Latest news of the domain name industry

Recent Posts

Donuts took down 11 domains for Hollywood last year

Kevin Murphy, February 28, 2017, Domain Policy

Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.

The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.

The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.

Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.

For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.

“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.

Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:

Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.

Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.

The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”

It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.

Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.

The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.

Now the DNA backpedals on “Copyright UDRP”

Kevin Murphy, February 27, 2017, Domain Policy

The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.

The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.

The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.

The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.

PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.

It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.

The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.

The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.

In the statement, the DNA says:

some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.

While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.

Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.

The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.

In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:

While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.

In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.

The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.

The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.

PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

Losers would either have their domain suspended or, like UDRP, seized by the complainant.

The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.

But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.

The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.

The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.

I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.

Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.

Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.

Copyright ADRP may not be dead yet, but its future does not look bright.

UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.

The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.

As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.

The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.

However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.

“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.

The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.

Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.

Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.

PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.

No other registry has publicly stated similar plans to my knowledge.

The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.

The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.

And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.

This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.

Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.

The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.

But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).

The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.

It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.

That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.

But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.

Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.

Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.

Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.

Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.

While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.

“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”

Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Afilias retains .org back-end deal

Kevin Murphy, November 15, 2016, Domain Registries

Public Interest Registry is sticking with Afilias to run the .org registry back-end.

The announcement came yesterday after a open procurement process that lasted for most of 2016.

Over 20 back-end providers from 15 nations — basically the entire industry — responded to PIR’s February request for proposals, we reported back in March.

Afilias retaining the contract is not a huge surprise. The bidding process was widely believed to be a way for non-profit PIR to reduce its costs, believed to be among the highest in the industry.

PIR said yesterday:

Afilias was selected as the best value solution based on the objective criteria and requirements set forth in Public Interest Registry’s procurement process. It is anticipated that Afilias will commence operations under the new contractual agreement on Jan. 1, 2018.

It’s very likely that the new deal will be worth a lot less to Afilias than the current arrangement, which costs PIR about $33 million per year.

In 2013, the last year for which we have Afilias’ financials, .org brought in $31 million of its $77 million revenue.

It’s believed that PIR is currently paying about $3 per domain per year, but Kieren McCarthy at The Register, citing unnamed industry sources, reckons that’s now been bumped down to $2, saving PIR about $10 million per year.

The .org gTLD has about 11.2 million domains under management, but its numbers have been slipping for several months, according to registry reports.

Nominet has sights set on .org after M+M deal

Nominet chief Russell Haworth is hopeful that its new outsourcing deal with Minds + Machines will help it win a much more lucrative back-end contract — .org.

The company is among the 20-plus companies that have responded to Public Interest Registry’s request for proposals, as its back-end deal with Afilias comes to an end.

Nominet is one of a handful of companies — which would also include Verisign, Afilias, CNNIC and DENIC — that currently handles zones the size or larger than .org, which at over 10 million names is about the same size as .uk.

It, like PIR, is also a not-for-profit entity that donates excess funds to good causes, which could count in its favor.

But Haworth told DI today that showing the ability to handle a complex TLD migration may help its bid.

“I personally think that it would stand us in good stead, but we’ll have to see how the process plays out,” he told DI today. “With .org there’s 19-odd players pitching for that, so it’s a fairly competitive field.”

If the migration were to happen today, we’d be looking at around 300,000 domains changing hands. It’s likely to be a somewhat larger number by the time it actually happens.

Collectively, it will be one of the largest back-end transitions to date, though the largest individual affected gTLD, .work, currently has fewer than 100,000 names in its zone.

Haworth said that the plan is to migrate M+M’s portfolio over to Nominet’s systems one at a time.

He was hesitant to characterize the migration process as “easy”, but said Nominet already has such systems in place due to its role as one of ICANN’s Emergency Back-End Registry Operators.

Earlier this year, Nominet temporarily took over defunct dot-brand .doosan, in order to test the EBERO process.

A back-end migration primarily covers DNS resolution and EPP systems.

It sounds like the EPP portion may be the more complex. Some of M+M’s gTLDs have restrictions and tiered pricing that may require EPP extensions Nominet does not currently use in its TLDs.

But the DNS piece may hold the most risk — if something breaks, registrants names stop resolving and web sites go dark.

Haworth said Nominet is also talking to other new gTLD registries about taking over back-end operations. Registries signed three, five or seven-year contracts with their RSPs when the 2012 application round opened, and some are coming up for renewal soon, he said.

Nominet says it will become a top ten back-end after the M+M migration is done.

Over 20 companies fighting for .org contract

Kevin Murphy, March 31, 2016, Domain Registries

More than 20 companies want to take over the back-end registry for the .org gTLD, according to Public Interest Registry.

PIR put the contract, currently held by Afilias, up for bidding with a formal Request For Information in February.

It’s believed to be worth north of $33 million to Afilias per year.

PIR told DI today that it “received more than 20 responses to its RFI for back-end providers from organisations representing 15 countries.”

That represents a substantial chunk of the back-end market, but there are only a handful of registry service providers currently handling zones as big as .org.

.org has about 11 million names under management. Only .com, .net and a few ccTLDs (Germany, China and the UK spring to mind) have zones the same size or larger.

PIR said it would not be making any specific details about the bidders available.

The non-profit says it plans to award the contract by the end of the year.

$33 million .org contract up for grabs

Kevin Murphy, February 16, 2016, Domain Registries

Public Interest Registry, operator of .org, has put its back-end registry services contract up for grabs.

The deal could be worth around $33 million a year, judging by its current relationship with incumbent back-end Afilias.

PIR said in a statement today:

The organisation desires to contract with a qualified back-end registry services provider that shares a similar reputation and holds itself to the highest operational and ethical standards. The selected back-end registry service provider should be a “valued business partner” – an organisation that combines outstanding qualifications in service delivery with the ability to engage Public Interest Registry in a business relationship that seeks strategic and innovative approaches to enhance the capability and efficiency of service delivery.

The contract was actually supposed to end in January, according to the Internet Society resolution that approved it back in 2010.

According to PIR’s most recent available tax return (pdf), Afilias was paid $33.2 million in 2014.

It was paid $31 million in 2013 when its total revenue for the year we know to be $77 million. So it’s a pretty big deal for Afilias.

The payments are mainly, but not exclusively, for domain name registry services, according to PIR’s tax returns.

Afilias also operates a few additional services related to PIR’s expansion in the non-governmental organization market, such as a database of NGOs used for validation purposes.

But if we over-simplify things, a roughly $33 million annual payout for a 10-million-domain zone works to something in the ballpark of $3 per name per year.

Given some of the numbers I’ve heard thrown around over the last few years, I expect there are a few back-end providers out there that would be more than happy to offer a cheaper deal.

It will be the first time Afilias has had to fight for the .org contract since 2010, thought PIR has done a couple of analyses over the last few years to make sure it’s getting a fair deal in line with market prices.

Since 2010 the number of back-end registry providers has exploded due to the advent of the new gTLD program, so there will be more competition for the .org contract.

That said, none of the new providers are yet proven at the scale of .org, which has over 10.6 million names at the last count.

PIR expects to award the contract before December 2016.

Interested vendors have until March 5 to express their interest on this web site.

PIR goes live with three non-Latin .org gTLDs

Kevin Murphy, March 10, 2014, Domain Registries

The internet has its first IDN versions of legacy gTLDs.

Public Interest Registry had three new gTLDs delegated over the weekend, all non-Latin versions of its flagship .org.

The gTLDs were .संगठन, which means “organization” in Hindi, and the Chinese .机构 and .组织机构, which seem to be two ways of saying “organization” too.

They’re not strictly speaking transliterations, as they represent whole dictionary words conceptually related to .org, rather than trying to approximate the spoken sound of “org”.

The .com equivalents Verisign has applied for in other scripts are actually meant to sound the same as “com” without actually meaning “commercial” or “company” in their language.

Because PIR has taken a different approach, there’s no grandfathering for existing .org registrants.

These three new gTLDs will be unrestricted, according to PIR’s applications, but will have slightly stricter rules on abuse — no porn will be allowed, for example.