Latest news of the domain name industry

Recent Posts

US not happy with Donuts hiring Atallah

Kevin Murphy, October 22, 2018, Domain Policy

The US government appears to have reservations about Donuts’ recent hiring of ICANN bigwig Akram Atallah as its new CEO.

Speaking at a session of ICANN 63 here in Barcelona today, National Telecommunications and Information Administration head David Redl alluded to the recent hire.

Atallah was president of the Global Domains Division and twice interim CEO.

While most of Redl’s brief remarks today concerned internet security and Whois, he concluded by saying:

While the community has greatly improved ICANN’s accountability through the IANA stewardship transition process, there are still improvements to be made.

As one example, we need safeguards to ensure that ICANN staff and leadership are not only grounded ethically in their professional actions at ICANN, but also in their actions when they seek career opportunities outside of ICANN.

One potential fix could be “cooling off periods” for ICANN employees that accept employment with companies involved in ICANN activities and programs. This is an ethical way to ensure that conflicts of interest or appearances of unethical behavior are minimized.

ICANN faced similar scrutiny back in the 2011, when ICANN chair Peter Dengate Thrush pushed through the new gTLD program and almost immediately began working for a new gTLD applicant.

That was the same year Redl moved from being head of regulatory affairs at CTIA — lobbying for wireless industry legislation — to counsel to the House of Representatives Energy and Commerce Committee — helping to craft wireless industry legislation.

Here are his remarks. Redl starts speaking at around the 38-minute mark.

US scraps fucking stupid “seven dirty words” ban

Kevin Murphy, September 13, 2018, Domain Registries

Neustar and the US government have agreed to dump their longstanding ban on profanity in .us domains.

A contract change quietly published in July has now made it possible to register .us domains containing the strings “fuck”, “cunt”, “shit”, “piss”, “cocksucker”, “motherfucker” and “tits”.

These are the so-called “seven dirty words” popularized by a George Carlin comedy routine and incorporated into US censorship law via the Supreme Court decision Federal Communications Commission v Pacifica Foundation in 1978.

Neustar banned the strings from .us when it originally won the registry contract from the National Telecommunications and Information Administration in 2002, and kept it upon renewal.

Until recently, it was conducting post-registration reviews of new .us domains and suspending names that used the strings in sweary contexts.

However, a July contract amendment (pdf) has released Neustar from this duty, allowing registrants to register whatever the fuck they want.

According to the Electronic Frontier Foundation, the change came about after itself and the Cyberlaw Clinic at Harvard Law School complained to the government about the suspension of the domain fucknazis.us, which registrant Jeremy Rubin had been using to raise money to fight the extreme right in the US.

That domain was registered in late 2017, but Neustar appears to have been discussing whether to repeal the idiotic ban in various policy groups for at least three years.

When Network Solutions was the sole registrar for .com, .org and .net it too banned the seven dirty words but this practice fizzled out after ICANN introduced competition into the registrar space almost two decades ago.

Could a new US law make GDPR irrelevant?

Kevin Murphy, August 29, 2018, Domain Policy

Opponents of Whois privacy are pushing for legislation that would basically reverse the impact of GDPR for the vast majority of domain names.

Privacy advocate Milton Mueller of the Internet Governance Project today scooped the news that draft legislation to this effect is being circulated by “special interests” in Washington DC.

He’s even published the draft (pdf).

Mueller does not call out the authors of the bill by name — though he does heavily hint that DomainTools may be involved — saying instead that they are “the same folks who are always trying to regulate and control the Internet. Copyright maximalists, big pharma, and the like.”

I’d hazard a guess these guys may be involved.

The bill is currently called the Transparent, Open and Secure Internet Act of 2018, or TOSI for short. In my ongoing quest to coin a phrase and have it stick, I’m tempted to refer to its supporters as “tossers”.

TOSI would force registries and registrars to publish Whois records in full, as they were before May this year when ICANN’s “Temp Spec” Whois policy — a GDPR Band-aid — came into effect.

It would capture all domain companies based in US jurisdiction, as well as non-US companies that sell domains to US citizens or sell domains that are used to market goods or services to US citizens.

Essentially every company in the industry, in other words.

Even if only US-based companies fell under TOSI, that still includes Verisign and GoDaddy and therefore the majority of all extant domains.

The bill would also ban privacy services for registrants who collect data on their visitors or monetize the domains in any way (not just transactionally with a storefront — serving up an ad would count too).

Privacy services would have to terminate such services when informed that a registrant is monetizing their domains.

But the bill doesn’t stop there.

Failing to publish Whois records in full would be an “unfair or deceptive act or practice” and the Federal Trade Commission would be allowed to pursue damages against registries and registrars that break the law.

In short, it’s a wish-list for those who oppose the new regime of privacy brought in by ICANN’s response to the General Data Protection Regulation.

While it’s well-documented that the US executive branch, in the form of the National Telecommunications and Information Administration, is no fan of GDPR, whether there’s any interest in the US Congress to adopt such legislation is another matter.

Is this an IP lawyer’s pipe-dream, or the start of a trans-Atlantic war over privacy? Stay tuned!

ICANN closes GoDaddy Whois probe

Kevin Murphy, August 9, 2018, Domain Registrars

ICANN has closed its investigation into GoDaddy’s Whois practices with no action taken.

Senior VP of compliance Jamie Hedlund yesterday wrote to David Redl, head of the US National Telecommunications and Information Administration, to provide an update on the probe, news of which first emerged in April.

The NTIA and members of the intellectual property community had complained that GoDaddy was throttling Whois access over port 43 and that it was masking certain fields in the output.

That was when GoDaddy and the rest of the ICANN-regulated industry was working under the old rules, before the new temporary Whois policy had been introduced to comply with the EU General Data Protection Regulation.

Hedlund told Redl in a letter (pdf):

Based on our review and testing (including outside of ICANN’s network), GoDaddy is not currently masking WHOIS data or otherwise limiting access to its WHOIS services. Consequently, the complaints related to GoDaddy’s masking of certain WHOIS fields, rate limiting, and whitelisting of IP addresses have been addressed and closed.

GoDaddy had said earlier this year that it was throttling access over port 43 in an attempt to reduce the availability of Whois data to the spammers that have been increasingly plaguing its customers with offers of web site development and search engine optimization services.

US asks if it should take back control over ICANN

Kevin Murphy, June 6, 2018, Domain Policy

The US government has asked the public whether it should reverse its 2016 action to relinquish oversight of the domain name system root.

“Should the IANA Stewardship Transition be unwound? If yes, why and how? If not, why not?”

That’s the surprisingly direct question posed, among many others, in a notice of inquiry (pdf) issued yesterday by the National Telecommunications and Information Administration.

The inquiry “is seeking comments and recommendations from all interested stakeholders on its international internet policy priorities for 2018 and beyond”. The deadline for comments is July 2.

The IANA transition, which happened in September 2016, saw the NTIA remove itself from the minor part it played, alongside meatier roles for ICANN and Verisign, in the old triumvirate of DNS root overseers.

At the handover, ICANN baked many of its previous promises to the US government into its bylaws instead, and handed oversight of itself over to the so-called Empowered Community, made up of internet stakeholders of all stripes.

The fact that the question is being asked at all would have been surprising not too long ago, but new NTIA chief David Redl and Secretary of Commerce Wilbur Ross expressed their willingness to look into a reversal as recently as January.

Back then Redl told Congresspeople, in response to questions raised primarily by Senator Ted Cruz during his confirmation process:

I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.

Cruz had objected to the transition largely based on his stated (albeit mistaken or disingenuous) belief that it gave China, Iran and a plethora of bad guys control over Americans’ freedom of speech, something that has manifestly failed to materialize.

But in the meantime another big issue has arisen — GDPR, the EU’s General Data Protection Regulation — which is in the process of eroding access rights to Whois data, beloved of US law enforcement and intellectual property interests.

NTIA is known to be strongly in favor of retaining access to this data to the greatest extent possible.

The notice of inquiry does not mention Whois or GDPR directly but it does ask several arguably related questions:

A. What are the challenges to the free flow of information online?

B. Which foreign laws and policies restrict the free flow of information online? What is the impact on U.S. companies and users in general?

C. Have courts in other countries issued internet-related judgments that apply national laws to the global internet? What have been the practical effects on U.S. companies of such judgements? What have the effects been on users?

NTIA’s statement announcing the inquiry prominently says that the agency is “working on” items such as “protecting the availability of WHOIS information”.

It also says it “has been a strong advocate for the multistakeholder approach to Internet governance and policy development”.

While GPDR and Whois are plainly high-priority concerns for NTIA, it’s beyond my ken how reversing the IANA transition would help at all.

GDPR is not ICANN policy, after all. It’s a European Union law that applies to all companies doing business in Europe.

Even if the US were to fully nationalize ICANN tomorrow and rewrite Whois policy to mandate the death penalty for any contracted party that refused to openly publish full Whois records, that would not make GDPR go away, it would probably just kick off a privacy trade war or mean that all US contracted parties would have to stop doing business in Europe.

That sounds like an extreme scenario, but Trump.

The NTIA’s inquiry closes July 2, so if you think the transition was a terrible idea or a wonderful idea, this is where to comment.