Latest news of the domain name industry

Recent Posts

.web ruling might not come this year

Kevin Murphy, October 26, 2020, Domain Registries

A decision about who gets to run the .web gTLD may not arrive until early next year, according to Verisign CEO Jim Bidzos.

“A final decision from the [Independent Review Process[ panel may be issued later this year or early next year,” he told analysts late last week.

.web sold at auction for $135 million four years ago to a company being secretly bankrolled by Verisign, but the outcome is being challenged in the IRP by runner-up bidder Afilias.

Afilias argues that the auction should be voided because ICANN failed to sufficiently investigate links between Verisign and the winning bidder. ICANN denies any wrongdoing.

It’s widely believed that .web is the strongest potential competitor to Verisign’s .com, and its attempt to secure the string is largely defensive.

The IRP case heard several days of testimony in August and the panel retired to consider its decision.

ICANN ordered to freeze .hotel after “serious questions” about trade secrets “theft”

Kevin Murphy, September 3, 2020, Domain Policy

ICANN has been instructed to place the proposed .hotel gTLD in limbo after four applicants for the string raised “sufficiently serious questions” that ICANN may have whitewashed the “theft” of trade secrets.

The order was handed down last month by the emergency panelist in the Independent Review Process case against ICANN by claimants Fegistry, MMX, Radix and Domain Ventures Partners.

Christopher Gibson told ICANN to “maintain the status quo” with regards the .hotel contention set, meaning currently winning applicant Hotel Top Level Domain, which is now owned by Afilias, won’t get contracted or delegated until the IRP is resolved.

At the core of the decision (pdf) is Gibson’s view that the claimants raised “sufficiently serious questions related to the merits” in allegations that ICANN mishandled and acted less than transparently in its investigation into a series of data breaches several years ago.

You may recall that ICANN seriously screwed up its new gTLD application portal, configuring in such a way that any applicant was able to search for and view the confidential data, including financial information such as revenue projections, of any other competing applicant.

Basically, ICANN was accidentally publishing applicants’ trade secrets on its web site for years.

ICANN discovered the glitch in 2015 and conducted an audit, which initially fingered Dirk Krischenowski — who at time was the half-owner of a company that owned almost half of HTLD as well as a lead consultant on the bid — as the person who appeared to have accessed the vast majority of the confidential data in March and April 2014.

ICANN did not initially go public with his identity, but it did inform the affected applicants and I managed to get a copy of the email, which said he’d downloaded about 200 records he shouldn’t have been able to access.

It later came to light that Krischenowski was not the only HTLD employee to use the misconfiguration to access data — according to ICANN, then-CEO of HTLD Katrin Ohlmer and lawyer Oliver Süme had too.

HTLD execs have always denied any wrongdoing, and as far as I know there’s never been any action against them in the proper courts. Krischenowski has maintained that he had no idea the portal was glitched, and he was using it in good faith.

Also, neither Ohlmer nor Krischenowski are still involved with HTLD, having been bought out by Afilias after the hacking claims emerged.

These claims of trade secret “theft” are being raised again now because the losing .hotel applicants think ICANN screwed up its probe and basically tried to make it go away out of embarrassment.

Back in August 2016, the ICANN board decided that demands to cancel the HTLD application were “not warranted”. Ohlmer barely gets a mention in the resolution’s rationale.

The losing applicants challenged this decision in a Request for Reconsideration in 2016, known as Request 16-11 (pdf). In that request, they argued that the ICANN board had basically ignored Ohlmer’s role.

Request 16-11 was finally rejected by the ICANN board in January last year, with the board saying it had in fact considered Ohlmer when making its decision.

But the IRP claimants now point to a baffling part of ICANN’s rationale for doing so: that it found “no evidence that any of the confidential information that Ms. Ohlmer (or Mr. Krischenowski) improperly accessed was provided to HTLD”.

In other words, ICANN said that the CEO of the company did not provide the information that she had obtained to the company of which she was CEO. Clear?

Another reason for brushing off the hacking claims has been that HTLD could have seen no benefit during the application process by having access to its rivals’ confidential data.

HTLD won the contention set, avoiding the need for an auction, in a Community Priority Evaluation. ICANN says the CPE was wholly based on information provided in its 2012 application, so any data obtained in 2014 would have been worthless.

But the losing applicants say that doesn’t matter, as HTLD/Afilias still have access to their trade secrets, which could make the company a more effective competitor should .hotel be delegated.

This all seems to have been important to Gibson’s determination. He wrote in his emergency ruling (pdf) last month:

The Emergency Panelist determines that Claimants have raised “sufficiently serious questions related to the merits” in in relation to the Board’s denial of Request 16-11, with respect to the allegations concerning the Portal Configuration issues in Request 16-11. This conclusion is made on the basis of all of the above information, and in view of Claimants’ IRP Request claim that ICANN subverted the investigation into HTLD’s alleged theft of trade secrets. In particular, Claimants claim that ICANN refused to produce key information underlying its reported conclusions in the investigation; that it violated the duty of transparency by withholding that information; that the Board’s action to ignore relevant facts and law was a violation of Bylaws; and further, to extent the BAMC and/or Board failed to have such information before deciding to disregard HTLD’s alleged breach, that violated their duty of due diligence upon reasonable investigation, and duty of independent judgment.

The Emergency Panelist echoes concerns that were raised initially by the Despegar IRP Panel regarding the Portal Configuration issues, where that Panel found that “serious allegations” had been made188 and referenced Article III(1) of ICANN’s Bylaws in effect at that time, but declined to make a finding on those issues, indicating “that it should remain open to be considered at a future IRP should one be commenced in respect of this issue.” Since that time, ICANN conducted an internal investigation of the Portal Configuration issues, as noted above; however, the alleged lack of disclosure, as well as certain inconsistencies in the decisions of the BAMC and the Board regarding the persons to whom the confidential information was disclosed and their relationship to, or position with HTLD, as well as ICANN’s decision to ultimately rely on a “no harm no foul” rationale when deciding to permit the HTLD application to proceed, all raise sufficiently serious questions related to the merits of whether the Board breached ICANN’s Article, Bylaws or other polices and commitments.

It’s important to note that this is not a final ruling that ICANN did anything wrong, it’s basically the ICANN equivalent of a ruling on a preliminary injunction and Gibson is saying the claimants’ allegations are worthy of further inquiry.

And the ruling did not go entirely the way of the claimants. Gibson in fact ruled against them on most of their demands.

For example, he said their was insufficient evidence to revisit claims that a review of the CPE process carried out by FTI Consulting was a whitewash, and he refused to order ICANN to preserve documentation relating to the case (though ICANN has said it will do so anyway).

He also ruled against the claimants on a few procedural issues, such as their demands for an Ombudsman review and for IRP administrator the International Center for Dispute Resolution to recuse itself.

Some of their claims were also time-barred under ICANN’s equivalent of the statute of limitations.

But ICANN will be prevented from contracting with HTLD/Afilias for now, which is a key strategic win.

ICANN reckons the claimants are just using the IRP to try to force deep-pocketed Afilias into a private auction they can be paid to lose, and I don’t doubt there’s more than a grain of truth in that claim.

But if it exposes another ICANN cover-up in the process, I for one can live with that.

The case continues…

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

Kevin Murphy, February 7, 2020, Domain Policy

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.

The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.

It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.

The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).

The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.

There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.

This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.

There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.

HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.

CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.

Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.

There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.

Naturally, the remaining applicants were not happy about this, and started to fight back.

The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.

That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.

The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.

Guess what? That got rejected too.

So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.

The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.

While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.

ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.

Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.

Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”

The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.

When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.

The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.

But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.

Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.

Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.

And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.

A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.

A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.

In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.

The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.

It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.

This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.

It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.

FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.

They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.

The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.

It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.

The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”

“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.

“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.

ICANN is yet to file its response to the complaint.

Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.

Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.

The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.

ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.

The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.

With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

ASO uses super powers to demand ICANN turn over .org buyout docs

Kevin Murphy, January 2, 2020, Domain Policy

In an unprecedented move, ICANN’s Address Supporting Organization has exercised its special powers to demand ICANN hand over documents relating to the Ethos Capital acquisition of .org’s Public Interest Registry.

There’s a possibility, however small, that this could be the first shot in a war that could see the PIR acquisition scrapped.

Fair warning, this story is going to get pretty nerdy, which may not be compatible with the fuzzy-headedness that usually accompanies the first working day of the year. We’re heading into the overgrown weeds of the ICANN bylaws here, for which I apologize in advance.

The ASO — the arm of the ICANN community concerned with IP address policy — has asked ICANN Org for access to records concerning the $1.135 billion acquisition of PIR, which has attracted lots of criticism from non-profits, domainers and others since it was announced.

It’s unprecedented, and of interest to ICANN watchers, for a few reasons.

First, this is the ASO making the request. The ASO comprises the five Regional Internet Registries, the bodies responsible for handing out chunks of IP address space to ISPs around the world. It doesn’t normally get involved in policy related to domain names such as .org.

Second, it’s invoking an hitherto untested part of ICANN’s new bylaws that allows the certain community entities that make up the “Empowered Community” to make “Inspection Requests” of ICANN Org.

Third, and perhaps most importantly, there’s a hint of a threat that the ASO and other members of the EC may use their extraordinary powers to attempt to prevent the PIR acquisition from going ahead.

Before we unpick all of this, this is what the ASO has sent to ICANN, according to its December 31 statement:

As a Decisional Participant in the Empowered Community and pursuant to ICANN Bylaws section 22.7, the ASO hereby submits this Inspection Request to inspect the records of ICANN, including minutes of the Board or any Board Committee, for the purpose of determining whether the ASO’s may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement. For this purpose, the ASO seeks to inspect any ICANN records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement, including the process by which input from the affected community will be obtained prior to ICANN’s consideration and potential approval of the assignment.

The Empowered Community is the entity that replaced the US government as ICANN’s primary overseer, following the IANA transition in late 2016.

Its members cover the breadth of the ICANN community, comprising the ASO, Generic Names Supporting Organization, Country Code Names Supporting Organization, Governmental Advisory Committee and At-Large Advisory Committee. Each member is a “Decisional Participant”.

Since the transition, its only real functions have been to approve appointments to the ICANN board of directors and to rubber-stamp the budget, but it does have some pretty powerful tools at its disposal, such as the nuclear ability to fire the entire board.

One of the powers enjoyed by each Decisional Participant, which has never been invoked publicly, is to make an Inspection Request — a demand to see ICANN’s accounts or documents related to the board’s decisions.

In this case, the ASO wants “records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement”.

But will it get this information? It seems the Inspection Request bylaw is a little bit like ICANN’s longstanding freedom-of-information commitment, the Documentary Information Disclosure Policy, with some key differences that arguably make the IR process less transparent.

Like DIDP, the IR process gives ICANN Org a whole buffet of rejection criteria to choose from. It can refuse requests for reasons of confidentiality or legal privilege, for example, or if it thinks the request is overly broad.

It can also reject a request if “is motivated by a Decisional Participant’s financial, commercial or political interests, or those of one or more of its constituents”, which makes the fact that this request is coming from the ASO particularly interesting.

If the GAC or the GNSO or the ccNSO, or even the ALAC, had made the request, ICANN could quite reasonably have thrown it out on the basis of “commercial or political interests”.

That’s not the case with the ASO, which makes me wonder (aloud, it seems) whether the ASO had received any nudges from other members of the EC before filing the request.

Inspection Requests also differ from DIDP in that any documents that are turned over are not necessarily published, and ICANN can also force the Decisional Participant to file a non-disclosure agreement covering their contents.

ICANN can even demand that an ASO member shows up at its Los Angeles headquarters in person to read (and, if they want, copy) the docs in question.

In short, ICANN has a lot of wriggle room to refuse or frustrate the ASO’s request, and it has a track record of not being particularly receptive to these kinds of demands.

The grey-hairs out there will recall that Karl Auerbach, one of its own directors, was forced to sue the organization back in 2002, just in order to have a look at its books.

But what’s perhaps most tantalizing about the ASO’s request is its excuse for wanting to inspect the documents in question.

It says it need the info “for the purpose of determining whether the ASO’s [sic] may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement”.

One way of interpreting this is that the ASO needed to state a reason for its request and this is pretty much all it’s got.

But what powers does the Empowered Community have that could potentially cover the acquisition of PIR by Ethos? It certainly does not have the power to directly approve or reject the transfer of control of a gTLD contract.

The EC has nine bulleted powers in the ICANN bylaws. Some of them are explicitly about things like budgets and bylaws amendments, which could not possibly come into play here. I reckon only four could feasibly apply:

(i) Appoint and remove individual Directors (other than the President);

(ii) Recall the entire Board;

(viii) Initiate a Community Reconsideration Request, mediation or a Community IRP; and

(ix) Take necessary and appropriate action to enforce its powers and rights, including through the community mechanism contained in Annex D or an action filed in a court of competent jurisdiction.

Short of lawyering up or having the entire board taken out and shot, it seems like the most likely power that could be invoked at first would be the Community Reconsideration Request.

Judging by the bylaws, this is virtually identical to the normal Request for Reconsideration process, a process which very rarely results in ICANN actually reconsidering its decisions.

The major difference is that at least three of the five members of the Empowered Community has to vote in favor of filing such a request, and no more than one may object.

If they manage to muster up this consent — which could take many weeks — the fact that the reconsideration request comes from the “Community” rather than a single entity appears to make substantially no difference to how it is rejected considered by ICANN.

Threatening ICANN with a Community Reconsideration Request is a little like threatening to jump through an increasingly narrow series of hoops, only to find the last one leads into a pit filled with ICANN lawyers with laser beams attached to their heads.

A Community Independent Review Process, however, is a different kettle of snakes.

It’s substantially the same as a regular IRP — where ICANN’s fate is decided by a panel of three retired judges — except ICANN has to pay the complainant’s legal fees as well as its own.

ICANN’s track record with IRPs is not fantastic. It can and does lose them fairly regularly.

Could the ASO’s letter be the first portent of a community-led IRP bubbling up behind the scenes? Could such a move delay the PIR acquisition, putting Ethos’ plan for a profit-driven, price-raising .org on hold for a year or two? It’s certainly not impossible.

ICANN board meets to consider PIR acquisition TODAY

Kevin Murphy, November 21, 2019, Domain Policy

ICANN’s board of directors will gather today to consider whether the acquisition of Public Interest Registry by a private equity company means that it should reverse its own decision to allow PIR to raise .org prices arbitrarily.

Don’t get too excited. It looks like it’s largely a process formality that won’t lead to any big reversals, at least in the short term.

But I’ve also learned that the controversy could ultimately be heading to an Independent Review Process case, the final form of appeal under ICANN rules.

The board is due to meet today with just two named agenda items: Reconsideration Request 19-2 and Reconsideration Request 19-3.

Those are the appeals filed by the registrar Namecheap in July and rights group the Electronic Frontier Foundation in August.

Namecheap and EFF respectively wanted ICANN to reverse its decisions to remove PIR’s 10%-a-year price-raising caps and to oblige the registry to enforce the Uniform Rapid Suspension anti-cybersquatting policy.

Both parties now claim that the sale by the Internet Society of PIR to private equity firm Ethos Capital, announced last week, casts new light on the .org contract renewal.

The deal means PIR will change from being a non-profit to being a commercial venture, though PIR says it will stick to its founding principles of supporting the non-profit community.

I reported a couple of weeks ago that the board had thrown out both RfRs, but it turns out that was not technically correct.

The full ICANN board did in fact consider both appeals, but it was doing so in only a “preliminary” fashion, according to an ICANN spokesperson. ICANN told me:

On 3 November the Board considered “proposed determinations” for both reconsideration request 19-2 and 19-3. In essence, the Board was taking up the Board Accountability Mechanism Committee (BAMC) role, as the BAMC had not been able to reach quorum in early November due to certain recusals by BAMC members.

Once the Board adopted the proposed determinations (in lieu of the BAMC issuing a recommendation to the Board) the parties that submitted the reconsideration requests had 15 days to submit a rebuttal, for the Board’s full consideration of the matter, which is now on the agenda.

Normally, RfRs are considered first by the four-person BAMC, but in this case three of the members — Sarah Deutsch, Nigel Roberts, and Becky Burr — recused themselves out of the fear of appearing to present conflicts of interest.

The committee obviously failed to hit a quorum, so the full board took over its remit to give the RfRs their first pass.

The board decided that there had been no oversights or wrongdoing. Reconsideration always presents a high bar for requestors. The .org contract was negotiated, commented on, approved, and signed completely in compliance with ICANN’s governing rules, the board decided.

But the ICANN bylaws allow for a 15-day period following a BAMC recommendation during which rejected RfR appellants can submit a rebuttal.

And, guess what, both of them did just that, and both rebuttals raise the PIR acquisition as a key reason ICANN should think again about the .org contract changes.

The acquisition was announced a week ago, and it appears to have come as much of a surprise to ICANN as to everyone else. It’s a new fact that the ICANN board has not previously taken into account when considering the two RfRs, which could prove important.

Namecheap reckons that the deal means that PIR is now almost certain to raise .org prices. New gTLD registry Donuts was bough by Ethos affiliate Abry Partners last year, and this year set about raising prices across the large majority of its 200-odd gTLDs. Namecheap wrote in its rebuttal:

Within months of be acquired by Abry Partners, it raised prices in 2019 for 220 out of its 241 TLDs. Any statements by PIR now to not raise prices unreasonably are just words, and without price caps, there is no way that .org registrants are not used a source to generate revenue for acquisitions or to pay dividends to its shareholders.

It also said:

The timing and the nature of this entire process is suspicious, and in a well-regulated industry, would draw significant scrutiny from regulators. For ICANN not to scrutinize this transaction closely in a completely transparent and accountable fashion (including public disclosure of pertinent information regarding the nature, cost, the terms of any debt associated with the acquisition, timeline of all parties involved, and the principals involved) would demonstrate that ICANN org and the ICANN Board do not function as a trusted or reliable internet steward.

Namecheap also takes issue with the fact that ICANN’s ruling on its RfR (pdf) draws heavily on a 2009 economic analysis by Professor Dennis Carlton, which concluded that price caps were unnecessary in the new gTLD program.

The registrar trashes this analysis as being based on more opinion than fact, and says it is based on outdated market data.

Meanwhile, the EFF’s rebuttal makes the acquisition one of four reasons why it thinks ICANN should reverse course. It said;

ICANN must carefully reexamine the .ORG Registry Agreement in light of this news. Without the oversight and participation of the nonprofit community, measures that give the registry authority to institute new [Rights Protection Mechanisms] or make other major policy changes invite management decisions that conflict with the needs of the .ORG community.

Quite often, RfRs are declined by ICANN because the requestor does not present any new information that the board has not already considered. But in this case, the fact of the PIR acquisition is empirically new information, as it’s only week-old news.

Will this help Namecheap and the EFF with their cause? The board will certainly have to consider this new information, but I still think it’s unlikely that it will change its mind.

But I’ve also learned that Namecheap has filed with ICANN to trigger a Cooperative Engagement Process procedure.

The CEP is an often-lengthy bilateral process where ICANN and an aggrieved party attempt to resolve their differences in closed-door talks.

When CEP fails, it often leads to an Independent Review Process complaint, when both sides lawyer up and three retired judges are roped in to adjudicate. These typically cost both sides hundreds of thousands of dollars in legal fees.

CEP and IRP cases are usually measured in years rather than months, so the PIR acquisition could be under scrutiny for a long time to come.

Sorry, you still can’t sue ICANN, two-faced .africa bidder told

Kevin Murphy, September 9, 2019, Domain Policy

Failed .africa gTLD applicant DotConnectAfrica appears to have lost its lawsuit against ICANN.

A California judge has said he will throw out the portions of DCA’s suit that had not already been thrown out two years ago, on the grounds that DCA was talking out of both sides of its mouth.

DCA applied for .africa in 2012 but lost out to rival applicant ZA Central Registry because ZACR had the backing of African governments and DCA did not.

It filed an Independent Review Process complaint against ICANN in 2013 and won in 2015, with the IRP panel finding that ICANN broke its own bylaws by paying undue deference to Governmental Advisory Committee advice.

It also emerged that ICANN had ghost-written letter of government support on behalf of the African Union, which looked very dodgy.

DCA then sued ICANN in 2016 on 11 counts ranging from fraud to breach of contract to negligence.

The Los Angeles Superior Court decided in 2017 that five of those charges were covered by the “covenant not to sue”, a broad waiver that all new gTLD applicants had to sign up to.

But the remaining six, relating to ICANN’s alleged fraud, were allowed to go ahead.

ICANN relied in its defense on a principle called “judicial estoppel”, where a judge is allowed to throw out a plaintiff’s arguments if it can be shown that it had previously relied on diametrically opposed arguments to win an earlier case.

The judge has now found that estoppel applies here, because DCA fought and won the IRP in part by repeatedly claiming that it was not allowed to sue in a proper court.

It had made this argument on at least seven occasions during the IRP, Judge Robert Broadbelt found. He wrote in his August 22 ruling (pdf):

DCA’s successfully taking the first position in the IRP proceeding and gaining significant advantages in that proceeding as a result thereof, and then taking the second position that its totally inconsistent in this lawsuit, presents egregious circumstances that would result in a miscarriage of justice if the court does not apply the doctrine of judicial estoppel to bar DCA from taking the second position in this lawsuit. The court therefore exercises its discretion to find in favor of ICANN, and against DCA, on ICANN’s affirmative defense of judicial estoppel and to bar DCA from bringing or maintaining its claims against ICANN alleged in the [First Amended Complaint] in this lawsuit.

In other words, ICANN’s won.

The case is not yet over, however. DCA still has an opportunity to object to the ruling, and there’s a hearing scheduled for December.

The Amazon is burning. Is this good news for .amazon?

Kevin Murphy, August 26, 2019, Domain Policy

With the tide of international opinion turning against Brazil due to the ongoing forest fires in the Amazon, could we see governments change their tune when it comes to Amazon’s application for .amazon?

A much higher number of forest fires than usual are currently burning in the region, largely in Brazil, which critics led by environmentalists and French president Emmanuel Macron have blamed on relaxed “slash and burn” farming policies introduced by new Brazilian president Jair Bolsonaro.

The rain forest is an important carbon sink, said to provide 20% of the world’s oxygen. The more of it is lost, the harder it is to tackle climate change, the argument goes.

It’s been an important topic at the Macro-hosted G7 summit, which ends today. Even the bloody Pope has weighed in.

Arguably, the stakes are nothing less than the survival of human civilization and life on Earth itself.

And this is a story about domain names. Sorry. This is a blog about domain names. My hands are tied.

Amazon the company has been fighting governments over its application for .amazon, along with the Chinese and Japanese translations, for over six years.

ICANN’s Governmental Advisory Committee was responsible for killing off .amazon in 2013 after it decided by consensus that Amazon’s application should not proceed.

That decision was only reached after the US, under the Obama administration, decided to abstain from discussions.

The US had been protecting Amazon by blocking GAC consensus, but changed its tune partly in order to throw a bone to world leaders, including then-president of Brazil Dilma Rousseff, who were outraged by CIA analyst Edward Snowden’s revelations of widespread US digital espionage.

After ICANN dutifully followed the GAC advice and rejected Amazon’s gTLD applications, Amazon appealed via the Independent Review Process and, in 2017, won.

The IRP panel ruled that the GAC’s objection had no clear grounding in public policy that could be gleaned from the record. It told ICANN to re-open the applications and evaluate them objectively.

Ever since then, the GAC’s advice to ICANN has been that it must “facilitate a mutually acceptable solution” between Amazon and the eight nations of the Amazon Cooperation Treaty Organization.

ICANN has been doing just that, or at least attempting to, for the last couple of years.

But the two parties failed to come to an agreement. ACTO wants to have essential veto power over Amazon’s use of .amazon, whereas Amazon is only prepared to offer lists of protected names, a minority position in any policy-setting body, and some sweeteners.

In May this year, ICANN’s board of directors voted to move .amazon along towards delegation, noting that there was “no public policy reason” why it should not.

In June, the government of Colombia filed a Request for Reconsideration with ICANN, demanding it reevaluate that decision.

The RfR was considered by ICANN’s Board Accountability Measures Committee at its meeting August 14, but its recommendation has not yet been published. I’m expecting it to be posted this week.

There’s still opportunity for the GAC to cause mischief, or act as a further delay on .amazon, but will it, in light of some country’s outrage over Brazil’s policy over the rain forest?

One could argue that if the nation that has the largest chunk of Amazon within its borders seems to have little regard to its international importance, why should its claim to ownership of the string “amazon” get priority over a big brand that has offered to protect culturally significant words and phrases?

Remember, as the example of the US in 2012/13 shows us, it only takes one government to block a GAC consensus. If Brazil or Peru continue to pursue their anti-Amazon path, could France throw a spanner in the works, smoothing .amazon’s road to delegation?

Anything’s possible, I suppose, but my feeling is that most governments back ACTO’s position largely because they’re worried that they could find themselves in a similar position of having to fight off an application for a “geographic” string in the next gTLD application round.

ICANN redacts the secrets of Verisign’s .web deal

Afilias thinks it has found the smoking gun in its fight to wrestle .web out of the hands of rival Verisign, but for now the details are still a closely guarded secret.

The company recently filed an amended complaint in its Independent Review Process case against ICANN, after it managed to get a hold of the deal that Verisign struck with Nu Dot Co, the company that spent $135 million of Verisign’s money to win .web at auction in 2016.

The Domain Acquisition Agreement, which apparently set out the terms under which NDC would bid for .web on Verisign’s behalf, was revealed during disclosure in December.

But in publishing the amended complaint (pdf) (which seems to have happened in the last week or two), ICANN has whited out all references to the contents of this document.

Afilias claims that the DAA proves that NDC broke the rules of the new gTLD program by refusing to disclose to ICANN that it had essentially become a Verisign proxy:

It claims that ICANN should therefore have disqualified NDC from the .web auction.

Based on the terms of the DAA, it is evident that NDC violated the New gTLD Program Rules. ICANN, however, has refused to disqualify NDC from the .WEB contention set, or to disqualify NDC’s bids in the .WEB Auction.

Afilias came second in the 2016 auction, bidding $135 million. NDC/Verisign won with a $142 million bid, committing it to pay the amount Afilias was willing to pay.

While Verisign has said that it plans to market .web, Afilias believes that Verisign’s primary motivation at the auction was to essentially kill off what could have been .com’s biggest competitor. It says in its amended complaint:

ICANN has eviscerated one of the central pillars of the New gTLD Program and one of ICANN’s founding principles: to introduce and promote competition in the Internet namespace in order to break VeriSign’s monopoly

Whether the DAA reveals anything we do not already know is an open question, but Afilias reckons ICANN’s prior failure to disclose its contents represents a failure of its commitment to transparency.

Reading between the lines, it seems Afilias is claiming that ICANN got hold of the DAA some time before it was given to Afilias in discovery last December, but that ICANN “had refused to provide the DAA (or even confirm its existence)”.

By redacting its contents now, ICANN is helplessly playing into the narrative that it’s trying to cover something up.

But ICANN is probably not to blame for the redactions. It was ICANN holding the axe, yes, but it was Verisign that demanded the cuts.

ICANN said in its basis for redactions document (pdf) that it “has an affirmative obligation to redact the information designated as confidential by the third party(ies) unless and until said third party authorizes the public disclosure of such information.”

Afilias has also managed to put George Sadowsky, who for the best part of the last decade until his October departure was one of ICANN’s most independent-minded directors, on the payroll.

In his testimony (pdf), he apparently reveals some details of the ICANN boards private discussions about the .web case.

Guess what? That’s all redacted too, unilaterally this time, by ICANN.

The internet is about to get a lot gayer

Kevin Murphy, February 20, 2019, Domain Registries

Seven years after four companies applied for the .gay top-level domain, we finally have a winner.

Three applicants, including the community-driven bid that has been fighting ICANN for exclusive recognition for years, this week withdrew their applications, leaving Top Level Design the prevailing bidder.

Top Level Design is the Portland, Oregon registry that already runs .ink, .design and .wiki.

The withdrawing applicants are fellow portfolio registries Donuts and MMX, and community applicant dotgay LLC, which had been the main holdout preventing the contention set being resolved.

I do not yet know how the settlement was reached, but it smells very much like a private auction.

As a contention set only goes to auction with consent of all the applicants, it seems rather like it came about after dotgay finally threw in the towel.

dotgay was the only applicant to apply as a formal “community”, a special class of applicant under ICANN rules that gives a no-auction path to delegation if a rigorous set of tests can be surmounted.

Under dotgay’s plan, registrants would have to have been verified gay or gay-friendly before they could register a .gay domain, which never sat right with me.

The other applicants, Top Level Design included, all proposed open, unrestricted TLDs.

dotgay, which had huge amounts of support from gay rights groups, failed its Community Priority Evaluation in late 2014. The panel of Economist Intelligence Unit experts awarded it 10 out the 16 available points, short of the 14-point prevailing threshold.

Basically, the EIU said dotgay’s applicant wasn’t gay enough, largely because its definition of “gay” was considered overly broad, comprising the entire LGBTQIA+ community, including non-gay people.

After dotgay appealed, ICANN a few months later overturned the CPE ruling on a technicality.

A rerun of the CPE in October 2015 led to dotgay’s bid being awarded exactly the same failing score as a year earlier, leading to more dotgay appeals.

The .gay set was also held up by an ICANN investigation into the fairness of the CPE process as carried out by the EIU, which unsurprisingly found that everything was just hunky-dory.

The company in 2016 tried crowdfunding to raise $360,000 to fund its appeal, but after a few weeks had raised little more than a hundred bucks.

Since October 2017, dotgay has been in ICANN’s Cooperative Engagement Process, a form of negotiation designed to avert a formal, expensive, Independent Review Process appeal, and the contention set had been on hold.

The company evidently decided it made more sense to cut its losses by submitting to an auction it had little chance of winning, rather than spend six or seven figures on a lengthy IRP in which it had no guarantee of prevailing.

Top Level Design, in its application, says it wants to create “the most safe, secure, and prideful .gay TLD possible” and that it is largely targeting “gay and queer people as well as those individuals that are involved in supporting gay cultures, such as advocacy, outreach, and civil rights.”

But, let’s face it, there’s going to be a hell of a lot of porn in there too.

There’s no mention in the winning bid of any specific policies to counter the abuse, such as cyberbullying or overt homophobia, that .gay is very likely to attract.

Top Level Design is likely to take .gay to launch in the back end of the year.

The settlement of the contention set is also good news for two publicly traded London companies.

MMX presumably stands to get a one-off revenue boost (I’m guessing in seven figures) from losing another auction, while CentralNic, Top Level Design’s chosen back-end registry provider, will see the benefits on an ongoing basis.

Verisign says Afilias tried to “rig” $135 million .web auction

Kevin Murphy, December 17, 2018, Domain Services

Verisign has jumped back into the fight for the .web gTLD, all guns blazing, with a claim that Afilias offered millions in an attempt to “rig” a private auction for the string.

The .com behemoth accused Afilias last week of “collusive and anti-competitive efforts to rig the [.web] auction in its favor”.

It claims that Afilias offered rival bidder — and secret Verisign stooge — Nu Dot Co up to $17 million if it would participate in a private auction, and then tried to contact NDC during the auction’s “Blackout Period”.

The claims came in an amicus brief (pdf) filed by Verisign as part of Afilias’ Independent Review Process proceeding against ICANN.

The IRP is Afilias’ attempt to overturn the result of the July 2016 .web auction, in which NDC paid ICANN $135 million of Verisign’s money in exchange for the exclusive rights to .web

While neither Verisign nor NDC are parties to the IRP, they’re both attempting to become amicus curiae — “friends of the court” — giving them the right to provide evidence and arguments to the IRP panel.

Verisign argues that its rights would be seriously impacted by the proceeding — Afilias is looking for an emergency ruling preventing .web being delegated — because it won’t be able to bring .web to market.

But it’s also attempting to have the IRP thrown out altogether, on the basis of claims that Afilias broke the auction rules and has “unclean hands”.

Verisign’s brief states:

Afilias and other bidders proposed that a private auction be performed pursuant to collusive and potentially illegal terms about who could win and who would lose the auction, including guarantees of auction proceeds to certain losers of the auction.

NDC CFO Jose Rasco provides as evidence screenshots (pdf) of a text-message conversation he had with Afilias VP of sales Steve Heflin on June 7, 2016, in which Heflin attempts to persuade NDC to go to a private auction.

Every other member of the contention set at that point had agreed to a private auction, in which the winning bid would be shared out among the losers.

NDC was refusing to play along, because it had long ago secretly agreed to bid on behalf of Verisign, and was forcing a last-resort ICANN auction in which ICANN would receive the full sum of the winning bid. 

In that SMS conversation, Heflin says: “Can’t give up…how about I guarantee you score at least 16 mil if you go to private auction and lose?” followed by three money-bag emojis that I refuse to quote here on general principle.

Rasco responds with an offer to sell Afilias the .health gTLD, then just weeks away from launch, for $25 million.

Heflin ignores the offer and ups his .web offer to $17.02 million.

Given that it was a contention set of seven applicants, that suggests Afilias reckoned .web was going to sell for at least $100 million.

Verisign claims: “Afilias’s offers to ‘guarantee’ the amount of a payment to NDC as a losing bidder are an explicit offer to pay off NDC to not compete with Afilias in bidding on .web.”

Rasco also provides evidence that Schlund, another .web applicant, attempted to persuade NDC to join what it called an “Alternative Private Auction”.

This process would have divided bidders into “strong” and “weak” categories, with “strong” losing bidders walking away with a greater portion of the winning bid than the “weak” ones.

Verisign and NDC also claims that Afilias broke ICANN’s auction rules when VP John Kane texted Rasco to say: “If ICANN delays the auction next week would you again consider a private auction?”

That text was received July 22, four days before the auction and one day into the so-called “Blackout Period”, during which ICANN auction rules (pdf)  prohibit bidders from “cooperating or collaborating” with each other.

At that time, .web applicants Schlund and Radix already suspected Verisign was bankrolling NDC, and they were trying to get the auction delayed.

According to Verisign, Kane’s text means Afilias violated the Blackout rules and therefore it should lose its .web application entirely.  

The fact that these rules proscribe “collaborating” during the Blackout suggests that collaborating at other times was actually envisaged, which in turn suggests that Heflin’s texts may not be as naughty as Verisign claims.

Anyway, I think it’s fair to say the gloves, were they ever on, have come off.

Weighing in at over 1,000 pages, the combined amicus briefs and attached exhibits reveal some interesting additional facts that I don’t believe were in the public domain before now and may be worth noting here.

The Verisign filing reveals, I believe for the first time, that the final Verisign bid for .web was $142 million. It only paid $135 million because that was runner-up Afilias’ final bid.

It also reveals that Verisign and NDC signed their “executory agreement” — basically, NDC’s promise to sign over .web if Verisign bankrolled its bid — in August 2015, nearly a year before the auction took place. NDC evidently kept its secret for a long time before rivals got suspicious.

The IRP panelist is scheduled to rule on Afilias’ request for a “stay of all ICANN actions that further the delegation of the .WEB gTLD” on January 28.