Latest news of the domain name industry

Recent Posts

Million-euro Tucows GDPR lawsuit may not be ICANN’s last

Kevin Murphy, May 29, 2018, Domain Policy

ICANN has filed a lawsuit against a Tucows subsidiary in Germany in an effort to resolve a disagreement about how new European privacy law should be interpreted, and according to ICANN’s top lawyer it may not be the last.

The organization said late Friday that it is taking local registrar EPAG to court in Bonn, asking that the registrar be forced to continue collecting administrative and technical contact information for its Whois database.

According to an English translation of the motion (pdf), and to conversations DI had with ICANN general counsel John Jeffrey and Global Domains Division president Akram Atallah over the weekend, ICANN also wants an injunction preventing Tucows from deleting these fields from current Whois records.

At its core is a disagreement about how the new General Data Protection Regulation should be interpreted.

Tucows plans to continue collecting the registrant’s personal information, but it sees no reason why it should also collect the Admin-C and Tech-C data.

Policy director Graeme Bunton argues that in the vast majority of cases the three records are identical, and in the cases they are not, the registrar has no direct contractual relationship with the named individuals and therefore no business storing their data.

ICANN counters that Admin-C and Tech-C are vital when domain owners need to be contacted about issues such as transfers or cyber-attacks and that the public interest demands such records are kept.

Its new Temporary Policy — which is now a binding contractual commitment on all registries and registrars — requires all this data to be collected, but Tucows feels complying with the policy would force it to break European law.

“Strategically, we wanted to make sure we don’t let the Whois and the pubic interest get harmed in a way that can’t be repaired,” Atallah said.

“The injunction is to actually stop any registrar from not collecting all the data and therefore providing the opportunity for the multistakeholder model to work and come up with a long-term plan for Whois,” he said. “”We don’t want to have a gap.”

Jeffrey said that the suit was also necessary because ICANN has not received sufficient GDPR guidance from data protection authorities in the EU.

EPAG is not the only registrar planning to make the controversial changes to data collection. There are at least two others, at least one of which is based in Germany, according to Jeffrey and Atallah.

The German ccTLD registry, DENIC, is not under ICANN contract but has also said it will no longer collect Admin-C and Tech-C data.

They may have all taken their lead from the playbook (pdf) of German industry group eco, which has been telling ICANN since at least January that admin and tech contacts should no longer be collected under GDPR.

That said, Tucows chief Elliot Noss is a vocal privacy advocate, so I’m not sure how much leading was required. Tucows was also a co-developer (pdf) of the eco model.

The injunction application was filed the same day GDPR came into effect, after eleventh-hour talks between ICANN legal and Tucows leadership including chief legal officer Bret Fausett hit an impasse.

Tucows has agreed to freeze its plan to delete its existing Admin-C and Tech-C stored data, however.

The suit has a nominal million-euro value attached, but I’m convinced ICANN (despite its budget crunch) is not interested in the money here.

It’s my sense that this may not be the last time we see ICANN sue in order to bring clarity to GDPR.

Recently, Jeffrey said that ICANN would not tolerate contracted parties refusing to collect full Whois data, and also that it would not tolerate it when they decline to hand the data over to parties with legitimate interests.

The German lawsuit does not address this second category of non-compliance.

But it seems almost certain to me that intellectual lawyers are just days or weeks away from starting to file compliance tickets with ICANN when they are refused access to this data, which could lead to additional litigation.

“Whether it would result in a lawsuit is yet to be determined,” Jeffrey told DI yesterday. “The normal course would be a compliance action. If people aren’t able to gain access to information they believe that they have a legitimate right to access they will file compliance complaints. Those compliance complaints will be evaluated.”

“If it’s a systematic decision not to provide that access, that would violate the [Temporary Policy],” he said. “If they indicated it was because of their interpretation of the law, then it could result in us asking questions of the DPAs or going to court if that’s the only action available.”

The injunction application is a “one-sided filing”, which Jeffrey tells me is a feature of German law that means the court could issue a ruling without requiring EPAG/Tucows to appear in court or even formally respond.

The dispute therefore could be resolved rather quickly — this week even — by the court of first instance, Jeffrey said, or it could be bounced up to the European Court of Justice.

Given how new GDPR is, and considering the wider implications, the latter option seems like a real possibility.

Famous Four chair pumps $5.4 million into AlpNames to settle COO lawsuit

Kevin Murphy, February 8, 2018, Domain Registrars

Famous Four Media chair Iain Roache has bought out his former COO’s stake in AlpNames, its affiliated registrar, settling a lawsuit between the two men.

He’s acquired Charles Melvin’s 20% stake in the company for £3.9 million ($5.4 million), according to a press release.

A spokesperson confirmed that the deal settles a lawsuit in the companies’ home territory of Gibraltar, which we reported on in December.

Roache said in the press release that he has a plan to grow AlpNames into a “Tier 1 registrar”:

“I’ve got a 10 year strategic plan, which includes significant additional investment, to set the business up for future growth and success,” he said. “We’re going to bring the competition to the incumbents!”

AlpNames is basically the registrar arm of Famous Four, over the last few years supporting the gTLD portfolio registry’s strategy of selling domains in the sub-$1 range and racking up huge market share as a result.

But it’s on a bit of a slide, volume-wise, right now, as hundreds of thousands of junk domains are allowed to expire.

According to today’s press release, AlpNames has 794,000 gTLD domains under management. That’s a far cry from its peak of 3.1 million just under a year ago.

Seller Melvin, according to the press release, “has decided to pursue other interests outside of the domain name industry”.

It appears he left his COO job at Famous Four some time last year, and then sued Roache and CEO Geir Rasmussen (also an AlpNames investor) over a financial matter. Previous attempts to buy him out were rebuffed.

Last October, the Gibraltar court ruled that the defendants has supplied the court with “forged documents” in the form of inaccurately dated invoices between the registry and AlpNames.

The pair insisted to the court that the documents were an honest mistake and their lawyer told DI that there was no “forgery” in the usual sense of the word.

But it appears that Melvin’s split from the companies was less than friendly and the £3.9 million buyout should probably be viewed in that light.

Berkens sues Twitter over hacked account

Kevin Murphy, December 28, 2017, Gossip

Blogger and high-profile domain investor Mike Berkens of TheDomains.com has sued Twitter for allowing his account to be hacked and failing to rectify the problem.

As industry Twitter users will no doubt already be aware, Berkens’ account @thedomains came under the control of an unknown hacker on Friday last week.

The avatar was changed from the The Domains logo to the face of an East Asian man and tweets from the account began to sound out of character.

Despite the attack being reported to Twitter by Berkens and others (including yours truly), the account does not yet appear to have been returned to its proper owner.

In a complaint filed yesterday in Northern California, Berkens claims Twitter “still has done nothing to substantially acknowledge, investigate or respond to Plaintiffs’ complaint, and restore Plaintiffs’ access to the Account.”

The suit, which also names (as Does) the unknown hackers, has nine counts ranging from computer fraud to trademark infringement to negligence and breach of contract.

Berkens wants his account back, as well as damages. He’s currently tweeting from @thedomainscom as a temporary workaround.

The complaint, kindly donated by George Kirikos, can be read here (pdf).

Famous Four bosses gave “forged documents” to court

Kevin Murphy, December 28, 2017, Domain Registries

The leaders of Famous Four Media produced “forged documents” during a lawsuit filed by the company’s former chief operating officer, according to Gibraltar’s top judge.

The new gTLD registry’s chairman and CEO were both, along with four other unidentified former employees, involved to some degree in “forging” invoices to an affiliated registrar and/or documents relating to a rights issue, according to a ruling by Chief Justice Anthony Dudley.

The ruling was made in October, but appears to have been published more recently.

Former Famous Four COO Charles Melvin is suing CEO Geir Rasmussen and Iain Roache, chair of parent Domain Venture Partners, over a rights issue that diluted his holdings in a related company, according to a court document.

There’s little in the public record about the specifics of the suit. The complaint is not available publicly and neither man wished to comment while the trial is still ongoing.

But Dudley’s ruling shows that the original claims seem to have been sidetracked by Melvin’s new allegations that the “forged” documents demonstrate that Roache, Rasmussen and others engaged in “fraud” and “conspiracy to pervert the course of justice”.

Nick Goldstone, a partner at Gordon Dadds and a lawyer for Rasmussen and Roache, told DI that they both deny any dishonest behavior and that there has been no finding of dishonesty by the court.

He said in an emailed statement: “both of the individual defendants deny (if it be alleged) that they are dishonest and both deny that they have been engaged in the creation of any forged documents in the wider sense, as alleged by counsel for the opponents in the Court case, or at all.”

According to Dudley’s ruling, the defendants’ trial lawyers have claimed that errors in the invoices provided to the court were the result of “honest incompetence”, which the judge said has “a ring of truth” to it.

Dudley, having decided Roache and Rasmussen “have historically been guilty of serious shortcomings in relation to their disclosure obligations” at some point ordered that metadata be gathered from various documents handed over during the disclosure phase of the trial.

This metadata showed that some documents “were created after (in some instances long after) the date on the face of the documents”, which led the judge to conclude they were technically “forged documents”.

But Goldstone told DI that the documents in question were “forged” only in “explicitly a narrow characterisation of the term”, adding that they had been created by former employees who have all since been fired.

The documents included 10 invoices from Famous Four to AlpNames, also based in Gibraltar, the affiliated registrar responsible for selling hundreds of thousands of cheap names in Famous Four gTLDs.

They also included documents concerning a rights issue in a company called Myrtle Holdings that reduced Melvin’s stake to a negligible amount. Again, dating seems to have been an issue.

Dudley wrote in his decision (pdf):

It is accepted by the respondents that the material produced by them contained inaccurate and misleading information; and that the forged documents have been deployed in the litigation and relied upon in pleadings and witness statements. It also formed part of the material provided to the expert witnesses, whose opinions are consequently tainted.

But Goldstone told DI: “no conclusion has been reached in the ruling as to any ‘dishonesty’ or ‘forgeries’ in the wider sense.”

The trial had been due to kick off in October, but it’s been delayed due to the fact that a lot of evidence and testimony has to be reevaluated.

Roache and Rasmussen had proposed to settle the case with a buy-out offer earlier this year, but that offer was rebuffed by Melvin, according to Dudley’s ruling.

Famous Four runs 16 new gTLDs including .science, .download, .loan and .bid.

Many of its TLDs have been offered at super-cheap prices that have boosted sales volumes but have often attracted high levels of abuse.

.africa to finally go live after judge denies injunction

Kevin Murphy, February 10, 2017, Domain Policy

A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.

Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.

The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.

Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.

Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.

Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.

An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.

Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:

The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages

He balanced this against the harm of NOT delegating .africa:

The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.

So what now?

ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”

As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.

Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.

If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.

Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.

While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.

You can read Halm’s ruling here (pdf).