ICANN accused of power grab over $271 million auction fund

ICANN has acted outside of its powers by ignoring community policy recommendations and leaving its $271 million gTLD auction windfall open to being frittered away on lawyers, according to community members.

The Intellectual Property Constituency of the GNSO has filed a formal Request for Reconsideration over a board resolution passed at ICANN 78 last month in Hamburg, and other constituencies may add their names to it shortly.

The row concerns the huge cash pile ICANN was left sitting on following the auction of 17 new gTLD contracts between 2014 and 2016, which raised $240 million (as of July, around $271 million after investment returns and ICANN helping itself to a portion to fund its operations reserve).

It was decided that the money should be used to fund a grant program for worthy causes, with organizations able to apply for up to $500,000 during discrete rounds, the first of which is due to open next year with a $10 million pot. Around $220 million is believed to be earmarked for the grant program over its lifetime.

But the Cross Community Working Group for Auction Proceeds (CCWG-AP) that came up with the rules of the program was concerned that unsuccessful applicants, or others chagrined by ICANN’s grant allocations, might challenge decisions using ICANN’s accountability mechanisms.

This would cause money earmarked for worthy causes to be spaffed away on lawyers, which the CCWG-AP wanted to avoid, so it recommended that ICANN modify its fundamental bylaws to exclude the grant program from mechanisms such as the Independent Review Process, which usually incurs high six-figure or seven-figure legal fees.

ICANN seemed to accept this recommendation — formally approving it in June last year — until ICANN 78, when the board approved a surprise U-turn on this so-called Recommendation 7.

The board said it was changing its mind because it had found “alternative ways” to achieve the same objective, “including ways that do not require modification to ICANN’s core Bylaws on accountability”. The resolution stated:

As a result, the Board is updating its action on Recommendation 7 to reflect that ICANN org should implement this Recommendation 7 directly through the use of applicant terms and conditions rather than through a change to ICANN’s Fundamental Bylaws.

This left some community members — and at least one ICANN director — scratching their heads. Sure, you might be able to ban grant applicants from using the IRP in the program’s terms and conditions, but that wouldn’t stop third parties such as an applicant’s competitors from filing an IRP and causing legal spaffery.

The board was well aware of these concerns when it passed the resolution last month. Directors pointed out in Hamburg that ICANN is still pursuing the bylaws amendment route, but has removed it as a dependency for the first grant round going ahead.

This left some community members nonplussed — it wasn’t clear whether ICANN planned to go ahead with the program ignoring community recommendations, or not. The reassuring words of directors didn’t seem to tally with the language of the resolution.

So the IPC took the initiative and unironically invoked an accountability mechanism — the RfR — to get ICANN to change its mind again. I gather the request was filed as a precaution within the 30-day filing window due to the lack of clarity on ICANN’s direction.

The RfR states:

the impetus behind the Bylaws change was to prevent anyone from challenging grant decisions, including challenges from parties not in contractual privity with ICANN. The Board’s hasty solution would only prevent contracting grant applicants from challenging decisions; it would not in any way affect challenges by anyone else – including anyone who wished to challenge the award of a grant. The grant program could be tied in knots by disgruntled parties, competitive organizations or anyone else who wished to delay or prevent ICANN from carrying out any decision to grant funds. This is exactly what the CCWG-AP sought to prevent

The IPC says that by bypassing the bylaws amendment process, which involves community consent, the ICANN board is basically giving itself the unilateral right to turn off its bylaws-mandated accountability mechanisms when it sees fit. A power grab.

It wants the Hamburg resolution reversed.

Discussing the RfR a few days before it was filed, other members of the GNSO Council suggested that their constituencies might sign on as fellow complainants if and when it is amended.

RfRs are handled by ICANN’s Board Accountability Mechanisms Committee, which does not currently have a publicly scheduled upcoming meeting.

You can’t appeal a UDRP appeal, ICANN Ombudsman says

ICANN’s independent Ombudsman has called an Indian vaccine maker’s second Request for Reconsideration over a failed UDRP case a “misuse” of the Org’s appeals process.

Zydus Lifesciences lost its UDRP over the domain zydus.com earlier this year, with a finding of Reverse Domain Name Hijacking, then used the RfR process to try to get ICANN’s board of directors to overturn the WIPO decision.

The Board Accountability Mechanisms Committee dismissed the complaint because Reconsideration is designed for challenging ICANN’s actions and WIPO is not ICANN.

Zydus immediately filed a second RfR, calling WIPO “an extension of ICANN itself” and that BAMC’s inaction on the first RfR meant the case was now subject to the board’s jurisdiction.

In a rare intervention, Ombudsman Herb Waye poo-poos that notion, writing: “Decisions by the WIPO Panel in a domain name dispute are not sufficient basis for an RfR (hence the BAMC had no ‘jurisdiction’ other than the jurisdiction necessary to dismiss the Request).”

I feel that [the second RfR] has placed the BAMC in the awkward position of policing itself; hence perhaps, its hesitancy to summarily dismiss a Request concerning its own actions. A clear attempt by the requestor to appeal the decision in [the first RfR]. An unfortunate situation that, to me, amounts to misuse of this accountability mechanism.

He concluded that for the BAMC to consider the complaint would be a “waste of resources” and that it should be dismissed.

Zydus will still be able to appeal the UDRP in court, but that of course will be much more expensive.

ICANN throws out prostitution complaint

ICANN has rejected a complaint from a man about a web site apparently offering prostitution services.

As I reported last month, the American had filed a Request for Reconsideration with ICANN’s board of directors after his complaints to Compliance about Namecheap were rejected.

He’s unhappy that US-based Namecheap won’t take down the domain adultsearch.com, which operates as a marketplace for sex workers, many of whom are offering services that may well be illegal in most parts of the US.

But ICANN’s Board Governance Committee rejected the complaint (pdf) for lack of standing.

While the ruling is procedural, rather than substantive, the BGC does spend quite a lot of time tying itself in knots to show that while the complainant may well believe prostitution is harmful to society in general, he failed to state how he, specifically, had been harmed.

The decision also directly references the part of the request the requester has specifically asked to be redacted (but was not).

Covid vaccine maker takes RDNH loss to ICANN board

An Indian pharmaceuticals firm with a $2 billion turnover has complained at the highest level of ICANN after it was handed a Reverse Domain Name Hijacking decision over the .com matching its company name.

Zydus Lifesciences, which produces mainly generic drugs but last year earned government approval to manufacture a Covid-19 vaccine, says a UDRP panel “exhibited extreme bias” when it threw out its UDRP complaint against the owner of zydus.com last month.

The company had claimed the anonymous registrant was cybersquatting, but the WIPO panel instead found RDNH.

The panel was not convinced that the registrant should have been aware of Zydus’ existence when he registered the name in 2004, and said his use of the name — which it characterized as a fanciful five-letter generic — to redirect to various affiliate marketing sites was not “bad faith”.

But now Zydus is claiming that the panel ignored evidence that it was already a very large company, with a $110 million turnover, at the time of registration, and says the UDRP decision shows evidence of bias against developing-world companies. The latter card is played pretty hard.

I believe this is only the second time that a UDRP decision has been challenged with a formal Request for Reconsideration with the ICANN board of directors, and there’s a pretty good chance it will be summarily dismissed like the first one.

Zydus will probably have to sue, or pay up.

ICANN throws out another challenge to the Donuts-Afilias deal

ICANN is set to reject a plea for it to reconsider its decision to allow Donuts to buy Afilias last December.

Its Board Accountability Mechanisms Committee recently threw out a Request for Reconsideration filed by Dot Hotel and Domain Venture Partners, part of a multi-pronged assault on the outcome of the .hotel gTLD contention set.

The RfR was “summarily dismissed”, an infrequently used way of disposing of such requests without considering their merits. BAMC concluded that the requestors had failed to sufficiently state how they’d been harmed by ICANN’s decision, and therefore lacked standing.

The requestors, both applicants for .hotel, had said that they were harmed by the fact that Donuts now owns two applications for .hotel — its own open, commercial one and Afilias’ successful community-based one.

It also said that ICANN’s seemingly deliberate opacity when it came to approving the deal broke its bylaws and sowed confusion and risk in the registry industry.

At some point before the December 17 board meeting that approved the acquisition, ICANN staff briefed the board on its decision to approve the deal, but no formal resolution was passed.

By exploiting this loophole, it’s not clear whether the board actually voted on the deal, and ICANN was not obliged by its bylaws to publish a rationale for the decision.

But BAMC, acting on the advice of ICANN’s lawyers, decided (pdf) that the statements of alleged harm were too vague or seemed to rely on potential future harms.

DVP and Dot Hotel are also party to a lawsuit and an Independent Review Process case against ICANN related to .hotel.

A Documentary Information Disclosure Request related to the Afilias acquisition was also thrown out in March.

BAMC’s dismissal will be rubber-stamped by ICANN’s full board at a later date.

Rival wants the truth about the Afilias-Donuts deal amid “collusion” claims

Portfolio gTLD investor Domain Venture Partners wants ICANN to fully explain its decision to approve Donuts’ acquisition of Afilias, claiming the deal gives the combined company an unfair advantage in the long-running battle for the .hotel gTLD.

DVP has filed a formal Request for Reconsideration with ICANN, tearing it a new one for seemingly going out of its way to avoid its transparency obligations when it came to the December approval of the acquisition.

ICANN’s board of directors had been scheduled to discuss the mega-deal at a special meeting December 17, but instead it carried out these talks off-the-books, in such a way as to avoid bylaws rules requiring it to publish a rationale and meeting minutes.

As I noted recently, it was the second time in 2020 (after the Ethos-PIR deal) the board resorted to this tactic to avoid publicly stating why it was approving or rejecting a large M&A transaction.

DVP notes the contrast with the Ethos-PIR proposal, which endured months of public scrutiny and feedback, adding in its RfR:

Why did the ICANN Board have a Special Meeting on this topic? Why did they not publish or otherwise identify a single background fact or point of discussion from the Special Meeting? Why did they not identify a single source of evidence or advice relied upon in coming to the decision? Why have they refused to provide even the slightest hint as to anything they considered or any reason why they came to their decision? How did they vote, was there any dissent? Nobody knows, because ICANN has kept all that secret.

The company argues that all this secrecy leaves itself and other registries at a loss to predict what might happen should they be involved in future acquisitions, particularly given the allegedly anti-bylaws “discriminatory” treatment between PIR on the one hand and Afilias on the other.

DVP stops short of asking for ICANN to overturn its decision to permit the acquisition — it would be moot anyway, as the deal has already closed — but it does demand that ICANN:

Provide complete, published rationale for the Resolution of Dec. 17, 2020 to essentially approve the Afilias acquisition of Donuts, including identification of all materials relied upon by the Board and/or Staff in evaluating the transaction, publication of all communications between Board, Staff and/or outside advisors relating to the transaction, and publication of all communications regarding the transaction between ICANN on the one hand, and Afilias, Donuts and/or Ethos Capital on the other hand.

Develop, implement, publish and report results of a clear policy as to what registry combination transactions will be approved or rejected, including clearly defined criteria to be assessed — and clearly defined process to assess that criteria – as to each and every future proposed transaction.

It’s interesting that nobody has filed a Documentary Information Disclosure Policy request for this information yet.

But it’s not all just about transparency for DVP. Its big concern appears to be its application for .hotel, which is in one of the few new gTLD contention sets still not resolved almost a decade after the 2012 application round.

DVP is the Gibraltar investment vehicle that controls the 16 new gTLDs that were formerly managed by Famous Four Media and are now managed by GRS Domains (which I believe is owned by PricewaterhouseCoopers). Dot Hotel Limited is one of its application shells.

Donuts is now in possession of two competing .hotel applications — its own, which is for an open, unrestricted space gTLD, and the Afilias-owned HTLD application, which is for a restricted Community-based space.

Back in 2014, HTLD won a Community Evaluation Process, which should have enabled it to skip a potentially expensive auction with its rival bidders and go straight to contracting and delegation.

But its competing applicants, including DVP and Donuts, challenged the CPE’s legitimacy with an Independent Review Process appeal.

To cut a long story short, they lost the IRP but carried on delaying the contention set and came back with a second IRP (this one not including Donuts as a complainant), which involves claims of “hacking”, one year ago.

The contention set is currently frozen, but DVP thinks Donuts owning two applications is a problem:

Donuts now owns or controls both that Community Application, and another pending standard application in the contention set for .hotel. There is no provision in the Applicant Guidebook for applicants to own more than one application for the same gTLD string. It certainly indicates collusion among applicants within a contention set, since two of them are owned by the same master.

…

DVP is concerned that Donuts may have no intention of honoring those Community commitments, and instead intends to operate an open registry.

DVP wants ICaNN to publish a rationale for why it’s allowing Donuts to own two applications for the same TLD.

It also wants ICANN to either force Donuts to cancel its HTLD application — which would likely lead to a .hotel auction among the remaining applicants, with the winning bid flowing to either ICANN or the losing applicants — or force it to stick to its Community designation commitments after launch, which isn’t really Donuts’ usual business model.

RfRs are usually resolved by ICANN’s lawyers Board Accountability Mechanisms Committee in a matter of weeks, and are rarely successful.

ICANN ordered to freeze .hotel after “serious questions” about trade secrets “theft”

ICANN has been instructed to place the proposed .hotel gTLD in limbo after four applicants for the string raised “sufficiently serious questions” that ICANN may have whitewashed the “theft” of trade secrets.

The order was handed down last month by the emergency panelist in the Independent Review Process case against ICANN by claimants Fegistry, MMX, Radix and Domain Ventures Partners.

Christopher Gibson told ICANN to “maintain the status quo” with regards the .hotel contention set, meaning currently winning applicant Hotel Top Level Domain, which is now owned by Afilias, won’t get contracted or delegated until the IRP is resolved.

At the core of the decision (pdf) is Gibson’s view that the claimants raised “sufficiently serious questions related to the merits” in allegations that ICANN mishandled and acted less than transparently in its investigation into a series of data breaches several years ago.

You may recall that ICANN seriously screwed up its new gTLD application portal, configuring in such a way that any applicant was able to search for and view the confidential data, including financial information such as revenue projections, of any other competing applicant.

Basically, ICANN was accidentally publishing applicants’ trade secrets on its web site for years.

ICANN discovered the glitch in 2015 and conducted an audit, which initially fingered Dirk Krischenowski — who at time was the half-owner of a company that owned almost half of HTLD as well as a lead consultant on the bid — as the person who appeared to have accessed the vast majority of the confidential data in March and April 2014.

ICANN did not initially go public with his identity, but it did inform the affected applicants and I managed to get a copy of the email, which said he’d downloaded about 200 records he shouldn’t have been able to access.

It later came to light that Krischenowski was not the only HTLD employee to use the misconfiguration to access data — according to ICANN, then-CEO of HTLD Katrin Ohlmer and lawyer Oliver Süme had too.

HTLD execs have always denied any wrongdoing, and as far as I know there’s never been any action against them in the proper courts. Krischenowski has maintained that he had no idea the portal was glitched, and he was using it in good faith.

Also, neither Ohlmer nor Krischenowski are still involved with HTLD, having been bought out by Afilias after the hacking claims emerged.

These claims of trade secret “theft” are being raised again now because the losing .hotel applicants think ICANN screwed up its probe and basically tried to make it go away out of embarrassment.

Back in August 2016, the ICANN board decided that demands to cancel the HTLD application were “not warranted”. Ohlmer barely gets a mention in the resolution’s rationale.

The losing applicants challenged this decision in a Request for Reconsideration in 2016, known as Request 16-11 (pdf). In that request, they argued that the ICANN board had basically ignored Ohlmer’s role.

Request 16-11 was finally rejected by the ICANN board in January last year, with the board saying it had in fact considered Ohlmer when making its decision.

But the IRP claimants now point to a baffling part of ICANN’s rationale for doing so: that it found “no evidence that any of the confidential information that Ms. Ohlmer (or Mr. Krischenowski) improperly accessed was provided to HTLD”.

In other words, ICANN said that the CEO of the company did not provide the information that she had obtained to the company of which she was CEO. Clear?

Another reason for brushing off the hacking claims has been that HTLD could have seen no benefit during the application process by having access to its rivals’ confidential data.

HTLD won the contention set, avoiding the need for an auction, in a Community Priority Evaluation. ICANN says the CPE was wholly based on information provided in its 2012 application, so any data obtained in 2014 would have been worthless.

But the losing applicants say that doesn’t matter, as HTLD/Afilias still have access to their trade secrets, which could make the company a more effective competitor should .hotel be delegated.

This all seems to have been important to Gibson’s determination. He wrote in his emergency ruling (pdf) last month:

The Emergency Panelist determines that Claimants have raised “sufficiently serious questions related to the merits” in in relation to the Board’s denial of Request 16-11, with respect to the allegations concerning the Portal Configuration issues in Request 16-11. This conclusion is made on the basis of all of the above information, and in view of Claimants’ IRP Request claim that ICANN subverted the investigation into HTLD’s alleged theft of trade secrets. In particular, Claimants claim that ICANN refused to produce key information underlying its reported conclusions in the investigation; that it violated the duty of transparency by withholding that information; that the Board’s action to ignore relevant facts and law was a violation of Bylaws; and further, to extent the BAMC and/or Board failed to have such information before deciding to disregard HTLD’s alleged breach, that violated their duty of due diligence upon reasonable investigation, and duty of independent judgment.

The Emergency Panelist echoes concerns that were raised initially by the Despegar IRP Panel regarding the Portal Configuration issues, where that Panel found that “serious allegations” had been made188 and referenced Article III(1) of ICANN’s Bylaws in effect at that time, but declined to make a finding on those issues, indicating “that it should remain open to be considered at a future IRP should one be commenced in respect of this issue.” Since that time, ICANN conducted an internal investigation of the Portal Configuration issues, as noted above; however, the alleged lack of disclosure, as well as certain inconsistencies in the decisions of the BAMC and the Board regarding the persons to whom the confidential information was disclosed and their relationship to, or position with HTLD, as well as ICANN’s decision to ultimately rely on a “no harm no foul” rationale when deciding to permit the HTLD application to proceed, all raise sufficiently serious questions related to the merits of whether the Board breached ICANN’s Article, Bylaws or other polices and commitments.

It’s important to note that this is not a final ruling that ICANN did anything wrong, it’s basically the ICANN equivalent of a ruling on a preliminary injunction and Gibson is saying the claimants’ allegations are worthy of further inquiry.

And the ruling did not go entirely the way of the claimants. Gibson in fact ruled against them on most of their demands.

For example, he said their was insufficient evidence to revisit claims that a review of the CPE process carried out by FTI Consulting was a whitewash, and he refused to order ICANN to preserve documentation relating to the case (though ICANN has said it will do so anyway).

He also ruled against the claimants on a few procedural issues, such as their demands for an Ombudsman review and for IRP administrator the International Center for Dispute Resolution to recuse itself.

Some of their claims were also time-barred under ICANN’s equivalent of the statute of limitations.

But ICANN will be prevented from contracting with HTLD/Afilias for now, which is a key strategic win.

ICANN reckons the claimants are just using the IRP to try to force deep-pocketed Afilias into a private auction they can be paid to lose, and I don’t doubt there’s more than a grain of truth in that claim.

But if it exposes another ICANN cover-up in the process, I for one can live with that.

The case continues…

ICANN throws out “Ugly Houses” UDRP appeal

ICANN has rejected an unprecedented attempt to get a UDRP decision overturned using the Reconsideration process.

The Board Accountability Mechanisms Committee late last week summarily dismissed a Request for Reconsideration filed by a group called the Emily Rose Trust.

Emily Rose had lost a UDRP case in May concerning the domain name uglyhousesri.com, which it had been using for the last couple of years to run a home renovation-and-resale service in Rhode Island.

The complainant was a company called HomeVestors, which has been running a near-identical service called We Buy Ugly Houses (a phrase it has trademarked) for substantially longer.

The National Arbitration Forum panelist had decided that the domain was confusingly similar to the mark, and that the similarity of the services constituted bad faith use.

In filing the rather poorly-written RfR, Emily Rose argued among other things that “Ugly Houses” is a generic term not protected by the mark.

But ICANN did not consider the merits of its request, instead rejecting the RfR for being outside the scope of the process.

The BAMC said that UDRP decisions do not involved the action or inaction of the ICANN board or staff, and are therefore not subject to board Reconsideration.

While UDRP decisions are often contested in court, this RfR makes it clear that ICANN is not an avenue for appeal in individual cases.

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.
The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.
It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.
The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).
The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.
There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.
This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.
There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.
HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.
CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.
Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.
There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.
Naturally, the remaining applicants were not happy about this, and started to fight back.
The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.
That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.
The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.
Guess what? That got rejected too.
So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.
The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.
While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.
ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.
Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.
Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”
The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.
When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.
The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.
But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.
Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.
Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.
And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.
A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.
A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.
In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.
The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.
It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.
This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.
It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.
FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.
They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.
The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.
It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.
The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”
“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.
“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.
ICANN is yet to file its response to the complaint.
Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.
Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.
The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.
ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.
The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.
With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

ASO uses super powers to demand ICANN turn over .org buyout docs

In an unprecedented move, ICANN’s Address Supporting Organization has exercised its special powers to demand ICANN hand over documents relating to the Ethos Capital acquisition of .org’s Public Interest Registry.
There’s a possibility, however small, that this could be the first shot in a war that could see the PIR acquisition scrapped.
Fair warning, this story is going to get pretty nerdy, which may not be compatible with the fuzzy-headedness that usually accompanies the first working day of the year. We’re heading into the overgrown weeds of the ICANN bylaws here, for which I apologize in advance.
The ASO — the arm of the ICANN community concerned with IP address policy — has asked ICANN Org for access to records concerning the $1.135 billion acquisition of PIR, which has attracted lots of criticism from non-profits, domainers and others since it was announced.
It’s unprecedented, and of interest to ICANN watchers, for a few reasons.
First, this is the ASO making the request. The ASO comprises the five Regional Internet Registries, the bodies responsible for handing out chunks of IP address space to ISPs around the world. It doesn’t normally get involved in policy related to domain names such as .org.
Second, it’s invoking an hitherto untested part of ICANN’s new bylaws that allows the certain community entities that make up the “Empowered Community” to make “Inspection Requests” of ICANN Org.
Third, and perhaps most importantly, there’s a hint of a threat that the ASO and other members of the EC may use their extraordinary powers to attempt to prevent the PIR acquisition from going ahead.
Before we unpick all of this, this is what the ASO has sent to ICANN, according to its December 31 statement:

As a Decisional Participant in the Empowered Community and pursuant to ICANN Bylaws section 22.7, the ASO hereby submits this Inspection Request to inspect the records of ICANN, including minutes of the Board or any Board Committee, for the purpose of determining whether the ASO’s may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement. For this purpose, the ASO seeks to inspect any ICANN records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement, including the process by which input from the affected community will be obtained prior to ICANN’s consideration and potential approval of the assignment.

The Empowered Community is the entity that replaced the US government as ICANN’s primary overseer, following the IANA transition in late 2016.
Its members cover the breadth of the ICANN community, comprising the ASO, Generic Names Supporting Organization, Country Code Names Supporting Organization, Governmental Advisory Committee and At-Large Advisory Committee. Each member is a “Decisional Participant”.
Since the transition, its only real functions have been to approve appointments to the ICANN board of directors and to rubber-stamp the budget, but it does have some pretty powerful tools at its disposal, such as the nuclear ability to fire the entire board.
One of the powers enjoyed by each Decisional Participant, which has never been invoked publicly, is to make an Inspection Request — a demand to see ICANN’s accounts or documents related to the board’s decisions.
In this case, the ASO wants “records which pertain to or provide relevant insight to the process by which ICANN will consider (and potentially approve) the assignment of the .org Registry Agreement”.
But will it get this information? It seems the Inspection Request bylaw is a little bit like ICANN’s longstanding freedom-of-information commitment, the Documentary Information Disclosure Policy, with some key differences that arguably make the IR process less transparent.
Like DIDP, the IR process gives ICANN Org a whole buffet of rejection criteria to choose from. It can refuse requests for reasons of confidentiality or legal privilege, for example, or if it thinks the request is overly broad.
It can also reject a request if “is motivated by a Decisional Participant’s financial, commercial or political interests, or those of one or more of its constituents”, which makes the fact that this request is coming from the ASO particularly interesting.
If the GAC or the GNSO or the ccNSO, or even the ALAC, had made the request, ICANN could quite reasonably have thrown it out on the basis of “commercial or political interests”.
That’s not the case with the ASO, which makes me wonder (aloud, it seems) whether the ASO had received any nudges from other members of the EC before filing the request.
Inspection Requests also differ from DIDP in that any documents that are turned over are not necessarily published, and ICANN can also force the Decisional Participant to file a non-disclosure agreement covering their contents.
ICANN can even demand that an ASO member shows up at its Los Angeles headquarters in person to read (and, if they want, copy) the docs in question.
In short, ICANN has a lot of wriggle room to refuse or frustrate the ASO’s request, and it has a track record of not being particularly receptive to these kinds of demands.
The grey-hairs out there will recall that Karl Auerbach, one of its own directors, was forced to sue the organization back in 2002, just in order to have a look at its books.
But what’s perhaps most tantalizing about the ASO’s request is its excuse for wanting to inspect the documents in question.
It says it need the info “for the purpose of determining whether the ASO’s [sic] may have need to use its empowered community powers in the near future relating to the potential assignment of the .org Registry Agreement”.
One way of interpreting this is that the ASO needed to state a reason for its request and this is pretty much all it’s got.
But what powers does the Empowered Community have that could potentially cover the acquisition of PIR by Ethos? It certainly does not have the power to directly approve or reject the transfer of control of a gTLD contract.
The EC has nine bulleted powers in the ICANN bylaws. Some of them are explicitly about things like budgets and bylaws amendments, which could not possibly come into play here. I reckon only four could feasibly apply:

(i) Appoint and remove individual Directors (other than the President);
(ii) Recall the entire Board;
…
(viii) Initiate a Community Reconsideration Request, mediation or a Community IRP; and
(ix) Take necessary and appropriate action to enforce its powers and rights, including through the community mechanism contained in Annex D or an action filed in a court of competent jurisdiction.

Short of lawyering up or having the entire board taken out and shot, it seems like the most likely power that could be invoked at first would be the Community Reconsideration Request.
Judging by the bylaws, this is virtually identical to the normal Request for Reconsideration process, a process which very rarely results in ICANN actually reconsidering its decisions.
The major difference is that at least three of the five members of the Empowered Community has to vote in favor of filing such a request, and no more than one may object.
If they manage to muster up this consent — which could take many weeks — the fact that the reconsideration request comes from the “Community” rather than a single entity appears to make substantially no difference to how it is rejected considered by ICANN.
Threatening ICANN with a Community Reconsideration Request is a little like threatening to jump through an increasingly narrow series of hoops, only to find the last one leads into a pit filled with ICANN lawyers with laser beams attached to their heads.
A Community Independent Review Process, however, is a different kettle of snakes.
It’s substantially the same as a regular IRP — where ICANN’s fate is decided by a panel of three retired judges — except ICANN has to pay the complainant’s legal fees as well as its own.
ICANN’s track record with IRPs is not fantastic. It can and does lose them fairly regularly.
Could the ASO’s letter be the first portent of a community-led IRP bubbling up behind the scenes? Could such a move delay the PIR acquisition, putting Ethos’ plan for a profit-driven, price-raising .org on hold for a year or two? It’s certainly not impossible.