Latest news of the domain name industry

Recent Posts

ICANN ordered to freeze .hotel after “serious questions” about trade secrets “theft”

Kevin Murphy, September 3, 2020, Domain Policy

ICANN has been instructed to place the proposed .hotel gTLD in limbo after four applicants for the string raised “sufficiently serious questions” that ICANN may have whitewashed the “theft” of trade secrets.

The order was handed down last month by the emergency panelist in the Independent Review Process case against ICANN by claimants Fegistry, MMX, Radix and Domain Ventures Partners.

Christopher Gibson told ICANN to “maintain the status quo” with regards the .hotel contention set, meaning currently winning applicant Hotel Top Level Domain, which is now owned by Afilias, won’t get contracted or delegated until the IRP is resolved.

At the core of the decision (pdf) is Gibson’s view that the claimants raised “sufficiently serious questions related to the merits” in allegations that ICANN mishandled and acted less than transparently in its investigation into a series of data breaches several years ago.

You may recall that ICANN seriously screwed up its new gTLD application portal, configuring in such a way that any applicant was able to search for and view the confidential data, including financial information such as revenue projections, of any other competing applicant.

Basically, ICANN was accidentally publishing applicants’ trade secrets on its web site for years.

ICANN discovered the glitch in 2015 and conducted an audit, which initially fingered Dirk Krischenowski — who at time was the half-owner of a company that owned almost half of HTLD as well as a lead consultant on the bid — as the person who appeared to have accessed the vast majority of the confidential data in March and April 2014.

ICANN did not initially go public with his identity, but it did inform the affected applicants and I managed to get a copy of the email, which said he’d downloaded about 200 records he shouldn’t have been able to access.

It later came to light that Krischenowski was not the only HTLD employee to use the misconfiguration to access data — according to ICANN, then-CEO of HTLD Katrin Ohlmer and lawyer Oliver Süme had too.

HTLD execs have always denied any wrongdoing, and as far as I know there’s never been any action against them in the proper courts. Krischenowski has maintained that he had no idea the portal was glitched, and he was using it in good faith.

Also, neither Ohlmer nor Krischenowski are still involved with HTLD, having been bought out by Afilias after the hacking claims emerged.

These claims of trade secret “theft” are being raised again now because the losing .hotel applicants think ICANN screwed up its probe and basically tried to make it go away out of embarrassment.

Back in August 2016, the ICANN board decided that demands to cancel the HTLD application were “not warranted”. Ohlmer barely gets a mention in the resolution’s rationale.

The losing applicants challenged this decision in a Request for Reconsideration in 2016, known as Request 16-11 (pdf). In that request, they argued that the ICANN board had basically ignored Ohlmer’s role.

Request 16-11 was finally rejected by the ICANN board in January last year, with the board saying it had in fact considered Ohlmer when making its decision.

But the IRP claimants now point to a baffling part of ICANN’s rationale for doing so: that it found “no evidence that any of the confidential information that Ms. Ohlmer (or Mr. Krischenowski) improperly accessed was provided to HTLD”.

In other words, ICANN said that the CEO of the company did not provide the information that she had obtained to the company of which she was CEO. Clear?

Another reason for brushing off the hacking claims has been that HTLD could have seen no benefit during the application process by having access to its rivals’ confidential data.

HTLD won the contention set, avoiding the need for an auction, in a Community Priority Evaluation. ICANN says the CPE was wholly based on information provided in its 2012 application, so any data obtained in 2014 would have been worthless.

But the losing applicants say that doesn’t matter, as HTLD/Afilias still have access to their trade secrets, which could make the company a more effective competitor should .hotel be delegated.

This all seems to have been important to Gibson’s determination. He wrote in his emergency ruling (pdf) last month:

The Emergency Panelist determines that Claimants have raised “sufficiently serious questions related to the merits” in in relation to the Board’s denial of Request 16-11, with respect to the allegations concerning the Portal Configuration issues in Request 16-11. This conclusion is made on the basis of all of the above information, and in view of Claimants’ IRP Request claim that ICANN subverted the investigation into HTLD’s alleged theft of trade secrets. In particular, Claimants claim that ICANN refused to produce key information underlying its reported conclusions in the investigation; that it violated the duty of transparency by withholding that information; that the Board’s action to ignore relevant facts and law was a violation of Bylaws; and further, to extent the BAMC and/or Board failed to have such information before deciding to disregard HTLD’s alleged breach, that violated their duty of due diligence upon reasonable investigation, and duty of independent judgment.

The Emergency Panelist echoes concerns that were raised initially by the Despegar IRP Panel regarding the Portal Configuration issues, where that Panel found that “serious allegations” had been made188 and referenced Article III(1) of ICANN’s Bylaws in effect at that time, but declined to make a finding on those issues, indicating “that it should remain open to be considered at a future IRP should one be commenced in respect of this issue.” Since that time, ICANN conducted an internal investigation of the Portal Configuration issues, as noted above; however, the alleged lack of disclosure, as well as certain inconsistencies in the decisions of the BAMC and the Board regarding the persons to whom the confidential information was disclosed and their relationship to, or position with HTLD, as well as ICANN’s decision to ultimately rely on a “no harm no foul” rationale when deciding to permit the HTLD application to proceed, all raise sufficiently serious questions related to the merits of whether the Board breached ICANN’s Article, Bylaws or other polices and commitments.

It’s important to note that this is not a final ruling that ICANN did anything wrong, it’s basically the ICANN equivalent of a ruling on a preliminary injunction and Gibson is saying the claimants’ allegations are worthy of further inquiry.

And the ruling did not go entirely the way of the claimants. Gibson in fact ruled against them on most of their demands.

For example, he said their was insufficient evidence to revisit claims that a review of the CPE process carried out by FTI Consulting was a whitewash, and he refused to order ICANN to preserve documentation relating to the case (though ICANN has said it will do so anyway).

He also ruled against the claimants on a few procedural issues, such as their demands for an Ombudsman review and for IRP administrator the International Center for Dispute Resolution to recuse itself.

Some of their claims were also time-barred under ICANN’s equivalent of the statute of limitations.

But ICANN will be prevented from contracting with HTLD/Afilias for now, which is a key strategic win.

ICANN reckons the claimants are just using the IRP to try to force deep-pocketed Afilias into a private auction they can be paid to lose, and I don’t doubt there’s more than a grain of truth in that claim.

But if it exposes another ICANN cover-up in the process, I for one can live with that.

The case continues…

ICANN throws out “Ugly Houses” UDRP appeal

Kevin Murphy, July 20, 2020, Domain Policy

ICANN has rejected an unprecedented attempt to get a UDRP decision overturned using the Reconsideration process.

The Board Accountability Mechanisms Committee late last week summarily dismissed a Request for Reconsideration filed by a group called the Emily Rose Trust.

Emily Rose had lost a UDRP case in May concerning the domain name uglyhousesri.com, which it had been using for the last couple of years to run a home renovation-and-resale service in Rhode Island.

The complainant was a company called HomeVestors, which has been running a near-identical service called We Buy Ugly Houses (a phrase it has trademarked) for substantially longer.

The National Arbitration Forum panelist had decided that the domain was confusingly similar to the mark, and that the similarity of the services constituted bad faith use.

In filing the rather poorly-written RfR, Emily Rose argued among other things that “Ugly Houses” is a generic term not protected by the mark.

But ICANN did not consider the merits of its request, instead rejecting the RfR for being outside the scope of the process.

The BAMC said that UDRP decisions do not involved the action or inaction of the ICANN board or staff, and are therefore not subject to board Reconsideration.

While UDRP decisions are often contested in court, this RfR makes it clear that ICANN is not an avenue for appeal in individual cases.

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

Kevin Murphy, February 7, 2020, Domain Policy

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.

The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.

It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.

The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).

The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.

There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.

This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.

There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.

HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.

CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.

Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.

There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.

Naturally, the remaining applicants were not happy about this, and started to fight back.

The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.

That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.

The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.

Guess what? That got rejected too.

So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.

The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.

While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.

ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.

Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.

Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”

The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.

When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.

The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.

But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.

Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.

Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.

And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.

A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.

A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.

In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.

The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.

It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.

This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.

It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.

FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.

They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.

The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.

It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.

The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”

“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.

“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.

ICANN is yet to file its response to the complaint.

Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.

Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.

The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.

ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.

The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.

With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

ASO uses super powers to demand ICANN turn over .org buyout docs

Kevin Murphy, January 2, 2020, Domain Policy

In an unprecedented move, ICANN’s Address Supporting Organization has exercised its special powers to demand ICANN hand over documents relating to the Ethos Capital acquisition of .org’s Public Interest Registry.

There’s a possibility, however small, that this could be the first shot in a war that could see the PIR acquisition scrapped.

Fair warning, this story is going to get pretty nerdy, which may not be compatible with the fuzzy-headedness that usually accompanies the first working day of the year. We’re heading into the overgrown weeds of the ICANN bylaws here, for which I apologize in advance.

The ASO — the arm of the ICANN community concerned with IP address policy — has asked ICANN Org for access to records concerning the $1.135 billion acquisition of PIR, which has attracted lots of criticism from non-profits, domainers and others since it was announced.

It’s unprecedented, and of interest to ICANN watchers, for a few reasons.

First, this is the ASO making the request. The ASO comprises the five Regional Internet Registries, the bodies responsible for handing out chunks of IP address space to ISPs around the world. It doesn’t normally get involved in policy related to domain names such as .org.

Second, it’s invoking an hitherto untested part of ICANN’s new bylaws that allows the certain community entities that make up the “Empowered Community” to make “Inspection Requests” of ICANN Org.

Third, and perhaps most importantly, there’s a hint of a threat that the ASO and other members of the EC may use their extraordinary powers to attempt to prevent the PIR acquisition from going ahead.

Before we unpick all of this, this is what the ASO has sent to ICANN, according to its December 31 statement:

As a Decisional Participant in the Empowered Community and pursuant to ICANN Bylaws section 22.7, the ASO hereby submits this Inspection Request to inspect the records of ICANN, including minutes of the Board or any Board Committee, for the purpose of determining whether the ASO’s may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement. For this purpose, the ASO seeks to inspect any ICANN records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement, including the process by which input from the affected community will be obtained prior to ICANN’s consideration and potential approval of the assignment.

The Empowered Community is the entity that replaced the US government as ICANN’s primary overseer, following the IANA transition in late 2016.

Its members cover the breadth of the ICANN community, comprising the ASO, Generic Names Supporting Organization, Country Code Names Supporting Organization, Governmental Advisory Committee and At-Large Advisory Committee. Each member is a “Decisional Participant”.

Since the transition, its only real functions have been to approve appointments to the ICANN board of directors and to rubber-stamp the budget, but it does have some pretty powerful tools at its disposal, such as the nuclear ability to fire the entire board.

One of the powers enjoyed by each Decisional Participant, which has never been invoked publicly, is to make an Inspection Request — a demand to see ICANN’s accounts or documents related to the board’s decisions.

In this case, the ASO wants “records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement”.

But will it get this information? It seems the Inspection Request bylaw is a little bit like ICANN’s longstanding freedom-of-information commitment, the Documentary Information Disclosure Policy, with some key differences that arguably make the IR process less transparent.

Like DIDP, the IR process gives ICANN Org a whole buffet of rejection criteria to choose from. It can refuse requests for reasons of confidentiality or legal privilege, for example, or if it thinks the request is overly broad.

It can also reject a request if “is motivated by a Decisional Participant’s financial, commercial or political interests, or those of one or more of its constituents”, which makes the fact that this request is coming from the ASO particularly interesting.

If the GAC or the GNSO or the ccNSO, or even the ALAC, had made the request, ICANN could quite reasonably have thrown it out on the basis of “commercial or political interests”.

That’s not the case with the ASO, which makes me wonder (aloud, it seems) whether the ASO had received any nudges from other members of the EC before filing the request.

Inspection Requests also differ from DIDP in that any documents that are turned over are not necessarily published, and ICANN can also force the Decisional Participant to file a non-disclosure agreement covering their contents.

ICANN can even demand that an ASO member shows up at its Los Angeles headquarters in person to read (and, if they want, copy) the docs in question.

In short, ICANN has a lot of wriggle room to refuse or frustrate the ASO’s request, and it has a track record of not being particularly receptive to these kinds of demands.

The grey-hairs out there will recall that Karl Auerbach, one of its own directors, was forced to sue the organization back in 2002, just in order to have a look at its books.

But what’s perhaps most tantalizing about the ASO’s request is its excuse for wanting to inspect the documents in question.

It says it need the info “for the purpose of determining whether the ASO’s [sic] may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement”.

One way of interpreting this is that the ASO needed to state a reason for its request and this is pretty much all it’s got.

But what powers does the Empowered Community have that could potentially cover the acquisition of PIR by Ethos? It certainly does not have the power to directly approve or reject the transfer of control of a gTLD contract.

The EC has nine bulleted powers in the ICANN bylaws. Some of them are explicitly about things like budgets and bylaws amendments, which could not possibly come into play here. I reckon only four could feasibly apply:

(i) Appoint and remove individual Directors (other than the President);

(ii) Recall the entire Board;

(viii) Initiate a Community Reconsideration Request, mediation or a Community IRP; and

(ix) Take necessary and appropriate action to enforce its powers and rights, including through the community mechanism contained in Annex D or an action filed in a court of competent jurisdiction.

Short of lawyering up or having the entire board taken out and shot, it seems like the most likely power that could be invoked at first would be the Community Reconsideration Request.

Judging by the bylaws, this is virtually identical to the normal Request for Reconsideration process, a process which very rarely results in ICANN actually reconsidering its decisions.

The major difference is that at least three of the five members of the Empowered Community has to vote in favor of filing such a request, and no more than one may object.

If they manage to muster up this consent — which could take many weeks — the fact that the reconsideration request comes from the “Community” rather than a single entity appears to make substantially no difference to how it is rejected considered by ICANN.

Threatening ICANN with a Community Reconsideration Request is a little like threatening to jump through an increasingly narrow series of hoops, only to find the last one leads into a pit filled with ICANN lawyers with laser beams attached to their heads.

A Community Independent Review Process, however, is a different kettle of snakes.

It’s substantially the same as a regular IRP — where ICANN’s fate is decided by a panel of three retired judges — except ICANN has to pay the complainant’s legal fees as well as its own.

ICANN’s track record with IRPs is not fantastic. It can and does lose them fairly regularly.

Could the ASO’s letter be the first portent of a community-led IRP bubbling up behind the scenes? Could such a move delay the PIR acquisition, putting Ethos’ plan for a profit-driven, price-raising .org on hold for a year or two? It’s certainly not impossible.

ICANN throws out second .org appeal, so URS stays

Kevin Murphy, December 18, 2019, Domain Registries

The Uniform Rapid Suspension process is to stay in .org, after the ICANN board of directors rejected an appeal from the Electronic Frontier Foundation.

The EFF had challenged the inclusion of URS in the recently renegotiated .org Registry Agreement, on the basis that the anti-cybersquatting system was designed for post-2012 new gTLDs and was never supposed to be deployed in legacy gTLDs such as .org.

In a Request for Reconsideration, the EFF had argued that ICANN had ignored the many commenters opposed to its inclusion in the contract, and that the board had shirked its duties by delegating the renegotiation to ICANN’s executive leadership.

But the board disagreed on both of these counts, saying in its resolution and accompanying 36-page analysis (pdf) that at no point had the organization broken its bylaws.

ICANN did not ignore the anti-URS comments, the board said, it simply decided that on balance the public interest was better served by having URS in the contract.

The Requestor has not demonstrated that ICANN Staff failed to seek or support broad participation, ascertain the global public interest, or act for the public benefit. To the contrary, ICANN org’s transparent processes reflect the Staff’s continuous efforts to ascertain and pursue the global public interest by migrating the legacy gTLDs to the Base RA.

Additionally, the board was well within its rights to delegate negotiation and approval of the RA to the CEO, the board decided. The fact that the EFF disagrees with that position does not amount to a basis of reconsideration, it found.

Since the EFF filed its RfR back in August, we’ve had the news of the $1.135 billion acquisition of .org manager Public Interest Registry by Ethos Capital, which will see it convert from a non-profit to a for-profit concern.

The EFF has since had the chance to put allegations to ICANN that its staff was aware of the deal before it was announced, and that the acquisition should have factored into its consideration of the RA renewal.

But ICANN flatly denies that it knew about the deal, which was announced four months after the renewal:

Since neither the Board nor ICANN Staff were aware of the PIR acquisition when the decision to renew the .ORG RA was made, there was no material information not considered, and therefore this is not a proper basis for reconsideration.

The Ethos Capital acquisition of PIR, which was announced more than four months after the execution of the .ORG Renewed RA, did not impact ICANN Staff’s determination that ICANN’s Mission and Core Values were best served by migrating the .ORG RA to the Base RA.

In conclusion, like almost all filers of RfRs, the EFF is SOL.

Another RfR, filed by the registrar NameCheap and related primary to .org pricing, was similarly rejected by ICANN’s board a few weeks ago.

ICANN is, however, currently quizzing Ethos and PIR seller ISOC for more details about the acquisition before it approves the change of contractor.

ICANN board meets to consider PIR acquisition TODAY

Kevin Murphy, November 21, 2019, Domain Policy

ICANN’s board of directors will gather today to consider whether the acquisition of Public Interest Registry by a private equity company means that it should reverse its own decision to allow PIR to raise .org prices arbitrarily.

Don’t get too excited. It looks like it’s largely a process formality that won’t lead to any big reversals, at least in the short term.

But I’ve also learned that the controversy could ultimately be heading to an Independent Review Process case, the final form of appeal under ICANN rules.

The board is due to meet today with just two named agenda items: Reconsideration Request 19-2 and Reconsideration Request 19-3.

Those are the appeals filed by the registrar Namecheap in July and rights group the Electronic Frontier Foundation in August.

Namecheap and EFF respectively wanted ICANN to reverse its decisions to remove PIR’s 10%-a-year price-raising caps and to oblige the registry to enforce the Uniform Rapid Suspension anti-cybersquatting policy.

Both parties now claim that the sale by the Internet Society of PIR to private equity firm Ethos Capital, announced last week, casts new light on the .org contract renewal.

The deal means PIR will change from being a non-profit to being a commercial venture, though PIR says it will stick to its founding principles of supporting the non-profit community.

I reported a couple of weeks ago that the board had thrown out both RfRs, but it turns out that was not technically correct.

The full ICANN board did in fact consider both appeals, but it was doing so in only a “preliminary” fashion, according to an ICANN spokesperson. ICANN told me:

On 3 November the Board considered “proposed determinations” for both reconsideration request 19-2 and 19-3. In essence, the Board was taking up the Board Accountability Mechanism Committee (BAMC) role, as the BAMC had not been able to reach quorum in early November due to certain recusals by BAMC members.

Once the Board adopted the proposed determinations (in lieu of the BAMC issuing a recommendation to the Board) the parties that submitted the reconsideration requests had 15 days to submit a rebuttal, for the Board’s full consideration of the matter, which is now on the agenda.

Normally, RfRs are considered first by the four-person BAMC, but in this case three of the members — Sarah Deutsch, Nigel Roberts, and Becky Burr — recused themselves out of the fear of appearing to present conflicts of interest.

The committee obviously failed to hit a quorum, so the full board took over its remit to give the RfRs their first pass.

The board decided that there had been no oversights or wrongdoing. Reconsideration always presents a high bar for requestors. The .org contract was negotiated, commented on, approved, and signed completely in compliance with ICANN’s governing rules, the board decided.

But the ICANN bylaws allow for a 15-day period following a BAMC recommendation during which rejected RfR appellants can submit a rebuttal.

And, guess what, both of them did just that, and both rebuttals raise the PIR acquisition as a key reason ICANN should think again about the .org contract changes.

The acquisition was announced a week ago, and it appears to have come as much of a surprise to ICANN as to everyone else. It’s a new fact that the ICANN board has not previously taken into account when considering the two RfRs, which could prove important.

Namecheap reckons that the deal means that PIR is now almost certain to raise .org prices. New gTLD registry Donuts was bough by Ethos affiliate Abry Partners last year, and this year set about raising prices across the large majority of its 200-odd gTLDs. Namecheap wrote in its rebuttal:

Within months of be acquired by Abry Partners, it raised prices in 2019 for 220 out of its 241 TLDs. Any statements by PIR now to not raise prices unreasonably are just words, and without price caps, there is no way that .org registrants are not used a source to generate revenue for acquisitions or to pay dividends to its shareholders.

It also said:

The timing and the nature of this entire process is suspicious, and in a well-regulated industry, would draw significant scrutiny from regulators. For ICANN not to scrutinize this transaction closely in a completely transparent and accountable fashion (including public disclosure of pertinent information regarding the nature, cost, the terms of any debt associated with the acquisition, timeline of all parties involved, and the principals involved) would demonstrate that ICANN org and the ICANN Board do not function as a trusted or reliable internet steward.

Namecheap also takes issue with the fact that ICANN’s ruling on its RfR (pdf) draws heavily on a 2009 economic analysis by Professor Dennis Carlton, which concluded that price caps were unnecessary in the new gTLD program.

The registrar trashes this analysis as being based on more opinion than fact, and says it is based on outdated market data.

Meanwhile, the EFF’s rebuttal makes the acquisition one of four reasons why it thinks ICANN should reverse course. It said;

ICANN must carefully reexamine the .ORG Registry Agreement in light of this news. Without the oversight and participation of the nonprofit community, measures that give the registry authority to institute new [Rights Protection Mechanisms] or make other major policy changes invite management decisions that conflict with the needs of the .ORG community.

Quite often, RfRs are declined by ICANN because the requestor does not present any new information that the board has not already considered. But in this case, the fact of the PIR acquisition is empirically new information, as it’s only week-old news.

Will this help Namecheap and the EFF with their cause? The board will certainly have to consider this new information, but I still think it’s unlikely that it will change its mind.

But I’ve also learned that Namecheap has filed with ICANN to trigger a Cooperative Engagement Process procedure.

The CEP is an often-lengthy bilateral process where ICANN and an aggrieved party attempt to resolve their differences in closed-door talks.

When CEP fails, it often leads to an Independent Review Process complaint, when both sides lawyer up and three retired judges are roped in to adjudicate. These typically cost both sides hundreds of thousands of dollars in legal fees.

CEP and IRP cases are usually measured in years rather than months, so the PIR acquisition could be under scrutiny for a long time to come.

Surprise! ICANN throws out complaints about .org price caps

Kevin Murphy, November 4, 2019, Domain Policy

ICANN has rejected two appeals against its decision to lift price caps and introduce new anti-cybersquatting measures in the .org space.

In other news, gambling is going on in Rick’s Cafe.

NameCheap and the Electronic Frontier Foundation both filed Requests for Reconsideration with ICANN back in July and August concerning the .org contract renewal.

NameCheap argued that ICANN should have listened to the deluge of public comments complaining about the removal of price caps in Public Interest Registry’s .org contract, while EFF complained about the inclusion of the Uniform Rapid Suspension rights protection mechanism.

Reconsideration requests are usually handled by the Board Accountability Mechanisms Committee but this time around three of its four members (Sarah Deutsch, Nigel Roberts, and Becky Burr) decided to recuse themselves due to the possibility of perception of conflicts of interest.

That meant the committee couldn’t reach a quorum and the RfRs went to ICANN’s outside lawyers for review instead, before heading to the full ICANN board.

This hasn’t happened before, to my recollection.

Also unprecedented, the board’s full discussion of both requests was webcast live (and archived here), which negates the need for NameCheap or the EFF to demand recordings, which is their right under the bylaws.

But the upshot is basically the same as if the BAMC had considered the requests in private — both were denied in a unanimous (with the three recusals) vote.

Briefing the board yesterday, ICANN associate general counsel Elizabeth Le said:

There was no evidence to support that ICANN Org ignored public consultation. Indeed both renewals went out for public comments and there were over 3,700 comments received, all of which ICANN reviewed and evaluated and it was discussed in not only the report of public comments, but it was discussed through extensive briefings with the ICANN board…

Ultimately, the fact that the removal of the price caps was part of the Registry Agreements does not render the public comment process a sham or that ICANN failed to act in the public benefit or that ICANN Org ignored material information.

General counsel John Jeffrey and director Avri Doria both noted that the board may not have looked at each individual comment, but rather grouped together based on similarity. Doria said:

Whether one listens to the content once or listens to it 3,000 times, they have understood the same content. And so I really just wanted to emphasize the point that it’s not the number of comments, it’s the content of the comments.

This seems to prove the point I made back in April, when this controversy first emerged, that letter-writing campaigns don’t work on ICANN.

As if to add insult to injury, the board at the same meeting yesterday approved paying an annual bonus to the ICANN Ombudsman, who attracted criticism from NameCheap and the Internet Commerce Association after dismissing many of the public comments as “more akin to spam”.

.org price cap complaints more like “spam” says Ombudsman

Kevin Murphy, September 11, 2019, Domain Policy

ICANN’s Ombudsman has sided with with ICANN in the fight over the lifting of price caps on .org domains, saying many of the thousands of comments objecting to the move were “more akin to spam”.

Herb Waye was weighing in on two Requests for Reconsideration, filed by NameCheap and the Electronic Frontier Foundation in July and August after ICANN and Public Interest Registry signed their controversial new registry agreement.

NameCheap wants ICANN to reverse its decision to allow PIR to raise .org prices by however much it chooses, while the EFF complained primarily about the fact that the Uniform Rapid Suspension anti-cybersquatting measure now appears in the contract.

In both cases, the requestors fumed that ICANN seemed to “ignore” the more than 3,200 comments that were filed in objection back in April, with NameCheap calling the public comment process a “sham”.

But Waye pointed to the fact that many of these comments were filed by people using a semi-automated web form hosted by the pro-domainer Internet Commerce Association.

As far as comments go for ICANN, 3200+ appears to be quite a sizeable number. But, seeing as how the public comments can be filled out and submitted electronically, it is not unexpected that many of the comments are, in actuality, more akin to spam.

With this eyebrow-raising comparison fresh in my mind, I had to giggle when, a few pages later, Waye writes (emphasis in original):

I am charged with being the eyes and ears of the Community. I must look at the matter through the lens of what the Requestor is asking and calling out. The Ombuds is charged with being the watchful eyes of the ICANN Community. The Ombuds is also charged with being the alert “ears” of the Community — with listening — with making individuals, whether Requestors or complainants or those just dropping by for an informal chat, feel heard.

Waye goes on to state that the ICANN board of directors was kept well-briefed on the status of the contract negotiations and that it had been provided with ICANN staff’s summary of the public comments.

He says that allowing ICANN’s CEO to execute the contract without a formal board vote did not go against ICANN rules (which Waye says he has “an admittedly layman’s understanding” of) because contractual matters are always delegated to senior staff.

In short, he sees no reason for ICANN to accept either Request for Reconsideration.

The Ombudsman is not the decision-maker here — the two RfRs will be thrown out considered by ICANN’s Board Accountability Mechanisms Committee at its next meeting, before going to the full board.

But I think we’ve got a pretty good indication here of which way the wind is blowing.

You can access the RfR materials and Waye’s responses here.

Another victory for Amazon as ICANN rejects Colombian appeal

Kevin Murphy, September 9, 2019, Domain Registries

Amazon’s application for .amazon has moved another step closer to reality, after ICANN yesterday voted to reject an appeal from the Colombian government.

The ICANN board of directors voted unanimously, with two conflict-related abstentions, to adopt the recommendation of its Board Accountability Mechanisms Committee, which apparently states that ICANN did nothing wrong when it decided back in May to move .amazon towards delegation.

Neither the board resolution nor the BAMC recommendation has been published yet, but the audio recording of the board’s brief vote on Colombia’s Request for Reconsideration yesterday can be found here.

As you will recall, Colombia and the seven other governmental members of the Amazon Cooperation Treaty Organization have been trying to stymie Amazon’s application for .amazon on what you might call cultural appropriation grounds.

ACTO governments think they have the better right to the string, and they’ve been trying to get veto power over .amazon’s registry policies, something Amazon has been strongly resisting.

Amazon has instead offered a set of contractual Public Interest Commitments, such as giving ACTO the ability to block culturally sensitive strings, in the hope of calming the governments’ concerns.

These PICs, along with Amazon’s request for Spec 13 dot-brand status, will likely be published for 30 days of public comment this week, Global Domains Division head Cyrus Namazi told the board.

Expect fireworks.

After comments are closed, ICANN will then make any tweaks to the PICs that are necessary, before moving forward to contract-signing with Amazon, Namazi .said.

The Amazon is burning. Is this good news for .amazon?

Kevin Murphy, August 26, 2019, Domain Policy

With the tide of international opinion turning against Brazil due to the ongoing forest fires in the Amazon, could we see governments change their tune when it comes to Amazon’s application for .amazon?

A much higher number of forest fires than usual are currently burning in the region, largely in Brazil, which critics led by environmentalists and French president Emmanuel Macron have blamed on relaxed “slash and burn” farming policies introduced by new Brazilian president Jair Bolsonaro.

The rain forest is an important carbon sink, said to provide 20% of the world’s oxygen. The more of it is lost, the harder it is to tackle climate change, the argument goes.

It’s been an important topic at the Macro-hosted G7 summit, which ends today. Even the bloody Pope has weighed in.

Arguably, the stakes are nothing less than the survival of human civilization and life on Earth itself.

And this is a story about domain names. Sorry. This is a blog about domain names. My hands are tied.

Amazon the company has been fighting governments over its application for .amazon, along with the Chinese and Japanese translations, for over six years.

ICANN’s Governmental Advisory Committee was responsible for killing off .amazon in 2013 after it decided by consensus that Amazon’s application should not proceed.

That decision was only reached after the US, under the Obama administration, decided to abstain from discussions.

The US had been protecting Amazon by blocking GAC consensus, but changed its tune partly in order to throw a bone to world leaders, including then-president of Brazil Dilma Rousseff, who were outraged by CIA analyst Edward Snowden’s revelations of widespread US digital espionage.

After ICANN dutifully followed the GAC advice and rejected Amazon’s gTLD applications, Amazon appealed via the Independent Review Process and, in 2017, won.

The IRP panel ruled that the GAC’s objection had no clear grounding in public policy that could be gleaned from the record. It told ICANN to re-open the applications and evaluate them objectively.

Ever since then, the GAC’s advice to ICANN has been that it must “facilitate a mutually acceptable solution” between Amazon and the eight nations of the Amazon Cooperation Treaty Organization.

ICANN has been doing just that, or at least attempting to, for the last couple of years.

But the two parties failed to come to an agreement. ACTO wants to have essential veto power over Amazon’s use of .amazon, whereas Amazon is only prepared to offer lists of protected names, a minority position in any policy-setting body, and some sweeteners.

In May this year, ICANN’s board of directors voted to move .amazon along towards delegation, noting that there was “no public policy reason” why it should not.

In June, the government of Colombia filed a Request for Reconsideration with ICANN, demanding it reevaluate that decision.

The RfR was considered by ICANN’s Board Accountability Measures Committee at its meeting August 14, but its recommendation has not yet been published. I’m expecting it to be posted this week.

There’s still opportunity for the GAC to cause mischief, or act as a further delay on .amazon, but will it, in light of some country’s outrage over Brazil’s policy over the rain forest?

One could argue that if the nation that has the largest chunk of Amazon within its borders seems to have little regard to its international importance, why should its claim to ownership of the string “amazon” get priority over a big brand that has offered to protect culturally significant words and phrases?

Remember, as the example of the US in 2012/13 shows us, it only takes one government to block a GAC consensus. If Brazil or Peru continue to pursue their anti-Amazon path, could France throw a spanner in the works, smoothing .amazon’s road to delegation?

Anything’s possible, I suppose, but my feeling is that most governments back ACTO’s position largely because they’re worried that they could find themselves in a similar position of having to fight off an application for a “geographic” string in the next gTLD application round.