ICANN will not attend White House drugs meeting

ICANN has declined an invitation from the Obama administration to attend a meeting tomorrow to discuss ways to crack down on counterfeit drugs web sites.

The meeting, first reported by Brian Krebs, was called with an August 13 invitation to “registries, registrars and ICANN” to meet at the White House to talk about “voluntary protocols to address the illegal sale of counterfeit non-controlled prescription medications on-line.”

The meeting is reportedly part of the administration’s Joint Strategic Plan to Combat Intellectual Property Theft, which was announced in June.

It also follows a series of reports from security firms that called into question domain name registrars’ willingness to block domains that are used to sell fake pharma.

ICANN tells me that, following talks with White House Intellectual Property Enforcement Coordinator Victoria Espinel, it was agreed that it would “not be appropriate” for ICANN to attend.

The decision was based on the fact that ICANN’s job is to make policy covering internet names and addresses, and not to regulate the content of web sites.

ICANN’s vice president of government affairs for the Americas, Jamie Hedlund, said the meeting was “outside the scope of our role as the technical coordinator of the Internet’s unique identifiers.”

I suspect it also would not have looked great on the global stage if ICANN appeared to be taking its policy cues directly from the US government rather than through its Governmental Advisory Committee.

Demand Media-owned registrar eNom, which has took the brunt of the recent criticism of registrars, recently signed up to a service that will help it more easily identify and terminate domains used to sell counterfeit medicines.

eNom to crack down on fake pharma sites

Demand Media is to tighten security at its domain registrar arm, eNom, after bad press blighted its recent IPO announcement.

The company has signed a deal with fake pharmacy watchdog LegitScript, following allegations that eNom sometimes turns a blind eye to illegal activity on its customers’ domains.

The news emerged in the company’s amended S-1 registration statement (large HTML file), filed with the US Securities and Exchange Commission yesterday. New text reads:

We recently entered into an agreement with LegitScript, LLC, an Internet pharmacy verification and monitoring service recognized by the National Association of Boards of Pharmacy, to assist us in identifying customers who are violating our terms of service by operating online pharmacies in violation of U.S. state or federal law.

LegitScript will provide eNom with a regularly updated list of domain names selling fake pharma, so the registrar can more efficiently turn them off. The companies have also agreed to work together on research into illegal online pharmacies.

Surrounding text has also been modified to clarify that eNom is not required, under ICANN rules, to turn off domains that are being used to conduct illegal activity.

This is a bit of a PR win for the small security outfits KnuJon and HostExploit, firms which had used the occasion of Demand’s S-1 filing to give eNom a good kicking in the tech and financial press.

HostExploit reported last month that eNom was statistically the “worst” registrar as far as illegal content goes.

ICANN executives are reportedly going to be hauled to Washington DC at the end of the month to explain the problem of fake pharma to the White House.

Registries and registrars have also been invited, and I’d be surprised if eNom is not among them.

eNom called world’s most “abusive” registrar

A small security firm has singled out eNom as the domain name registrar and web host with the most criminal activity on its network.

HostExploit released a report today claiming the concentration of “badware” on the network belonging to eNom and its soon-to-be-public parent Demand Media is “exceptionally high”.

The claim is based on the proportion of dodgy sites on eNom’s network relative to its size, rather than the actual quantity.

The report says the Demand-owned autonomous system AS21740 has the fifth-highest amount of badware and the sixth-highest number of botnet command and control servers.

It goes on to say that the four or five AS’s with larger amounts of malware are themselves between 10 and 7,500 larger than eNom, as measured by address space.

The report, which I’m guessing HostExploit released to coincide with the hype around Demand Media’s upcoming IPO, draws heavily on existing research, such as this recent KnuJon registrar report (pdf).

It also uses stats from Google-backed StopBadware.org to demonstrate that eNom hosts a disproportionately large number of malware-serving URLs.

According to StopBadware, Go Daddy actually hosts more bad URLs than eNom – 10,797 versus 7,429 – but Go Daddy’s market share is of course over three times larger.

According to WebHosting.info, eNom currently has 9.5 million domains under management, compared to Go Daddy’s 35.2 million.

In Demand Media’s IPO registration statement, filed last Friday, the company acknowledges that it sometimes gets bad publicity but says it’s caught between a rock and a hard place.

We do not monitor or review the appropriateness of the domain names we register for our customers or the content of our network of customer websites, and we have no control over the activities in which our customers engage.

While we have policies in place to terminate domain names if presented with a court order or governmental injunction, we have in the past been publicly criticized for not being more proactive in this area by consumer watchdogs and we may encounter similar criticism in the future. This criticism could harm our reputation.

Conversely, were we to terminate a domain name registration in the absence of legal compulsion, we could be criticized for prematurely and improperly terminating a domain name registered by a customer.

McAfee calls for ICANN spam crackdown

The security company McAfee has claimed that ICANN needs to try harder in the fight against spam by cracking down on rogue registrars.

In a report released today, the company makes the bold assertion that ICANN “holds the trump card to the spam problem” and that it should step up its compliance efforts.

Although ICANN cannot stop spam itself and does not link spammers to the Internet, it does accredit the registrars that sell the domains that cybercriminals use to fill our inboxes with advertisements and malware

McAfee notes that ICANN has previously de-accredited spammer-friendly registrars such as the notorious EstDomains, but that it needs to do more.

ICANN needs to continue this trend against registrars that knowingly provide domain services to cybercriminals. The organization also needs to harden its policies that define under what circumstances an accreditation can be revoked, so that it can take quicker action against rogue registrars.

The claims come in a report entitled “Security Takes The Offensive”, available here.

The report does not lay all the blame for spam at ICANN’s door, of course. The author also goes after ISPs and the SMTP protocol itself.

The report does not point out that there are 250-odd TLDs over which ICANN has no registrar accreditation powers whatsoever.

Despite my best efforts with Google, I’ve been unable to find a single instance of McAfee publicly participating in ICANN policy-making, so I have to wonder how serious it is.

At least guys like KnuJon are not afraid to show up at meetings and stir things up a bit.

Round-up of the ICANN new TLDs comment period

Today is the deadline to file comments on version four of ICANN’s Draft Applicant Guidebook for prospective new top-level domain registries.

Of the few dozen comments filed, the majority involve special pleading in one way or another – everybody has something to lose or gain from the contents of the DAG.

That said, I’ve read all the comments filed so far (so you don’t have to) and lots of good points are raised. It’s clear that whatever the final Applicant Guidebook contains, not everybody will get what they want.

Here’s a non-comprehensive round-up, organized by topic.

Trademark Protection

Trademark holders were among the first to file comments on DAG v4. As I’ve previously reported, Lego was first off the mark with an attempt to convince ICANN that the concerns of the IP lobby have not yet been resolved.

Since then, a few more of the usual suspects from the IP constituency, such as Verizon and InterContinental Hotels, have filed comments.

The concerns are very similar: the Universal Rapid Suspension process for trademark infringements is too slow and expensive, the Trademark Clearinghouse does not remove cost or prevent typosquatting, not enough is done to prevent deadbeat registries.

Verizon, a long-time opponent of the new TLD program and a rigorous enforcer of its trademarks, used its letter to raise the issue of cybercrime and hit on pressure points relating to compliance.

It brings up the KnujOn report (pdf) released in Brussels, which accused ICANN registrars of being willfully blind to customer abuses, and the fact that ICANN compliance head David Giza recently quit.

Two IP-focused registrars also weighed in on trademark protection.

Com Laude’s Nick Wood filed a very good point-by-point breakdown of why the URS process has become too bloated to be considered “rapid” in the eyes of trademark holders.

Fred Felman of MarkMonitor covers the same ground on rights protection mechanisms, but also questions more fundamentally whether ICANN has shown that the new TLD round is even economically desirable.

Felman has doubts that new gTLDs will do anything to create competition in the domain name market, writing:

the vast majority of gTLDs currently being proposed in this round are gTLDs that hide traditional domain registration models behind a veil of purported innovation and creativity

Well, I guess somebody had to say it.

Fees

There are concerns from the developing world that $185,000, along with all the associated costs of applying for a TLD, is too steep a price to pay.

The “African ICANN Community” filed a comment a month ago asking ICANN to consider reducing or waiving certain fees in order to make the program more accessible for African applicants.

Several potential TLD registries also think it’s unfair that applicants have to pay $185,000 for each TLD they want to run, even if it’s basically the same word in multiple scripts.

Constantine Roussos, who intends to apply for .music, reiterated the points he brought up during the ICANN board public forum in Brussels last month.

Roussos believes that applicants should not have to pay the full $185,000 for each non-ASCII internationalized domain name variant of their primary TLD.

He wrote that he intends to apply for about six IDN versions of .music, along with some non-English Latin-script variants such as .musique.

Antony Van Couvering of registry consultant Minds + Machines and .bayern bidder Bayern Connect both echo this point, noting that many geographical names have multiple IDN variants – Cologne//Koeln/Köln, for example.

Roussos also notes, wisely I think, that it appears to be a waste of money paying consultants to evaluate back-end registry providers for applicants who choose to go with an recognized incumbent such as VeriSign, NeuStar or Afilias.

Another request for lower fees comes from the Japan Internet Domain Name Council, which thinks geographical TLD applications from small cities should receive a discount, as well as a waiver of any fees usually required to object to a third-party application.

Contended Strings and Front-Running

Of the known proposed TLDs, there are several strings that will very likely be contended by multiple bidders. This has led to maneuvering by some applicants designed to increase their chances of winning.

Roussos suggested that applicants such as his own .music bid, which have made their plans public for years, should be awarded bonus points during evaluation.

This would help prevent last-minute con artists stepping in with “copy-paste” bids for widely publicized TLDs, in the hope of being paid off by the original applicant, he indicated.

Roussos thinks the amount of work his .music has done in raising community awareness around new TLDs has earned the company extra credit.

It’s a thought echoed by Markus Bahmann, dotBayern’s chairman, and his counterpart at dotHamburg.

The opposing view is put forward by rival .bayern bidder Bayern Connect’s Caspar von Veltheim. He reckons such a system would put “insiders” at an unfair advantage.

M+M’s Van Couvering also said he opposes any applicant getting special treatment and added that M+M wants an explicit ban on trademark front-running included in the DAG.

Front-running is the practice of registering a TLD as a trademark in order to gain some special advantage in the new TLD evaluation process or in court afterward.

(M+M’s owner, Top Level Domain Holdings, has reportedly been front-running itself – attempting to defensively register trademarks in the likes of .kids, .books and .poker, while simultaneously trying to fight off similar attempts from potential rivals.)

Roussos of .music responded directly to M+M this afternoon, presenting the opposite view and promising to use its trademarks to defend itself (I’m assuming he means in court) if another .music applicant prevails.

Rest assured that if we, as .MUSIC are faced with the possibility of being gamed and abused in a manner that we find illegal, we will use our trademarks and other means necessary to do what we have to do to protect ourselves and our respective community.

He said .music is trademarked in 20 countries.

Morality and Public Order

This was a hot topic in Brussels, after the ICANN Governmental Advisory Committee agreed that it did not like the “MOPO” objection provisions of DAG v4, but could not think of a better replacement.

MOPO would give a way for governments to scupper bids if they do not like the morality implications. Anybody applying for .gay, for example, would have to deal with this kind of nonsense.

Jacob Malthouse of BigRoom, one of the would-be .eco bidders, reckons ICANN should treat the GAC the same as it treated the GNSO on the issue of vertical integration – remove MOPO from the DAG entirely in order to force the GAC to come up with something better.

The GAC had previously said it would address the MOPO issue in its comments on DAGv4, but its filing has not yet appeared on the ICANN site.

There’s a GNSO working group over here, but M+M’s Van Couvering notes that no GAC members have got involved post-Brussels.

Terrorism

Two commentators objected to the idea that an applicant could be rejected for involvement in “terrorism”, a term that DAGv4 does not define.

I reported on this a few days ago, but since then Khaled Fattal of the Multilingual Internet Group has filed a surprising rant that seems to indicate he has way more beef than really necessary.

Here’s a few quotes mined from the full comment:

it will alienate many in the international community who will choose not to take part in future ICANN processes including its New gTLDs, distrusting ICANN’s motives, or actively choosing to boycotting it, and causing many to seriously start re-considering alternatives.

…

as a Syrian born Arab American would I pass the IvCANN terrorism verification check as they are? After all Syria, my country of birth, is on the U.S. Government list of states sponsor of terrorism? And I admit, I do know an “Osama”, does that disqualify me? I Forgot to add, “Osama Fattal” a cousin. So would I pass or fail this check?

…

The arbitrary inclusion of terrorism as a measuring stick without any internationally recognized laws or standards is wrong and offensive to many around the world. If acted upon, it will be seen by millions of Muslims and Arabs as racist, prejudicial and profiling and would clearly indicate that ICANN has gone far beyond its mandate.

Vertical Integration and .brand TLDs

The issue of whether registries and registrars should be allowed to own each other is a thorny one, but there’s barely any mention at all of it in the DAGv4 comments filed so far.

The DAGv4 language on VI, which effectively bans it, is a place-holder for whatever consensus policy the GNSO comes up with (in the unlikely event that its working group ever gets its act together).

Most efforts on VI are therefore currently focused in the GNSO. Nevertheless, some commentators do mention VI in their filings.

Roussos of .music wants .music to be able to vertically integrate.

Abdulaziz Al-Zoman of SaudiNIC said VI limits should be removed to help applicants who need to turn to third-party infrastructure providers.

From the IP lobby, Celia Ullman of cigarette maker Philip Morris notes that there’s nothing in DAGv4 about single-registrant .brand TLDs. She writes:

would this mean that trademark owners owning a gTLD would need to open the registration procedure to second-level domain names applied for to third unrelated parties? In this case, what would be the incentive of actually registering and operating such a gTLD?

Clearly, the idea that a .brand would have to be open to all ICANN registrars on a non-discriminatory basis is enough to make any trademark attorney choke on their caviare.

JPNIC, the .jp ccTLD operator, also points out that DAGv4 says next to nothing about .brand TLDs and strongly suggests that the final Applicant Guidebook spells out just what a registry is allowed to do with its namespace (lawsuits are mentioned)

Disclaimer

I’ve paraphrased almost everybody in this article, and I’ve done it rather quickly. Despite my best efforts, some important nuance may have been lost in the act.

If you want to know what the commentators I’ve cited think, in their own words, I’ve linked to their comments individually throughout.

I may update this post as further comments are filed.