Latest news of the domain name industry

Recent Posts

Now the DNA backpedals on “Copyright UDRP”

Kevin Murphy, February 27, 2017, Domain Policy

The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.

The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.

The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.

The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.

PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.

It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.

The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.

The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.

In the statement, the DNA says:

some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.

While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.

Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.

The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.

In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:

While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.

In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.

The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.

The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.

PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

Losers would either have their domain suspended or, like UDRP, seized by the complainant.

The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.

But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.

The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.

The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.

I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.

Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.

Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.

Copyright ADRP may not be dead yet, but its future does not look bright.

UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.

The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.

As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.

The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.

However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.

“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.

The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.

Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.

Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.

PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.

No other registry has publicly stated similar plans to my knowledge.

The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.

The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.

And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.

This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.

Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.

The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.

But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).

The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.

That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.

But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.

Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.

Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.

Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.

Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.

While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.

“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”

Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Afilias retains .org back-end deal

Kevin Murphy, November 15, 2016, Domain Registries

Public Interest Registry is sticking with Afilias to run the .org registry back-end.

The announcement came yesterday after a open procurement process that lasted for most of 2016.

Over 20 back-end providers from 15 nations — basically the entire industry — responded to PIR’s February request for proposals, we reported back in March.

Afilias retaining the contract is not a huge surprise. The bidding process was widely believed to be a way for non-profit PIR to reduce its costs, believed to be among the highest in the industry.

PIR said yesterday:

Afilias was selected as the best value solution based on the objective criteria and requirements set forth in Public Interest Registry’s procurement process. It is anticipated that Afilias will commence operations under the new contractual agreement on Jan. 1, 2018.

It’s very likely that the new deal will be worth a lot less to Afilias than the current arrangement, which costs PIR about $33 million per year.

In 2013, the last year for which we have Afilias’ financials, .org brought in $31 million of its $77 million revenue.

It’s believed that PIR is currently paying about $3 per domain per year, but Kieren McCarthy at The Register, citing unnamed industry sources, reckons that’s now been bumped down to $2, saving PIR about $10 million per year.

The .org gTLD has about 11.2 million domains under management, but its numbers have been slipping for several months, according to registry reports.

People are forgetting .com exists — ICANN survey

Kevin Murphy, September 22, 2016, Domain Policy

Have you ever heard of .com, .net and .org?

That question was posed to 3,349 domain name registrants in 24 countries by market research firm Nielsen this June and guess what — awareness of all three cornerstone gTLDs was down on a comparable 2015 survey.

Unbelievably, only 85% of respondents professed to be aware of .com’s existence, compared to 86% in 2015.

Equally unbelievably, awareness of .net and .org fell from 76% to 69% and from 70% to 65% respectively between 2015 and 2016, the survey found.

Those are just three among many hundreds of findings of the Nielsen survey, which was carried out in order to inform ICANN’s Competition, Consumer Trust & Consumer Choice Review.

The CCT is one of the reviews deemed mandatory before ICANN is able to launch the next round of new gTLD applications.

A great many of the numbers revealed by the survey are seriously open to question — some could even be empirically proven wrong.

But David Dickinson, project lead for Nielsen on the survey, told DI yesterday that the numbers themselves are less important than the trends, or lack thereof, that they might represent.

Nielsen carried out two surveys in 2015 — one of consumers and one of registrants — then repeated both surveys again a year later.

Respondents were selected from a pool of people who have at some point indicated to third-party market research companies that they are available to take surveys online, Dickinson said. They are usually compensated via some kind of redeemable loyalty points scheme.

The registrant surveys were limited to those who said they have registered a domain name. The consumer survey was limited to those who said they spend more than five hours a week online.

While the number of respondents were measured in the low thousands, the idea is that they provide a representative sample of all internet users and domain name registrants.

But there’s a lot of weirdness in the numbers.

Dickinson said that the 85% awareness number for .com could be due partly to random “mechanical errors” — people clicking the wrong buttons on their survey form — but said that lack of awareness was more common among younger respondents who were more likely to be aware of newer, less generic TLDs.

The surveys also highlighted a bizarre split in TLD awareness between consumers and registrants.

Given that registrants are a subset of consumers, and given that they are by definition more familiar with domain names, you’d expect respondents to the registrant surveys to show higher TLD awareness than those responding to the consumer surveys.

But the opposite was true.

The surveys found, for example, that 95% of consumers knew about .com, but only 85% of registrants did. For .net and .org the numbers were 88%/69% and 83%/65% respectively. None of it makes any sense.

Dickinson said that the 2015 consumer/registrant awareness numbers were “almost identical”.

“My only real conclusion here is that [in 2016] there was some systematic difference in the diligence that the registrants selected these names on these awareness questions, and that a large portion of that is just due to random variation,” he said.

“However, when we do look at those people who are registering new gTLDs, they tended to have much lower awareness of those legacy gTLDs than those people who were unaware or had not registered those new gTLDs,” he said.

“The people who said they did not recognize any of those new gTLDs at all the are very very centric on the legacy gTLDs and in particular .com,” he said.

“I think the data is overstated because of the random variation but there is a learning here when we break it down… that those legacy domains are becoming less relevant or less noticed by the younger people and the people who are registering these new gTLDs,” he said.

“I think there is a shift going on, but it’s not as big as what is stated here [in the numbers],” he said.

The surveys also looked at awareness and registration levels for new, 2012-round gTLDs, but again the numbers probably don’t accurately reflect reality.

For example, 39% of registrants claimed to have heard of .email domain names and 15% claimed to have actually registered one.

Again, these numbers don’t seem plausible. There are fewer than 60,000 .email domains in existence today. Even if there were only one million domain registrants in the world, 15% registration rate would mean at least 150,000 names should have been sold.

Dickinson said that this number could have been higher due to selection bias. The survey took about half an hour on average to fill out, so people more personally interested or invested in internet or domain name related stuff might have been more likely to stick around and complete it.

Interestingly, new gTLD awareness rates in North America were substantially lower than awareness elsewhere in the world. For example, only 25% of North Americans professed to have heard of .news, but that grew to 42% in Asia where most languages use a different script.

My sense here is that respondents — which all took the surveys in their native languages — may have just been clicking to confirm English words they recognized, rather than TLDs they had seen in the wild.

Nielsen clearly suspected that there would be an element of “false recall” among respondents because it actually included some fake TLDs among the real ones.

This led to findings such as: 26% of Africans have heard of .cairo, 17% of North Americans have heard of .toronto and 21% of South Americans have heard of .bogota.

None of those city TLDs exist.

Dickinson explained this as “assumed familiarity”.

“What very much seems to happen is that if something has an implied ‘face validity’ — it seems to make sense or seems to be readily interpretable — then those ones will get higher stated awareness than the ones that are just random letters, such as .xyz,” he said.

Indeed, while there are over six million .xyz domains out there today, with high-profile registrants including Google, only 13% of respondents claimed to be aware of it.

“The more implied familiarity or sense of familiarity there is, the more likely people are to feel like they’ve been there or seen it, so it’s definitely a false recall, but the learning from that is that the more interpretable… those things are then they have more easy acceptance by consumers than things that are not interpretable,” Dickinson said.

The surveys did not only cover awareness and registration patterns. There are literally hundreds of data points in there covering different perceptions of TLDs new and old. I’ve just focused here on the ones that made me question whether the survey was worth the time, expense and paper it was written on.

But Dickinson said that the raw numbers are not necessarily what the ICANN review teams should be looking at.

“Maybe the absolute number is not exactly dead-on, but what are the relationships between the numbers?” he said.

“I tend to look at the relationships, so for example one of the objectives of doing this survey was to see if the new gTLD program impacted the perception of the industry in any way, or trustworthiness in the industry,” he said.

“For example, we can say we’re not sure it improved — the numbers didn’t change significantly in that direction to allow us to definitively say it improved — but it certainly did not decline,” he said. “We can rule out that it declined.”

“Overall, we can say that the new gTLD program is emerging with fairly strong awareness, relative,” he said.

“We can also say with certainty that none of those new gTLDs are anywhere approaching the awareness of the legacy gTLDs, and even if there is some erosion in the legacy gTLDs it’s going to take a long time for those to reach parity, if they ever do,” he said.

The Nielsen surveys are one input to the work of the volunteer CCT Review Team, which intends to publish its preliminary report before the end of the year.

CCT-RT chair Jonathan Zuck recently published a blog post on the ICANN web site giving a progress report on recent work.

Nominet has sights set on .org after M+M deal

Nominet chief Russell Haworth is hopeful that its new outsourcing deal with Minds + Machines will help it win a much more lucrative back-end contract — .org.

The company is among the 20-plus companies that have responded to Public Interest Registry’s request for proposals, as its back-end deal with Afilias comes to an end.

Nominet is one of a handful of companies — which would also include Verisign, Afilias, CNNIC and DENIC — that currently handles zones the size or larger than .org, which at over 10 million names is about the same size as .uk.

It, like PIR, is also a not-for-profit entity that donates excess funds to good causes, which could count in its favor.

But Haworth told DI today that showing the ability to handle a complex TLD migration may help its bid.

“I personally think that it would stand us in good stead, but we’ll have to see how the process plays out,” he told DI today. “With .org there’s 19-odd players pitching for that, so it’s a fairly competitive field.”

If the migration were to happen today, we’d be looking at around 300,000 domains changing hands. It’s likely to be a somewhat larger number by the time it actually happens.

Collectively, it will be one of the largest back-end transitions to date, though the largest individual affected gTLD, .work, currently has fewer than 100,000 names in its zone.

Haworth said that the plan is to migrate M+M’s portfolio over to Nominet’s systems one at a time.

He was hesitant to characterize the migration process as “easy”, but said Nominet already has such systems in place due to its role as one of ICANN’s Emergency Back-End Registry Operators.

Earlier this year, Nominet temporarily took over defunct dot-brand .doosan, in order to test the EBERO process.

A back-end migration primarily covers DNS resolution and EPP systems.

It sounds like the EPP portion may be the more complex. Some of M+M’s gTLDs have restrictions and tiered pricing that may require EPP extensions Nominet does not currently use in its TLDs.

But the DNS piece may hold the most risk — if something breaks, registrants names stop resolving and web sites go dark.

Haworth said Nominet is also talking to other new gTLD registries about taking over back-end operations. Registries signed three, five or seven-year contracts with their RSPs when the 2012 application round opened, and some are coming up for renewal soon, he said.

Nominet says it will become a top ten back-end after the M+M migration is done.

Over 20 companies fighting for .org contract

Kevin Murphy, March 31, 2016, Domain Registries

More than 20 companies want to take over the back-end registry for the .org gTLD, according to Public Interest Registry.

PIR put the contract, currently held by Afilias, up for bidding with a formal Request For Information in February.

It’s believed to be worth north of $33 million to Afilias per year.

PIR told DI today that it “received more than 20 responses to its RFI for back-end providers from organisations representing 15 countries.”

That represents a substantial chunk of the back-end market, but there are only a handful of registry service providers currently handling zones as big as .org.

.org has about 11 million names under management. Only .com, .net and a few ccTLDs (Germany, China and the UK spring to mind) have zones the same size or larger.

PIR said it would not be making any specific details about the bidders available.

The non-profit says it plans to award the contract by the end of the year.

$33 million .org contract up for grabs

Kevin Murphy, February 16, 2016, Domain Registries

Public Interest Registry, operator of .org, has put its back-end registry services contract up for grabs.

The deal could be worth around $33 million a year, judging by its current relationship with incumbent back-end Afilias.

PIR said in a statement today:

The organisation desires to contract with a qualified back-end registry services provider that shares a similar reputation and holds itself to the highest operational and ethical standards. The selected back-end registry service provider should be a “valued business partner” – an organisation that combines outstanding qualifications in service delivery with the ability to engage Public Interest Registry in a business relationship that seeks strategic and innovative approaches to enhance the capability and efficiency of service delivery.

The contract was actually supposed to end in January, according to the Internet Society resolution that approved it back in 2010.

According to PIR’s most recent available tax return (pdf), Afilias was paid $33.2 million in 2014.

It was paid $31 million in 2013 when its total revenue for the year we know to be $77 million. So it’s a pretty big deal for Afilias.

The payments are mainly, but not exclusively, for domain name registry services, according to PIR’s tax returns.

Afilias also operates a few additional services related to PIR’s expansion in the non-governmental organization market, such as a database of NGOs used for validation purposes.

But if we over-simplify things, a roughly $33 million annual payout for a 10-million-domain zone works to something in the ballpark of $3 per name per year.

Given some of the numbers I’ve heard thrown around over the last few years, I expect there are a few back-end providers out there that would be more than happy to offer a cheaper deal.

It will be the first time Afilias has had to fight for the .org contract since 2010, thought PIR has done a couple of analyses over the last few years to make sure it’s getting a fair deal in line with market prices.

Since 2010 the number of back-end registry providers has exploded due to the advent of the new gTLD program, so there will be more competition for the .org contract.

That said, none of the new providers are yet proven at the scale of .org, which has over 10.6 million names at the last count.

PIR expects to award the contract before December 2016.

Interested vendors have until March 5 to express their interest on this web site.

PIR rebrands, talks up “Facebook-like” new gTLDs

Kevin Murphy, September 30, 2013, Domain Registries

Public Interest Registry is dropping the .org from its primary branding in preparation for the launch of its new gTLDs.

CEO Brian Cute said that branding the registry around .org “made a lot of sense when we were a single product company”, but that the time has come to put the PIR name front and center.

PIR logoThe new logo incorporates “Your”, as a result of focus groups, testing and because Cute says “really reflects to us our commitment to the communities we serve”.

PIR has applied to ICANN for .ngo, for Non-Governmental Organization, along with Latin equivalent .ong and four transliterations of .org in Cyrillic, Hindi and Chinese.

Cute told DI that the plan for .ngo and .ong is to have a space in which, unlike .org, the identities of the registrants have been validated.

There’s going to be a searchable directory, a portal, and a “Facebook-like” service for registrants, he said.

“We’re going to have profile pages, so if a registrant doesn’t want to stand up a full website, there’ll be a Facebook-like profile they can populate,” he said.

It sounds like PIR is thinking about a template-driven approach to getting content on .ngo domains, somewhat similar to how .tel works (though it won’t be mandatory in .ngo) or Employ Media’s .Jobs Universe.

But Cute said neither of those concepts inspired PIR, which is building its profile service from scratch.

It’s an interesting way to market a TLD, and I’m positive that PIR won’t be the only new gTLD applicant to do something along these lines.