Hacking claims resurface as .hotel losers force ICANN to lawyer up again

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.
The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.
It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.
The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).
The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.
There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.
This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.
There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.
HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.
CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.
Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.
There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.
Naturally, the remaining applicants were not happy about this, and started to fight back.
The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.
That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.
The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.
Guess what? That got rejected too.
So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.
The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.
While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.
ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.
Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.
Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”
The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.
When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.
The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.
But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.
Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.
Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.
And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.
A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.
A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.
In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.
The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.
It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.
This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.
It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.
FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.
They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.
The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.
It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.
The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”
“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.
“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.
ICANN is yet to file its response to the complaint.
Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.
Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.
The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.
ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.
The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.
With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

ASO uses super powers to demand ICANN turn over .org buyout docs

In an unprecedented move, ICANN’s Address Supporting Organization has exercised its special powers to demand ICANN hand over documents relating to the Ethos Capital acquisition of .org’s Public Interest Registry.
There’s a possibility, however small, that this could be the first shot in a war that could see the PIR acquisition scrapped.
Fair warning, this story is going to get pretty nerdy, which may not be compatible with the fuzzy-headedness that usually accompanies the first working day of the year. We’re heading into the overgrown weeds of the ICANN bylaws here, for which I apologize in advance.
The ASO — the arm of the ICANN community concerned with IP address policy — has asked ICANN Org for access to records concerning the $1.135 billion acquisition of PIR, which has attracted lots of criticism from non-profits, domainers and others since it was announced.
It’s unprecedented, and of interest to ICANN watchers, for a few reasons.
First, this is the ASO making the request. The ASO comprises the five Regional Internet Registries, the bodies responsible for handing out chunks of IP address space to ISPs around the world. It doesn’t normally get involved in policy related to domain names such as .org.
Second, it’s invoking an hitherto untested part of ICANN’s new bylaws that allows the certain community entities that make up the “Empowered Community” to make “Inspection Requests” of ICANN Org.
Third, and perhaps most importantly, there’s a hint of a threat that the ASO and other members of the EC may use their extraordinary powers to attempt to prevent the PIR acquisition from going ahead.
Before we unpick all of this, this is what the ASO has sent to ICANN, according to its December 31 statement:

As a Decisional Participant in the Empowered Community and pursuant to ICANN Bylaws section 22.7, the ASO hereby submits this Inspection Request to inspect the records of ICANN, including minutes of the Board or any Board Committee, for the purpose of determining whether the ASO’s may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement. For this purpose, the ASO seeks to inspect any ICANN records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement, including the process by which input from the affected community will be obtained prior to ICANN’s consideration and potential approval of the assignment.

The Empowered Community is the entity that replaced the US government as ICANN’s primary overseer, following the IANA transition in late 2016.
Its members cover the breadth of the ICANN community, comprising the ASO, Generic Names Supporting Organization, Country Code Names Supporting Organization, Governmental Advisory Committee and At-Large Advisory Committee. Each member is a “Decisional Participant”.
Since the transition, its only real functions have been to approve appointments to the ICANN board of directors and to rubber-stamp the budget, but it does have some pretty powerful tools at its disposal, such as the nuclear ability to fire the entire board.
One of the powers enjoyed by each Decisional Participant, which has never been invoked publicly, is to make an Inspection Request — a demand to see ICANN’s accounts or documents related to the board’s decisions.
In this case, the ASO wants “records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement”.
But will it get this information? It seems the Inspection Request bylaw is a little bit like ICANN’s longstanding freedom-of-information commitment, the Documentary Information Disclosure Policy, with some key differences that arguably make the IR process less transparent.
Like DIDP, the IR process gives ICANN Org a whole buffet of rejection criteria to choose from. It can refuse requests for reasons of confidentiality or legal privilege, for example, or if it thinks the request is overly broad.
It can also reject a request if “is motivated by a Decisional Participant’s financial, commercial or political interests, or those of one or more of its constituents”, which makes the fact that this request is coming from the ASO particularly interesting.
If the GAC or the GNSO or the ccNSO, or even the ALAC, had made the request, ICANN could quite reasonably have thrown it out on the basis of “commercial or political interests”.
That’s not the case with the ASO, which makes me wonder (aloud, it seems) whether the ASO had received any nudges from other members of the EC before filing the request.
Inspection Requests also differ from DIDP in that any documents that are turned over are not necessarily published, and ICANN can also force the Decisional Participant to file a non-disclosure agreement covering their contents.
ICANN can even demand that an ASO member shows up at its Los Angeles headquarters in person to read (and, if they want, copy) the docs in question.
In short, ICANN has a lot of wriggle room to refuse or frustrate the ASO’s request, and it has a track record of not being particularly receptive to these kinds of demands.
The grey-hairs out there will recall that Karl Auerbach, one of its own directors, was forced to sue the organization back in 2002, just in order to have a look at its books.
But what’s perhaps most tantalizing about the ASO’s request is its excuse for wanting to inspect the documents in question.
It says it need the info “for the purpose of determining whether the ASO’s [sic] may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement”.
One way of interpreting this is that the ASO needed to state a reason for its request and this is pretty much all it’s got.
But what powers does the Empowered Community have that could potentially cover the acquisition of PIR by Ethos? It certainly does not have the power to directly approve or reject the transfer of control of a gTLD contract.
The EC has nine bulleted powers in the ICANN bylaws. Some of them are explicitly about things like budgets and bylaws amendments, which could not possibly come into play here. I reckon only four could feasibly apply:

(i) Appoint and remove individual Directors (other than the President);
(ii) Recall the entire Board;
…
(viii) Initiate a Community Reconsideration Request, mediation or a Community IRP; and
(ix) Take necessary and appropriate action to enforce its powers and rights, including through the community mechanism contained in Annex D or an action filed in a court of competent jurisdiction.

Short of lawyering up or having the entire board taken out and shot, it seems like the most likely power that could be invoked at first would be the Community Reconsideration Request.
Judging by the bylaws, this is virtually identical to the normal Request for Reconsideration process, a process which very rarely results in ICANN actually reconsidering its decisions.
The major difference is that at least three of the five members of the Empowered Community has to vote in favor of filing such a request, and no more than one may object.
If they manage to muster up this consent — which could take many weeks — the fact that the reconsideration request comes from the “Community” rather than a single entity appears to make substantially no difference to how it is rejected considered by ICANN.
Threatening ICANN with a Community Reconsideration Request is a little like threatening to jump through an increasingly narrow series of hoops, only to find the last one leads into a pit filled with ICANN lawyers with laser beams attached to their heads.
A Community Independent Review Process, however, is a different kettle of snakes.
It’s substantially the same as a regular IRP — where ICANN’s fate is decided by a panel of three retired judges — except ICANN has to pay the complainant’s legal fees as well as its own.
ICANN’s track record with IRPs is not fantastic. It can and does lose them fairly regularly.
Could the ASO’s letter be the first portent of a community-led IRP bubbling up behind the scenes? Could such a move delay the PIR acquisition, putting Ethos’ plan for a profit-driven, price-raising .org on hold for a year or two? It’s certainly not impossible.

ICANN throws out second .org appeal, so URS stays

The Uniform Rapid Suspension process is to stay in .org, after the ICANN board of directors rejected an appeal from the Electronic Frontier Foundation.
The EFF had challenged the inclusion of URS in the recently renegotiated .org Registry Agreement, on the basis that the anti-cybersquatting system was designed for post-2012 new gTLDs and was never supposed to be deployed in legacy gTLDs such as .org.
In a Request for Reconsideration, the EFF had argued that ICANN had ignored the many commenters opposed to its inclusion in the contract, and that the board had shirked its duties by delegating the renegotiation to ICANN’s executive leadership.
But the board disagreed on both of these counts, saying in its resolution and accompanying 36-page analysis (pdf) that at no point had the organization broken its bylaws.
ICANN did not ignore the anti-URS comments, the board said, it simply decided that on balance the public interest was better served by having URS in the contract.

The Requestor has not demonstrated that ICANN Staff failed to seek or support broad participation, ascertain the global public interest, or act for the public benefit. To the contrary, ICANN org’s transparent processes reflect the Staff’s continuous efforts to ascertain and pursue the global public interest by migrating the legacy gTLDs to the Base RA.

Additionally, the board was well within its rights to delegate negotiation and approval of the RA to the CEO, the board decided. The fact that the EFF disagrees with that position does not amount to a basis of reconsideration, it found.
Since the EFF filed its RfR back in August, we’ve had the news of the $1.135 billion acquisition of .org manager Public Interest Registry by Ethos Capital, which will see it convert from a non-profit to a for-profit concern.
The EFF has since had the chance to put allegations to ICANN that its staff was aware of the deal before it was announced, and that the acquisition should have factored into its consideration of the RA renewal.
But ICANN flatly denies that it knew about the deal, which was announced four months after the renewal:

Since neither the Board nor ICANN Staff were aware of the PIR acquisition when the decision to renew the .ORG RA was made, there was no material information not considered, and therefore this is not a proper basis for reconsideration.
…
The Ethos Capital acquisition of PIR, which was announced more than four months after the execution of the .ORG Renewed RA, did not impact ICANN Staff’s determination that ICANN’s Mission and Core Values were best served by migrating the .ORG RA to the Base RA.

In conclusion, like almost all filers of RfRs, the EFF is SOL.
Another RfR, filed by the registrar NameCheap and related primary to .org pricing, was similarly rejected by ICANN’s board a few weeks ago.
ICANN is, however, currently quizzing Ethos and PIR seller ISOC for more details about the acquisition before it approves the change of contractor.

ICANN board meets to consider PIR acquisition TODAY

ICANN’s board of directors will gather today to consider whether the acquisition of Public Interest Registry by a private equity company means that it should reverse its own decision to allow PIR to raise .org prices arbitrarily.
Don’t get too excited. It looks like it’s largely a process formality that won’t lead to any big reversals, at least in the short term.
But I’ve also learned that the controversy could ultimately be heading to an Independent Review Process case, the final form of appeal under ICANN rules.
The board is due to meet today with just two named agenda items: Reconsideration Request 19-2 and Reconsideration Request 19-3.
Those are the appeals filed by the registrar Namecheap in July and rights group the Electronic Frontier Foundation in August.
Namecheap and EFF respectively wanted ICANN to reverse its decisions to remove PIR’s 10%-a-year price-raising caps and to oblige the registry to enforce the Uniform Rapid Suspension anti-cybersquatting policy.
Both parties now claim that the sale by the Internet Society of PIR to private equity firm Ethos Capital, announced last week, casts new light on the .org contract renewal.
The deal means PIR will change from being a non-profit to being a commercial venture, though PIR says it will stick to its founding principles of supporting the non-profit community.
I reported a couple of weeks ago that the board had thrown out both RfRs, but it turns out that was not technically correct.
The full ICANN board did in fact consider both appeals, but it was doing so in only a “preliminary” fashion, according to an ICANN spokesperson. ICANN told me:

On 3 November the Board considered “proposed determinations” for both reconsideration request 19-2 and 19-3. In essence, the Board was taking up the Board Accountability Mechanism Committee (BAMC) role, as the BAMC had not been able to reach quorum in early November due to certain recusals by BAMC members.
Once the Board adopted the proposed determinations (in lieu of the BAMC issuing a recommendation to the Board) the parties that submitted the reconsideration requests had 15 days to submit a rebuttal, for the Board’s full consideration of the matter, which is now on the agenda.

Normally, RfRs are considered first by the four-person BAMC, but in this case three of the members — Sarah Deutsch, Nigel Roberts, and Becky Burr — recused themselves out of the fear of appearing to present conflicts of interest.
The committee obviously failed to hit a quorum, so the full board took over its remit to give the RfRs their first pass.
The board decided that there had been no oversights or wrongdoing. Reconsideration always presents a high bar for requestors. The .org contract was negotiated, commented on, approved, and signed completely in compliance with ICANN’s governing rules, the board decided.
But the ICANN bylaws allow for a 15-day period following a BAMC recommendation during which rejected RfR appellants can submit a rebuttal.
And, guess what, both of them did just that, and both rebuttals raise the PIR acquisition as a key reason ICANN should think again about the .org contract changes.
The acquisition was announced a week ago, and it appears to have come as much of a surprise to ICANN as to everyone else. It’s a new fact that the ICANN board has not previously taken into account when considering the two RfRs, which could prove important.
Namecheap reckons that the deal means that PIR is now almost certain to raise .org prices. New gTLD registry Donuts was bough by Ethos affiliate Abry Partners last year, and this year set about raising prices across the large majority of its 200-odd gTLDs. Namecheap wrote in its rebuttal:

Within months of be acquired by Abry Partners, it raised prices in 2019 for 220 out of its 241 TLDs. Any statements by PIR now to not raise prices unreasonably are just words, and without price caps, there is no way that .org registrants are not used a source to generate revenue for acquisitions or to pay dividends to its shareholders.

It also said:

The timing and the nature of this entire process is suspicious, and in a well-regulated industry, would draw significant scrutiny from regulators. For ICANN not to scrutinize this transaction closely in a completely transparent and accountable fashion (including public disclosure of pertinent information regarding the nature, cost, the terms of any debt associated with the acquisition, timeline of all parties involved, and the principals involved) would demonstrate that ICANN org and the ICANN Board do not function as a trusted or reliable internet steward.

Namecheap also takes issue with the fact that ICANN’s ruling on its RfR (pdf) draws heavily on a 2009 economic analysis by Professor Dennis Carlton, which concluded that price caps were unnecessary in the new gTLD program.
The registrar trashes this analysis as being based on more opinion than fact, and says it is based on outdated market data.
Meanwhile, the EFF’s rebuttal makes the acquisition one of four reasons why it thinks ICANN should reverse course. It said;

ICANN must carefully reexamine the .ORG Registry Agreement in light of this news. Without the oversight and participation of the nonprofit community, measures that give the registry authority to institute new [Rights Protection Mechanisms] or make other major policy changes invite management decisions that conflict with the needs of the .ORG community.

Quite often, RfRs are declined by ICANN because the requestor does not present any new information that the board has not already considered. But in this case, the fact of the PIR acquisition is empirically new information, as it’s only week-old news.
Will this help Namecheap and the EFF with their cause? The board will certainly have to consider this new information, but I still think it’s unlikely that it will change its mind.
But I’ve also learned that Namecheap has filed with ICANN to trigger a Cooperative Engagement Process procedure.
The CEP is an often-lengthy bilateral process where ICANN and an aggrieved party attempt to resolve their differences in closed-door talks.
When CEP fails, it often leads to an Independent Review Process complaint, when both sides lawyer up and three retired judges are roped in to adjudicate. These typically cost both sides hundreds of thousands of dollars in legal fees.
CEP and IRP cases are usually measured in years rather than months, so the PIR acquisition could be under scrutiny for a long time to come.

.org price cap complaints more like “spam” says Ombudsman

ICANN’s Ombudsman has sided with with ICANN in the fight over the lifting of price caps on .org domains, saying many of the thousands of comments objecting to the move were “more akin to spam”.
Herb Waye was weighing in on two Requests for Reconsideration, filed by NameCheap and the Electronic Frontier Foundation in July and August after ICANN and Public Interest Registry signed their controversial new registry agreement.
NameCheap wants ICANN to reverse its decision to allow PIR to raise .org prices by however much it chooses, while the EFF complained primarily about the fact that the Uniform Rapid Suspension anti-cybersquatting measure now appears in the contract.
In both cases, the requestors fumed that ICANN seemed to “ignore” the more than 3,200 comments that were filed in objection back in April, with NameCheap calling the public comment process a “sham”.
But Waye pointed to the fact that many of these comments were filed by people using a semi-automated web form hosted by the pro-domainer Internet Commerce Association.

As far as comments go for ICANN, 3200+ appears to be quite a sizeable number. But, seeing as how the public comments can be filled out and submitted electronically, it is not unexpected that many of the comments are, in actuality, more akin to spam.

With this eyebrow-raising comparison fresh in my mind, I had to giggle when, a few pages later, Waye writes (emphasis in original):

I am charged with being the eyes and ears of the Community. I must look at the matter through the lens of what the Requestor is asking and calling out. The Ombuds is charged with being the watchful eyes of the ICANN Community. The Ombuds is also charged with being the alert “ears” of the Community — with listening — with making individuals, whether Requestors or complainants or those just dropping by for an informal chat, feel heard.

Waye goes on to state that the ICANN board of directors was kept well-briefed on the status of the contract negotiations and that it had been provided with ICANN staff’s summary of the public comments.
He says that allowing ICANN’s CEO to execute the contract without a formal board vote did not go against ICANN rules (which Waye says he has “an admittedly layman’s understanding” of) because contractual matters are always delegated to senior staff.
In short, he sees no reason for ICANN to accept either Request for Reconsideration.
The Ombudsman is not the decision-maker here — the two RfRs will be thrown out considered by ICANN’s Board Accountability Mechanisms Committee at its next meeting, before going to the full board.
But I think we’ve got a pretty good indication here of which way the wind is blowing.
You can access the RfR materials and Waye’s responses here.

Another victory for Amazon as ICANN rejects Colombian appeal

Amazon’s application for .amazon has moved another step closer to reality, after ICANN yesterday voted to reject an appeal from the Colombian government.
The ICANN board of directors voted unanimously, with two conflict-related abstentions, to adopt the recommendation of its Board Accountability Mechanisms Committee, which apparently states that ICANN did nothing wrong when it decided back in May to move .amazon towards delegation.
Neither the board resolution nor the BAMC recommendation has been published yet, but the audio recording of the board’s brief vote on Colombia’s Request for Reconsideration yesterday can be found here.
As you will recall, Colombia and the seven other governmental members of the Amazon Cooperation Treaty Organization have been trying to stymie Amazon’s application for .amazon on what you might call cultural appropriation grounds.
ACTO governments think they have the better right to the string, and they’ve been trying to get veto power over .amazon’s registry policies, something Amazon has been strongly resisting.
Amazon has instead offered a set of contractual Public Interest Commitments, such as giving ACTO the ability to block culturally sensitive strings, in the hope of calming the governments’ concerns.
These PICs, along with Amazon’s request for Spec 13 dot-brand status, will likely be published for 30 days of public comment this week, Global Domains Division head Cyrus Namazi told the board.
Expect fireworks.
After comments are closed, ICANN will then make any tweaks to the PICs that are necessary, before moving forward to contract-signing with Amazon, Namazi .said.

EFF becomes second to appeal new .org contract

The Electronic Frontier Foundation has appealed ICANN’s decision to add stronger trademark protection rules to .org.
The civil liberties organization has filed a Request for Reconsideration with ICANN, saying that the new .org contract should not oblige Public Interest Registry to implement the Uniform Rapid Suspension policy.
URS is a swifter, cheaper version of the anti-cybersquatting UDRP policy. It can lead to clear-cut cases of trademark-infringing domains being relatively quickly suspended, but not transferred.
But the EFF is worried that it could be abused to curtail free speech.
It said URS is “particularly dangerous for the many .org registrants who are engaged in an array of noncommercial work, including criticism of governments and corporations”.
URS was created via ICANN’s bottom-up, community-led policy-making process to apply to new gTLDs applied for in 2012, not legacy gTLDs such as .org, EFF argues,
Adding more rights protection to a legacy gTLD “should be initiated, if at all, through the multistakeholder policy development process, not in bilateral negotiations between a registry operator and ICANN staff”, the RfR states.
The EFF is also concerned that the new contract allows PIR to unilaterally create its own additional rights protection mechanisms.
I don’t think this is a new power, however. Remember when PIR proposed a “Copyright UDRP” a couple of years ago, evidently as a way to turf out The Pirate Bay? That plan was swiftly killed off after protests from, among others, the EFF.
The EFF’s reconsideration request (pdf) does not address the issue of price increase caps, which were removed in the new contract.
That more-controversial provision is already the subject of an RfR, filed by NameCheap last month.
Both RfRs will be dealt with by ICANN’s Board Accountability Mechanisms Committee before being passed to the full board.

Can NameCheap reverse .org price cap scrap?

NameCheap has taken it upon itself to fight ICANN’s decision to remove price increase caps on .org. But does it stand a snowball’s chance in hell of winning?
The registrar has filed a Request for Reconsideration with ICANN, appealing the organization’s signing of a Registry Agreement with Public Interest Registry that allows PIR to raise prices by however much it wants, more or less whenever that it wants.
NameCheap, which had over 390,000 .org domains under management at the last count, says it is fighting for 700-odd of its customers whose comments, filed with ICANN, were allegedly not taken into account when the decision was made, along with registrars and everyone else that may be adversely impacted by unfettered .org price increases.
NameCheap thinks its business could be harmed if price increases are uncapped, with customers perhaps letting their domains expire instead of renewing. It’s RfR states:

The decision by ICANN org to unilaterally remove the price caps when renewing legacy TLDs with little (if any) evidence to support the decision goes against ICANN’s Commitments and Core Values, and will result in harm to millions of internet users throughout the world.
…
Unrestricted price increases for legacy TLDs will stifle internet innovation, harm lesser served regions and groups, and significantly disrupt the internet ecosystem. An incredible variety of public comments was submitted to ICANN from all continents (except Antarctica) imploring ICANN to maintain the legacy TLD price caps — which were completely discounted and ignored by ICANN org.

Before the new contract was signed, PIR was limited to a 10% increase in its .org registry fee every year. It didn’t always exercise that right, and has said twice in recent months that it still has no plans to increase its prices.
The new contract — which has already been signed and is in effect — was subjected to a public comment period that attracted over 3,200 comments, almost all of them expressing support for maintaining the caps.
Despite not-for-profit PIR’s protestations, many commenters came from the position that giving PIR the power to increase its fee without limit would very possibly lead to price gouging.
That ICANN allegedly “ignored” these comments is the key pillar of NameCheap’s RfR case.
The public comment period was a “sham”, the registrar claims.
But is this enough to make ICANN change its mind and (somehow) unsign the .org contract?
There are three ways, under ICANN’s bylaws, to win an RfR.
Requestors can show that the board or staff did something that contradicts “ICANN’s Mission, Commitments, Core Values and/or established ICANN policy(ies)”
They also win if they can show the decision was was taken “without consideration of material information” or with “reliance on false or inaccurate relevant information”.
It’s quite a high bar, and most RfRs are rejected by the Board Accountability Mechanisms Committee, which is the court of first instance for reconsideration requests.
Requestors rarely show up with sufficient new information sufficiently persuasive to kick the legs from under ICANN’s original decision, and the question of something contradicting ICANN’s core principles is usually a matter of interpretation.
For example, in this case, NameCheap is arguing that failing to side with the commenters who disagreed with the removal of price caps amounts to a breach of ICANN’s Core Value to make all decisions in consultation with stakeholders:

The ICANN org will decide whether to accept or reject public comment, and will unilaterally make its own decisions — even if that ignores the public benefit or almost unanimous feedback to the contrary, and is based upon conclusory statements not supported by the evidence. This shows that the public comment process is basically a sham, and that ICANN org will do as it pleases in this and other matters.

But one of ICANN’s stated reasons for approving the contract was to abide by its Core Value to depend “on market mechanisms to promote and sustain a competitive environment in the DNS market”. It doesn’t want to be a price regulator, in other words.
So we have a clash of Core Values here. It will be pretty easy for ICANN’s lawyers — who drafted the contract and will draft the resolutions of the BAMC and the full board — to argue that the Core Values were respected.
I think NameCheap is going to have a hard time here.
Even if it were to win, how on earth does one unsign a contract? As far as I can tell, ICANN has no termination rights that would apply here.
Where the RfR will certainly succeed is to force the ICANN board itself to take ownership, on the record, of the .org contract decision.
As ICANN explained to DI earlier this month, while the board was very much kept in the loop on the state of negotiations, it was senior staff that made all the calls on the new contract.
But an RfR means that the BAMC, which comprises five directors, will first have to raise their hands to confirm the .org decision was kosher.
NameCheap will then get a chance to file a rebuttal before the BAMC decision is handed to the full ICANN board for a confirmatory vote.
While the first two board discussions of the .org contract were not minuted, the bylaws contain an interesting feature related to RfRs that I’d never noticed before today:

If the Requestor so requests, the Board shall post both a recording and a transcript of the substantive Board discussion from the meeting at which the Board considered the Board Accountability Mechanisms Committee’s recommendation.

I sincerely hope NameCheap invokes this right, as I think it’s pretty important that we get some additional clarity on ICANN’s thinking here.

.amazon frozen AGAIN as endless government games continue

Amazon’s application for the .amazon gTLD has yet again been frozen, after a South American government invoked ICANN’s appeals process.
The bid, as well as applications for the Chinese and Japanese versions, were returned to “on-hold” status at the weekend, after Colombia filed a formal Request for Reconsideration, an ICANN spokesperson confirmed to DI.
“The processing toward contracting of the .AMAZON applications has been halted pending the resolution of Request 19-1, per ICANN organization’s normal processes,” the spokesperson said.
This means the applications could remain frozen for 135 days, until late October, while ICANN processes the request. It’s something that has happened several times with other contested gTLDs.
Colombia filed RfR 19-1 (pdf) on June 15. It demands that ICANN reverses its board’s decision of May 15, which handed Amazon a seemingly decisive victory in its long-running battle with the eight governments of the Amazon Cooperation Treaty Organization.
ACTO’s members believe they should have policy control over .amazon, to protect the interests of their citizens who live in the region they share.
To win an RfR — something that hardly ever happens — a complainant has to show that the ICANN board failed to consider pertinent information before it passed a resolution.
In Colombia’s case, it argues that the board ignored an April 7 letter (since published in PDF format here) its Governmental Advisory Committee representative sent that raises some interesting questions about how Amazon proposes to operate its TLDs.
Because .amazon is meant to be a highly restricted “dot-brand” gTLD, it would presumably have to incorporate Specification 13 into its ICANN registry agreements.
Spec 13 releases dot-brands from commitments to registrar competition and trademark protection in exchange for a commitment that only the brand itself will be able to own domains in the TLD.
But Colombia points out that Amazon’s proposal (pdf) to protect ACTO governments’ interests would give the eight countries and ACTO itself “beneficial ownership” over a single domain each (believed to be names such as co.amazon, .br.amazon, etc).
If this means that Amazon would not qualify for Spec 13, it could follow that ICANN’s board made its decision to continue processing .amazon on faulty assumptions, Colombia argues.
Colombia points to the case of .sas, a dot-brand that is apparently shared by two companies that have the same brand, as a possible model for shared management of .amazon.
RfRs are handled by ICANN’s Board Accountability Mechanisms Committee.
BAMC took just a couple of days to rule out (pdf) Colombia’s request for “urgent reconsideration”, which would reduce its regular response time from 90 days to 7 days.
The committee said that because the .amazon applications were being placed back on-hold as part of normal procedure during consideration of an RfR, no harm could come to Colombia that would warrant “urgent” reconsideration.
According to ICANN’s spokesperson, under its bylaws the latest the board can respond to Colombia’s request is October 28.
At a GAC session at the ICANN 65 meeting in Marrakech, taking place right now, several ACTO governments have just spent over an hour firmly and publicly protesting ICANN’s actions surrounding .amazon.
They’re still talking as I hit “publish” on this post.
In a nutshell, they believe that ICANN has ignored GAC advice and reneged on its commitment to help Amazon and ACTO reach a “mutually acceptable solution”.

Yanks beat Aussies to accountancy gTLD

The contention set for .cpa has been resolved, clearing the way for a new accountancy-themed gTLD.
The winner is the American Institute of Certified Public Accountants, which submitted two bids for the string — one “community”, one vanilla, both overtly defensive in nature — back in 2012.
Its main rival, CPA Australia, which also applied on a community basis, withdrew its application two weeks ago.
Commercial registries Google, MMX and Donuts all have withdrawn their applications since late December, leaving only the two AICPA applications remaining.
This week, AICPA withdrew its community application, leaving its regular “single registrant” bid the winner.
AICPA is the US professional standards body for accountants, CPA Australia is the equivalent organization in Australia. ACIPA has 418,000 members, CPA Australia has 150,000.
Both groups failed their Community Priority Evaluations back in 2015 on the basis that their communities were tightly restricted to their own membership, and therefore too restrictive.
AICPA later amended its community application to permit CPAs belonging to non-US trade groups to register.
Both organizations were caught up in the CPE review that also entangled and delayed the likes of .music and .gay. They’ve also both appealed to ICANN with multiple Requests for Reconsideration and Cooperative Engagement Process engagements.
CPA Australia evidently threw in the towel after a December 14 resolution of ICANN’s Board Accountability Mechanisms Committee decision to throw out its latest RfR. It quit its CEP January 9.
It’s likely a private resolution of the set, perhaps an auction, occurred in December.
The winning application from AICPA states fairly unambiguously that the body has little appetite for actually running .cpa as a gTLD:

The main reasons for which AICPA submits this application for the .cpa gTLD is that it wants to prevent third parties from securing the TLD that is identical to AICPA’s highly distinctive and reputable trademark

So don’t get too excited if you’re an accountant champing at the bit for a .cpa domain. It’s going to be an unbelievably restrictive TLD, according to the application, with AICPA likely owning all the domains for years after delegation.