whether to adopt such a model must continue, but the outcomes of those discussions are for the community to decide. We expect that the community, using the bottom-up multistakeholder model, will take into account all stakeholders’ views and concerns.

He denied that coordinating Whois data is equivalent to content regulation, saying it falls squarely within ICANN’s mandate.

“ICANN’s mission related to ‘access to’ this data has always encompassed lawful third-party access and use, including for purposes that may not fall within ICANN’s mission,” he wrote.

The exchange of letters comes as parties on the other side of the Whois debate also lobby ICANN and its governmental advisors over the need for Whois access.