Latest news of the domain name industry

Recent Posts

VeriSign yanks domain seizure power request

Kevin Murphy, October 13, 2011, Domain Registries

That was quick.

VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.

The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.

The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.

But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.

This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.

Both came in for criticism, and have not reappeared.

Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.

VeriSign’s .com takedown power grab causing controversy

Kevin Murphy, October 11, 2011, Domain Policy

VeriSign’s request for a wide-ranging set of powers that would enable it to shut down .com and .net domain names that are suspected of abuse is already attracting criticism.

The proposals came in a Registry Services Evaluation Process request to ICANN that I reported on for The Register this morning.

It’s asking (pdf) to be able to create a new anti-abuse policy that would refocus many of the controls currently in the hands of registrars to the registry level instead.

The policy would “allow the denial, cancellation or transfer” of any VeriSign-managed domain if any any of these conditions were triggered:

(a) to protect the integrity, security and stability of the DNS;

(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;

(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;

(d) per the terms of the registration agreement,

(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),

(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),

(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or

(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;

As you can see, that’s a pretty broad range of justifications.

Notably, it would enable a domain to be canceled or transferred at the “requests of law enforcement or other governmental or quasi-governmental agency”, which would seem to circumvent the current practice of a court order being obtained before a domain is seized.

The question of what constitutes a “quasi-governmental agency” is also interesting. Is ICANN itself such a thing?

The policy would also enable a take-down “to avoid any liability, civil or criminal”, which seems to be just begging for VeriSign to be named spuriously in commercial lawsuits between .com registrants.

The RSEP also suggests that VeriSign plans to extend its hand of friendship to law enforcement agencies from outside the US:

Pilots with European Law Enforcement, Government CERTS and Registrars are planned, and other global test pilots will follow, to ensure global collaboration in the continuing development of the procedures.

Today, US agencies can get court orders instructing VeriSign to hand over domains. While imposing US law on .com owners from other countries is controversial, at least overseas registrants know where they stand.

Now VeriSign is talking about cooperating with European law enforcement agencies too.

At the risk of getting dangerously close to invoking Godwin’s Law, this brings us back to an old jurisdictional problem – what if the French police demand the seizure of a .com site selling Nazi memorabilia, which is illegal in France but legal in the US, for example?

Taking it a step further, what if VeriSign starts entertaining takedown requests from some of the world’s least pleasant theocracies, banana republics and dictatorships?

Half of .com could disappear overnight.

Since VeriSign has a business to run, that’s obviously not going to happen. So the company is going to have to draw a line somewhere, separating criminality from legitimate behavior and free speech.

I’m speculating wildly here, of course, but the RSEP doesn’t contain nearly enough detailed information about VeriSign’s proposed procedures to make a more informed analysis.

VeriSign knows what it is proposing is controversial. The RSEP says:

Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone.

The proposals have been made following many months of discussions between registries, registrars, law enforcement agencies and other community stakeholders.

It’s not entirely clear from VeriSign’s RSEP, which sometimes confusingly conflates the abuse policy with a separate proposed malware scanning service, how a takedown notice would be processed.

One likely reading is that VeriSign would act almost like a centralized clearinghouse for takedown requests, forwarding them to individual registrars for enforcement.

The registrars could be obliged by the terms of an amended Registry-Registrar Agreement to follow whatever process had been laid down.

There seems to be some concern in the ICANN community about this.

ICANN senior VP of stakeholder relations Kurt Pritz recently sent a document to PIR’s David Maher and Oversee.net’s Mason Cole outlining the procedure for amending the RRA.

The flowchart (pdf) describes a trilateral negotiation between the registry proposing the change, the Registrars Stakeholder Group and ICANN, with the ICANN board having the ultimate decision-making authority.

However this proceeds through ICANN, it’s going to cause some heated community debate.

Registry objects to .jobs shutdown threat

Employ Media will appeal ICANN’s threatened termination of its .jobs registry contract.

The company released a statement (pdf) late yesterday, following ICANN’s unprecedented threat, in which it said ICANN’s claims are “utterly without merit”.

“We view the substance of this notice to be a surprising reversal of position and contradictory to prior decisions issued by its Board of Directors,” the company said.

ICANN yesterday gave Employ Media until the end of the month to cancel its agreement to provide 40,000 .jobs domains to the DirectEmployers Association for its Universe.jobs employment board.

The organization said the allocation of the domains for non-human-resources purposes went against the letter, spirit and intent of the registry’s contract and Charter.

It essentially boils down to a claim that Employ Media hacked its contract to allow it to start making money on names beyond the limited scope of its original “sponsored” community TLD.

The .jobs TLD was originally pitched as a space for corporate HR pages, not independent jobs sites. With Universe.jobs, half of the namespace is an independent jobs site. Employ Media is believed to have a revenue-sharing arrangement with DirectEmployers.

The ICANN breach notice was welcomed by the .JOBS Charter Compliance Coalition, the ad hoc trade group formed by major commercial jobs sites to fight Universe.jobs.

Peter Weddle, executive director of the International Association of Employment Web Sites, said in a press release:

the Dot Jobs Universe was not an innovation but rather an unprecedented attempt by a registry operator to misappropriate an entire TLD for itself and its alliance partner in blatant disregard of ICANN’s rules.

Employ Media disagrees, of course, saying that Universe.jobs came about as a result of its “Phased Allocation” liberalization plan, which was approved by ICANN’s Registry Services Evaluation Process and then survived a Reconsideration Request filed by the Coalition.

The company said: “it is imperative for registry operators to have predictability in the performance of duties and that ICANN has a responsibility to honor its commitments with contracted parties.”

Its registry contract contains a dispute resolution procedure that first calls for bilateral talks and, failing agreement, arbitration via the International Chamber of Commerce.

ICANN threatens to shut down .jobs

Kevin Murphy, February 28, 2011, Domain Registries

In an unprecedented move, ICANN has threatened to cancel a top-level domain registry operator’s contract.

Employ Media, the .jobs registry, faces losing its TLD if it does not shut down Universe.jobs, the controversial jobs board operated by its partner, the DirectEmployers Association.

In a letter to the company (pdf), ICANN general counsel John Jeffrey wrote:

By not establishing any meaningful restrictions on who may register second level registrations in the .JOBS TLD, Employ Media put in operation a TLD where anyone can register names, thus defeating the purpose for which the sponsored TLD came into existence.

We are calling on Employ Media to take immediate actions to implement restricted registration policies that support the purpose for which the .JOBS top-level domain was established, and to cancel registrations and/or disavow themselves of the benefits of any registrations that are owned by related parties, if any.

The move comes following a complaint filed by the so-called .JOBS Charter Compliance Coalition, made up of jobs board such as Monster.com and CollegeRecruiter.com.

They’re annoyed that the registry licensed 40,000 premium geographic and vocational .jobs domains to DirectEmployers for Universe.jobs, which has started to compete with them.

Jeffrey wrote:

It appears that Employ Media and SHRM, through the Direct Employers Association, intend to use the .JOBS TLD primarily to compete with other internet job boards. Such use is inconsistent with the purpose stated in the .JOBS Charter and represented to the ICANN community.

The deal came as a result of a change to the .jobs registry contract, made through ICANN’s Registry Services Evaluation Process, that allowed Employ Media to lift a rule that restricted registered domain names only to the names of companies.

What the RSEP didn’t do was change the .jobs Charter, which restricts “who” may register .jobs domains. Yet, weirdly, the Charter is partly the basis for ICANN’s threat.

Jeffrey refers to the Charter restrictions, which are easily circumvented, as “specious” and “do not serve the international human resource management community”.

This is the Charter that ICANN approved back in 2005, and which hasn’t changed since, remember.

To come back into compliance, ICANN wants Employ Media to shut down Universe.jobs and get back to selling company-name registrations.

I think it’s likely Employ Media will appeal, possibly by taking the case to arbitration, as its contract allows.

ICANN to tackle Trojan TLDs

Kevin Murphy, December 22, 2010, Domain Registries

When failing community-based top-level domain registries attempt to change their business models, ICANN may in future have a new way of dealing with them.

That seems to be a possible result of Employ Media’s controversial .jobs liberalization plans and the subsequent Reconsideration Request, which I blogged about last week.

The .jobs reconsideration revealed that not only are Reconsideration Requests a rubbish way to appeal ICANN’s decisions, but also that the Registry Services Evaluation Process is often a rubbish way to handle major contract changes.

The RSEP was introduced back in 2005 in belated response to a couple of controversial “services” that VeriSign, testing boundaries, had planned to unilaterally introduce in the .com registry, notably Site Finder and the Waiting List Service.

But since then the process has been used as a general-purpose tool for requesting changes to registry contracts, even when it’s debatable whether the changes fit the definition of “registry services”.

For example, when .jobs launched five years ago, it was put into Employ Media’s contract that the TLD was designed for companies to register their brands and list their jobs, and that’s all.

But that model didn’t work. It’s one of the least successful TLDs out there.

So the registry decided it could make more money with general purpose jobs boards, using generic .jobs domains. But it did not necessarily want to let existing independent jobs sites take part.

For want of a better term, I’ll call this an example of a “Trojan” TLD – a registry that gets its attractive TLD string approved by ICANN after making a certain set of promises, then later decides to move the goal posts to broaden its market, potentially disenfranchising others.

I’ve no reason to believe it was a premeditated strategy in Employ Media’s case, but precedent has now been set for future TLD applicants to use “community” as a foot in the door for broader aspirations.

To take a stupid, extreme, unrealistic example, imagine that ICM Registry’s .xxx flops badly. Should the company be allowed to start selling all the good .xxx domains to churches and other anti-porn campaigners? That would be a pretty big departure from its promises.

There were similar concerns, although not nearly as loudly expressed, with regards to Telnic’s recent contract changes, which will allow it to start registering phone number domain names in .tel, despite years of promises that it would not.

Go Daddy’s policy chief Tim Ruiz objected to the proposal on the grounds that it would be “unfair to other [.tel] applicants and potential applicants to allow an sTLD to change its purpose after the fact.”

The ICANN Board Governance Committee, which handles Reconsideration Requests, acknowledged these problems in its decision on .jobs in Cartagena (pdf), concluding that it:

thinks that the Board should address the need for a process to evaluate amendments that may have the effect of changing, or seeking to change, an sTLD Charter or Stated Purpose of a sponsored, restricted or community-based TLD.

The BGC seems to be saying that the RSEP is not up to the task of dealing with community-based TLDs that later decide their business plans are not the money-spinners they had hoped and want to loosen up their agreed community restrictions.

The committee went on to say that:

Because such a process may impact gTLDs greatly and is a policy issue, the GNSO is the natural starting point for evaluating such a process. We therefore further recommend that the Board direct the CEO to create a briefing paper for the GNSO to consider on this matter, and for the GNSO to determine whether a policy development process should be commenced.

So the GNSO will soon have to decide whether new policies are needed to deal with broad contract changes at failing community TLDs.

Any new policies would, I believe, be binding on community TLDs approved under the new gTLD program as well as older sTLDs, so it will be an interesting policy track to follow.