Latest news of the domain name industry

Recent Posts

Former NTIA chief Redl now working for Amazon

Kevin Murphy, November 6, 2019, Domain Policy

David Redl, the former head of the US National Telecommunications and Information Administration has joined Amazon as an internet governance advisor, I’ve learned.

I don’t know whether he’s taken a full-time job or is a contractor, but he’s been spotted palling around with Amazon folk at ICANN 66 in Montreal and knowledgeable sources tell me he’s definitely on the payroll.

Redl was assistant secretary at the NTIA until May, when he was reportedly asked to resign over a wireless spectrum issue unrelated to the domain names after just 18 months on the job.

His private sector career prior to NTIA was in the wireless space. I don’t believe he’s ever been employed in the domain industry before.

NTIA is of course the US agency responsible for participating in all matters ICANN, including the ongoing fight over Amazon’s application for the .amazon brand gTLD.

The proposed dot-brand has been in limbo for many years due to the objections of the eight nations of the Amazon Cooperation Treaty Organization, which claims cultural rights to the string.

ACTO nations on ICANN’s Governmental Advisory Committee want ICANN to force Amazon back to the negotiating table, to give them more power over the TLD after it launches.

But the NTIA rep on the GAC indicated at the weekend that the US would block any GAC calls for .amazon to be delayed any longer.

As I type these words, the GAC is debating precisely what it should say to ICANN regarding .amazon in its Montreal communique, using competing draft texts submitted by the US and European Commission, and it’s not looking great for ACTO.

As I blogged earlier in the week, another NTIA official, former GAC rep Ashley Heineman, has accepted a job at GoDaddy.

UPDATE: As a commenter points out, Redl last year criticized the revolving door between ICANN and the domain name industry, shortly after Akram Atallah joined Donuts.

America has Amazon’s back in gTLD fight at ICANN 66

Kevin Murphy, November 3, 2019, Domain Policy

The United States looks set to stand in the way of government attempts to further delay Amazon’s application for .amazon.

The US Governmental Advisory Committee representative, Vernita Harris, said today that the US “does not support further GAC advice on the .amazon issue” and that ICANN is well within its rights to move forward with Amazon’s controversial gTLD applications.

She spoke after a lengthy intervention from Brazilian rep Ambassador Achilles Zaluar Neto, who said South American nations view the contested string as their “birthright” and said ICANN is allowing Amazon “to run roughshod over the concerns and the cultural heritage of eight nations and tens of millions of people”.

It was the opening exchange in would could prove to be a fractious war of words at ICANN 66 in Montreal, which formally opens tomorrow.

The .amazon applications have been controversial because the eight countries in the Amazon Cooperation Treaty Organization believe their unwritten cultural rights to the word outweigh Amazon’s trademark rights.

Forced to the negotiating table by ICANN last year, the two sides each posed their own sets of ideas about how the gTLD could be managed in such a way as to protect culturally sensitive terms at the second-level, and taking ACTO’s views into account.

But an ICANN-imposed deadline for talks to conclude in April was missed, largely as a result of the ongoing Venezuela crisis, which caused friction between the ACTO governments.

But today, Brazil said that ACTO is ready and willing to get back to the negotiating table asked that ICANN reopen these talks with an impartial mediator at the helm.

As things stand, Amazon is poised to get .amazon approved with a bunch of Public Interest Commitments in its registry contract that were written by Amazon without ACTO’s input.

Neto said that he believed a “win-win” deal could be found, which “would provide a positive impetus for internet governance instead of discrediting it”. He threatened to raise the issue at the Internet Governance Forum next month.

ICANN’s failure to reopen talks “would set a bad precedent and reflect badly on the current state of internet governance, including its ability to establish a balance between private interests and public policy concerns”, he said

But the US rallied to Amazon’s defense. Harris said:

The United States does not support further GAC advice on the .amazon issue. Any further questions from the GAC to the Board on this matter we believe is unwarranted… We are unaware of any international consensus that recognizes inherent governmental rights and geographic names. Discussions regarding protections of geographic names is the responsibility of other forums and therefore should be discussed and those relevant and appropriate forums. Contrary to statements made by others, it is the position of the United States that the Board’s various decisions authorizing ICANN to move forward with processing the.application are consistent with all relevant GAC advice. The United States therefore does not support further intervention that effectively works to prevent or delay the delegation of .amazon and we believe we are not supportive and we do not believe that it’s required.

This is a bit of a reversal from the US position in 2013.

Back then, the GAC wanted to issue consensus advice that ICANN should reject .amazon, but the US, protecting one of its largest companies, stood in the way of full consensus until, in the wake of the Snowden revelations, the US decided instead to abstain, apparently to appease an increasingly angry Brazil.

It was that decision that opened the door to the six more years of legal wrangling and delay that .amazon has been subject to.

With the US statement today, it seems that the GAC will be unlikely to be able to issue strong, full-consensus advice that will delay .amazon further, when it drafts its Montreal communique later in the week.

The only other GAC member speaking today to support the US position was Israel, whose rep said “since it is an ongoing issue for seven years, we don’t believe that there is a need for further delay”.

Several government reps — from China, Switzerland, Portugal, Belgium and the European Commission — spoke in favor of Brazil’s view that ICANN should allow ACTO and Amazon back to the negotiating table.

The GAC is almost certain to say something about .amazon in its communique, due to drop Wednesday, but the ICANN board of directors does not currently have an Amazon-related item on its Montreal agenda.

UPDATE: The originally published version of this story incorrectly identified the US GAC representative as Ashley Heineman, who is listed on the GAC’s web site as the US representative. In fact, the speaker was Vernita Harris, acting associate administrator at the US National Telecommunications and Information Administration. Had I been watching the meeting, rather that just listening to it, this would have been readily apparent to me. My apologies to Ms Heineman and Ms Harris for the error.

Crunch time, again, for Whois access policy

Kevin Murphy, October 14, 2019, Domain Policy

Talks seeking to craft a new policy for allowing access to private Whois data have hit another nodal point, with the community now pressuring the ICANN board of directors for action.

The Whois working group has more or less decided that a centralized model for data access, with ICANN perhaps acting as a clearinghouse, is the best way forward, but it needs to know whether ICANN is prepared to take on this role and all the potential liabilities that come with it.

Acronym time! The group is known as the Whois EPDP WG (for Expedited Policy Development Process Working Group) and it’s come up with a rough Whois access framework it’s decided to call the Standardized System for Access and Disclosure (SSAD).

Its goal is to figure out a way to minimize the harms that Europe’s General Data Protection Regulation allegedly caused to law enforcement, IP owners, security researchers and others by hiding basically all gTLD registration data by default.

The SSAD, which is intended to be as automated as possible, is the working group’s proposed way of handling this.

The “hamburger model” the EPDP has come up with sees registries/registrars and data requestors as the top and bottom of the sandwich (or vice versa) with some yet-to-be-decided organizational patty filling acting as an interface between the two.

The patty would handle access control for the data requests and be responsible for credentialing requestors. It could either be ICANN acting alone, or ICANN coordinating several different interface bodies (the likes of WIPO have been suggested).

Should the burger be made only of mashed-up cow eyelids, or should it incorporate the eyelids of other species too? That’s now the question that ICANN’s board is essentially being posed.

Since this “phase two” work kicked off, it’s taken about five months, 24 two-hour teleconferences, and a three-day face-to-face meeting to get to this still pretty raw, uncooked state.

The problem the working group is facing now is that everyone wants ICANN to play a hands-on role in running a centralized SSAD system, but it has little idea just how much ICANN is prepared to get involved.

The cost of running such a system aside, legislation such as GDPR allows for pretty hefty fines in cases of privacy breaches, so there’s potentially a big liability ask of notoriously risk-averse ICANN.

So the WG has written to ICANN’s board of directors in an attempt to get a firm answer one way or the other.

If the board decided ICANN should steer clear, the WG may have to go back more or less to square one and focus on adapting the current Whois model, which is distributed among registrars and registries, for the post-GDPR world.

How much risk and responsibility ICANN is willing to absorb could also dictate which specific SSAD models the WG pursues in future.

There’s also a view that, with no clarity from ICANN, the chance of the WG reaching consensus is unlikely.

This will be a hot topic at ICANN 66 in Montreal next month.

Expect the Governmental Advisory Committee, which had asked for “considerable and demonstrable progress, if not completion” of the access model by Montreal, to be disappointed.

Why you should never let a pizza joint apply for your billion-dollar dot-brand

Kevin Murphy, September 9, 2019, Domain Registries

A multi-billion dollar telecoms company has lost its two dot-brand gTLDs after apparently hiring a failed pizza restaurant to manage them.

For reals.

Several times a year, my friends at other domain news blogs will post cautionary tales about companies losing their domains after falling out with the consultant or developer who originally registered the names on their behalf.

I believe this story is the first example of the same thing happening at the top level, with two valuable dot-brand gTLDs.

It concerns the Saudi Arabian telco Etihad Etisalat, which does business as Mobily. It’s publicly traded, with millions of subscribers and 2018 revenue of the equivalent of $3.14 billion.

The two gTLDs we’re concerned with are .mobily and موبايلي. (.xn--mgbb9fbpob), the Arabic version of the brand.

Back in 2012, a Bahrain company called GreenTech Consultancy Company applied for both of these TLDs. The applications made it explicit that they were to be single-registrant dot-brands to be used by Mobily.

Quite what the relationship between Mobily and GreenTech was — if there even was one — isn’t particularly clear.

GreenTech’s shareholders were Anwar Ahmed and Asma Malik, two Pakistani nationals living in Bahrain, according to Bahrain business records.

Its web site is an laughable mess of broken English, shameful grammar, irrelevant and impenetrable technobabble (much of which appears verbatim on several other South Asian tech companies’ web sites), and a suggestion that the company is primarily in the business of selling satellite modems.

The site just stinks of bogosity. It looks like a dirt-cheap developer threw the site together during his lunch break for beer money.

Bahrain company records show that GreenTech shared a registration with a company called Greentech Pizzeria Restaurant. Same two directors, same address, same company number.

The consultancy company was formed in February 2012 — during the ICANN application window — and the pizza joint opened a bit over a year later.

Why a multi-billion dollar telecommunications company would entrust its brands to these guys, if that is in fact what happened, is a bit of a mystery.

From information that has recently emerged, which I’ll get to shortly, it appears that the true applicant was a Los Angeles-based gTLD consultancy called WiseDots, which in 2011 was co-founded by recently departed ICANN CFO Kevin Wilson and Herman Collins.

WiseDots employees Collins, Wael Nasr and Alan Bair were all at some point listed as primary or secondary contacts for the two applications, as was domain lawyer Mike Rodenbaugh of Rodenbaugh Law.

Wilson left WiseDots in May 2012 and rejoined three years later as CEO after a stint at Donuts. He’s currently listed as the Admin contact for both Mobily gTLDs in the IANA records.

It appears that Mobily signed a letter of intent with WiseDots on April 9, 2012, just three days before the ICANN application window closed, and that was later formalized into a contract in 2014, six months before GreenTech signed its contracts with ICANN.

Both applications made it through ICANN’s evaluation process with apparently no trouble — there were no objections on trademark or any other grounds — and the Registry Agreements were signed in December 2014.

It’s worth noting that neither contract contains Specification 13, which is required for a registry to operate as a dot-brand. If you want to run a dot-brand, you have to show ICANN that you own a trademark matching the string you’ve applied for.

GreenTech did actually submit requests for Spec 13 approval (pdf) — a week after the contracts were already signed — but at a later date both were either withdrawn or rejected by ICANN for reasons unknown.

Both requests include what appear to be scans of Saudi trademark certificates, but they’re both in Arabic and I’ve no idea who they’re assigned to. Presumably, Mobily, which may explain why GreenTech couldn’t get its Spec 13.

After the contracts were signed, it took exactly one full year — the maximum delay permitted by ICANN — before they were delegated and entered the DNS root.

A year after that, in December 2016, ICANN whacked GreenTech with a breach-of-contract notice (pdf), after the company apparently failed to pay its ICANN fees.

The fees had been “past due” for at least six months. It seems quite possible GreenTech had never paid its fees after delegation.

The breach was later escalated to termination, and the two parties entered mediation.

According to Nasr, in a letter to ICANN, Mobily had promised to pay the ICANN fees, but had reneged on its promise, causing the breach.

The issue was resolved, with GreenTech apparently agreeing to some “confidential” terms with ICANN, in November 2017.

It has now transpired, from Nasr’s letter and attached confidential joint-venture agreement, that GreenTech, WiseDots, Collins, Ahmad, Nasr and yet another consultant — an Egyptian named Ahmed El Oteify, apparently with Varkon Group — made a pact in August 2016 whereby the two gTLDs would be transferred into the control of a new jointly owned Bahrain company to be called MobileDots WLL, which in turn would be owned by a new jointly owned Delaware company called MobileDots LLC.

The TLD contracts would then be transferred to Mobily, according to Nasr.

“GreenTech and the two Mobiledots companies were intended to be intermediate conduits for the future transfer of the two Mobily licenses to Mobily as their eventual Registered Operator,” he wrote.

“At no point in time was GreenTech ever contemplated as the true operator of the ‘Mobily’ gTLD licenses. Indeed, GreenTech ran a defunct pizza restaurant, and was long ago de-registered by the Bahraini government for its numerous payments and filing defaults,” he wrote.

The Delaware company was created, but there does not appear to be an official record of the Bahrain company being formed.

According to Nasr, after Mobily stopped paying its ICANN dues the joint venture partners fell out with each other over how to finance the registries. This led to GreenTech asking ICANN to terminate its contracts, which I blogged about in May.

As is customary when a brand registry self-terminates, ICANN made a preliminary decision not to transfer the GreenTech contracts to a third party and opened it up to public comments.

Nasr’s letter is the first example of anyone ever actually using that public comment opportunity.

He argued that because of the JV agreement, ICANN should instead transfer .mobily and the Arabic version to MobileDots.

ICANN declined, saying “it is not within the remit of ICANN org to transfer the TLDs to a specific successor Registry Operator (such as Mobiledots L.L.C., as Mr. Nasr requests) through this termination process”.

As a further twist in the tale, on August 23 this year, just four days before the contract terminations were due to become effective, GreenTech withdrew its requests for reasons unknown.

But it seems ICANN has had enough.

Last Thursday, it told GreenTech (Wilson and Ahmed) that it is terminating its registry contracts anyway, “invoking certain provisions set forth in the previously agreed-upon confidential terms between ICANN org and GreenTech”.

Its termination notices do not reveal what these “confidential terms” are.

But, given that GreenTech stopped existing as a legal entity in February (according to Bahrain company records) it appears it would have been on fairly solid grounds to terminate anyway.

ICANN’s decision is not open for comment this time around, and IANA has been asked to delete both TLDs from the root as soon as possible.

The upshot of all this is that a massive Saudi telco has lost both of the dot-brands it may or may not have wanted, and a whole mess of gTLD consultants appear to be out of pocket.

And the moral of this story?

Damned if I know. Something to do with pizzas, probably.

The Amazon is burning. Is this good news for .amazon?

Kevin Murphy, August 26, 2019, Domain Policy

With the tide of international opinion turning against Brazil due to the ongoing forest fires in the Amazon, could we see governments change their tune when it comes to Amazon’s application for .amazon?

A much higher number of forest fires than usual are currently burning in the region, largely in Brazil, which critics led by environmentalists and French president Emmanuel Macron have blamed on relaxed “slash and burn” farming policies introduced by new Brazilian president Jair Bolsonaro.

The rain forest is an important carbon sink, said to provide 20% of the world’s oxygen. The more of it is lost, the harder it is to tackle climate change, the argument goes.

It’s been an important topic at the Macro-hosted G7 summit, which ends today. Even the bloody Pope has weighed in.

Arguably, the stakes are nothing less than the survival of human civilization and life on Earth itself.

And this is a story about domain names. Sorry. This is a blog about domain names. My hands are tied.

Amazon the company has been fighting governments over its application for .amazon, along with the Chinese and Japanese translations, for over six years.

ICANN’s Governmental Advisory Committee was responsible for killing off .amazon in 2013 after it decided by consensus that Amazon’s application should not proceed.

That decision was only reached after the US, under the Obama administration, decided to abstain from discussions.

The US had been protecting Amazon by blocking GAC consensus, but changed its tune partly in order to throw a bone to world leaders, including then-president of Brazil Dilma Rousseff, who were outraged by CIA analyst Edward Snowden’s revelations of widespread US digital espionage.

After ICANN dutifully followed the GAC advice and rejected Amazon’s gTLD applications, Amazon appealed via the Independent Review Process and, in 2017, won.

The IRP panel ruled that the GAC’s objection had no clear grounding in public policy that could be gleaned from the record. It told ICANN to re-open the applications and evaluate them objectively.

Ever since then, the GAC’s advice to ICANN has been that it must “facilitate a mutually acceptable solution” between Amazon and the eight nations of the Amazon Cooperation Treaty Organization.

ICANN has been doing just that, or at least attempting to, for the last couple of years.

But the two parties failed to come to an agreement. ACTO wants to have essential veto power over Amazon’s use of .amazon, whereas Amazon is only prepared to offer lists of protected names, a minority position in any policy-setting body, and some sweeteners.

In May this year, ICANN’s board of directors voted to move .amazon along towards delegation, noting that there was “no public policy reason” why it should not.

In June, the government of Colombia filed a Request for Reconsideration with ICANN, demanding it reevaluate that decision.

The RfR was considered by ICANN’s Board Accountability Measures Committee at its meeting August 14, but its recommendation has not yet been published. I’m expecting it to be posted this week.

There’s still opportunity for the GAC to cause mischief, or act as a further delay on .amazon, but will it, in light of some country’s outrage over Brazil’s policy over the rain forest?

One could argue that if the nation that has the largest chunk of Amazon within its borders seems to have little regard to its international importance, why should its claim to ownership of the string “amazon” get priority over a big brand that has offered to protect culturally significant words and phrases?

Remember, as the example of the US in 2012/13 shows us, it only takes one government to block a GAC consensus. If Brazil or Peru continue to pursue their anti-Amazon path, could France throw a spanner in the works, smoothing .amazon’s road to delegation?

Anything’s possible, I suppose, but my feeling is that most governments back ACTO’s position largely because they’re worried that they could find themselves in a similar position of having to fight off an application for a “geographic” string in the next gTLD application round.

Porn-block retail prices revealed. Wow.

Kevin Murphy, August 20, 2019, Domain Registrars

The first retail prices for MMX’s porn-blocking AdultBlock services have been revealed, and they ain’t cheap.

The registrar 101domain yesterday announced that it has started offering AdultBlock and sister service AdultBlock+, and published its pricing.

Trademark owners wanting to block a single string across .sex, .porn, .adult and .xxx will pay $349 per year with the vanilla, renew-annually service.

If they want the AdultBlock+ service, which also blocks homographs, they’ll pay $799 a year or $7,495 for the maximum 10-year term.

Compare this to the Sunrise B offer that ICM Registry made to trademark owners in 2011, where a string in .xxx cost roughly $200 to $300 for a 10-year block.

The two services are not directly comparable, of course. AdultBlock covers three additional TLDs and the AdultBlock+ service covers confusingly similar variants.

But trademark owners are buying peace of mind that their brands won’t be registered as porn sites, and the cost of that peace of mind just increased tenfold.

AdultBlock domains don’t resolve, and are a lot cheaper than domain registrations.

Renewing a single string in all four gTLDs at 101domain prices would cost around $480 a year, so customers will pay about 27% less buying a block instead.

The cost of the first year for those four domains would be $360, just $11 more than the AdultBlock price, according to 101domain’s price list.

MMX, which acquired the gTLD portfolio from ICM last year, is offering a discount on the AdultBlock+ service for customers buying before the end of 2019.

101domain is offering 10 years of AdultBlock+ for $3,999, a saving of $3,500.

101domain is not known as a particularly expensive registrar, so prices elsewhere in the industry could go higher.

Porn blocks could be worth millions to MMX

Minds + Machines could find itself making millions of dollars a year out of non-resolving defensive registrations in its recently acquired portfolio of porn-themed gTLDs.

The company recently announced the launch of AdultBlock and AdultBlock Plus, which will enable trademark owners to prevent anyone else registering their marks, and variants thereof, for up to 10 years.

Running the numbers, and taking into account MMX’s already substantial established client base for such services, AdultBlock could bring in as much as $11 million a year. But it’s almost certainly going to be much less than that.

The company won’t disclose it’s exact pricing for AdultBlock, or its revenue estimates, but it’s possible to do some back-of-the-envelope calculations and come to some ball-park guesses.

MMX has said that it’s pricing the service such that customers should be able to see a 35% saving compared to the cost of registering a single string across all four of its porn TLDs

The company acquired .xxx, .porn, .adult and .sex when it bought ICM Registry last year.

The wholesale fee for each of the four is believed to be about $68 a year. From this, we can calculate that the wholesale price of AdultBlock may well be around the $175-a-year mark.

There’s some room for error here, as MMX hasn’t revealed precisely how it came to its 35% number, but I think we can safely say we’re looking at $150 to $200 a year. For the purposes of this envelope, let’s split the difference and assume it’s $175.

It’s quite a high number, a bit like a recurring sunrise fee for a domain that you don’t even get to use.

But how many domains can MMX expect to be blocked?

A low-ball estimate could be modeled on the .porn/.adult/.sex sunrise periods.

.porn launched in 2015 and gathered 2,091 sunrise registrations, according to ICANN records, making it one of the largest new gTLD sunrise periods. The other two TLDs weren’t far behind.

If that’s a good guide for AdultBlock uptake, we’re talking about a piddling $360,000-a-year business.

But MMX has a secret weapon that it inherited from .xxx.

When .xxx launched back in 2011, it kicked off with two sunrise periods. Sunrise A was for trademark owners in the porn business who wanted to use their .xxx names. Sunrise B was for everyone else, who didn’t.

In Sunrise B, brand owners paid $162 (plus their registrar’s markup) to block their domains for a flat period of 10 years.

Customers couldn’t use their domains. They were registered to ICM and used specially designated ICM name servers to resolve to a standard, non-monetized placeholder page stating “This domain has been reserved from registration.”

There are over 80,000 domains using these name servers, but about 15,000 of those represent names of celebrities, cities, and religiously and culturally sensitive terms that ICM culled from Wikipedia and unilaterally reserved to help avoid a tabloid crucifixion if mileycyrus.xxx ever started bouncing children to something pornographic, such as one of her music videos.

(As an aside, I think it’s worth mentioning that the .xxx zone file only has 93,000 names in it. These means about nine out of 10 live .xxx domains are reserved by the registry.)

So we’ve got 65,000 trademarks that are currently blocked in .xxx, and they’re all going to expire in 2021 because ICM only sold blocks for the duration of its original 10-year ICANN contract.

If all 65,000 domains are upgraded to AdultBlock, the service would be worth over $11 million a year, to a company currently reporting annual revenue around $15 million.

But they won’t.

You don’t have to scroll too far down the .xxx zone file (and I didn’t) to discover some absolute garbage, no doubt the result of scaremongering around the 2011 .xxx launch.

I mean, seriously, look at some of this Sunrise B guff:

100percentwholewheatthatkidslovetoeat.xxx, 101waystoleaveagameshow.xxx, 1firstnationalmergersandacquisitions.xxx, 1stchoiceliquorsuperstore.xxx, 2bupushingalltherightbuttons.xxx, 247claimsservicethesupportyouneed30minutesguaranteed.xxx, 3pathpowerdeliverysystembypioneermagneticsinc.xxx

I think we’re going to be looking at a significant junk drop of blocked domains come 2021.

That said, I think MMX may have a psychological advantage here, when it comes to persuading Sunrise B users to “renew”.

Who hasn’t renewed a domain name they strongly suspect they will never use or sell, simply because they couldn’t bear the thought of somebody else owning “their” domain?

An additional consideration for brand owners is that these Sunrise B names are going to show up on drop-lists when they are eventually deleted from the .xxx zone file, perhaps giving inspiration to cybersquatters.

This is a fantastic opportunity for MMX and brand protection registrars to put the hard sell on its Sunrise B customers to “renew” their blocks by upgrading to the new and improved AdultBlock service, which could cost literally 10 times more than what they originally signed up for.

AdultBlock is of course more comprehensive than Sunrise B. It covers three additional TLDs, for starters, and customers can pay a little more for potentially thousands of potential homographs (non-Latin-script domains that look almost identical to the original) to also be blocked.

MMX isn’t waiting until 2021, however. It’s currently offering companies that buy a 10-year-block before the end of 2019 the AdultBlock+ service for the price of the vanilla, no-variants offering.

Existing Sunrise B customers have until the same deadline to purchase the new service without having to have their trademarks re-verified, which carries an additional fee.

For those that miss this early-bird offer, come December 2021, the holders of up 65,000 trademarks are going to face a stark choice: sign up to pay a couple hundred bucks a year, or risk their brands being snapped up by pornsquatters.

PwC wants to be your Whois gatekeeper

Kevin Murphy, June 11, 2019, Domain Services

PricewaterhouseCoopers has built a Whois access system that may help domain name companies and intellectual property interests call a truce in their ongoing battle over access to private Whois data.

Its new TieredAccess Platform will enable registries and registrars to “outsource the entire process of providing access to non-public domain registration data”.

That’s according to IP lawyer Bart Lieben, partner at the Belgian law firm ARTES, who devised the system and is working with PwC to develop it.

The offering is designed to give trademark lawyers access to the data they lust after, while also reducing costs and mitigating domain name industry liability under the General Data Protection Regulation.

TieredAccess would make PwC essentially the gatekeeper for all requests for private Whois data (at least, in the registries plugged into the platform) coming from the likes of trademark owners, security researchers, lawyers and law enforcement agencies.

At one end, these requestors would be pre-vetted by PwC, after which they’d be able to ask for unredacted Whois records using PwC as an intermediary.

They’d have to pick from one of 43 pre-written request scenarios (such as cybersquatting investigation, criminal probe or spam prevention) and assert that they will only use the data they obtain for the stated purposes.

At the other end, registries and registrars will have adopted a set of rules that specify how such requests should be responded to.

A ruleset could say that cops get more access to data than security researchers, for example, or that a criminal investigation is more important than a UDRP complaint.

PwC has created a bunch of templates, but registrars and registries would be able to adapt these policies to their own tastes.

Once the rules are put in place, and the up-front implementation work has been done to plug PwC into their Whois servers, they wouldn’t have to worry about dealing with Whois requests manually as most are today. The whole lot would be automated.

Not even PwC would have human eyes on the requests. The private data would only be stored temporarily.

One could argue that there’s the potential for abusive or non-compliant requests making it through, which may give liability-nervous companies pause.

But the requests and response metadata would be logged for audit and compliance, so abusive users could be fingered after the act.

Lieben says the whole system has been checked for GDPR compliance, assuming its prefabricated baseline scenarios and templates are adopted unadulterated.

He said that the PwC brand should give clients on both sides “peace of mind” that they’re not breaking privacy law.

If a registrar requires an affidavit before releasing data, the assertions requestors make to PwC should tick that box, he said.

Given that this is probably a harder sell to the domain name industry side of the equation, it’s perhaps not surprising that it’s the requestors that are likely to shoulder most of the cost burden of using the service.

Lieben said a pricing model has not yet been set, but that it could see fees paid by registrars subsidized by the fees paid by requestors.

There’s a chance registries could wind up paying nothing, he said.

The project has been in the works since September and is currently in the testing phase, with PwC trying to entice registries and registrars onto the platform.

Lieben said some companies have already agreed to test the service, but he could not name them yet.

The service was developed against the backdrop of ongoing community discussions within ICANN in the Expedited Policy Development Working group, which is trying to create a GDPR-compliant policy for access to private Whois records.

ICANN Org has also made it known that it is considering making itself the clearinghouse for Whois queries, to allow its contracted parties to offload some liability.

It’s quite possible that once the policies are in place, ICANN may well decide to outsource the gatekeeper function to the likes of PwC.

That appears to be what Lieben has in mind. After all, it’s what he did with the Trademark Clearinghouse almost a decade ago — building it independently with Deloitte while the new gTLD rules were still being written and then selling the service to ICANN when the time came.

The TieredAccess service is described in some detail here.

Brand kills off gTLD that is actually being USED

Two more companies have told ICANN they’ve changed their minds about running a dot-brand gTLD, including the first example of a TLD that is actually in use.

Dun & Bradstreet has said it no longer wishes to launch .duns, and Australian insurance company iSelect has had enough of .iselect.

Both companies filed to voluntarily terminate their ICANN registry agreements in March, and ICANN published its preliminary decision to allow them to do so this week.

While business data provider D&B never got around to using .duns, .iselect has had dozens of active domains for years.

The company started putting domains in its zone file about three years ago and had over 90 registered names at the last count, with about a dozen indexed by Google. That’s a quite a lot for a dot-brand.

It is using domains such as home.iselect, news.iselect and careers.iselect as redirects to parts of its main corporate site, while domains such as gas.iselect, creditcards.iselect and health.iselect send customers to specific product pages.

They all redirect to its main iselect.com.au site. There are no web sites as far as I can tell that keep visitors in the .iselect realm.

I’m pretty certain this is the first example of a voluntary contract termination by a dot-brand that is actually in active use.

There have been 52 such terminations to date, including these two latest ones, almost all of which have been dot-brands that never got out of the barn door.

That’s over 10% of the dot-brands that were delegated from the 2012 gTLD application round.

Smaller registrars say .uk release is biased towards the Big Boys

A group of small .uk registrars have complained to Nominet that the imminent release of three million second-level .uk domain names is biased towards their deep-pocketed rivals.

So far, 33 registrars have signed a petition, penned by Netistrar’s Andrew Bennett, against Nominet’s rules.

On July 1, the registry plans to start releasing .uk 2LDs that are currently reserved under its five-year-long grandfathering program.

These are domains that match existing third-level domains in .co.uk, .org.uk, etc.

The 3LD registrants have until 0500 UTC on June 25 to claim their 2LD matches. A week later, Nominet will start releasing them in alphabetical batches of 600,000 per day, over five days, to the available pool.

It’s going to be a little like “the drop” in gTLDs such as .com, with registrars all vying to pick up the most-valuable names as soon as they are released.

In the gTLD space, each registrar is given an equal number of connections, which is why drop-catch specialists such as SnapNames own hundreds of registrar accreditations.

Nominet’s doing it a little different, instead throttling connections based on how much credit registrars have with the registry, which the petitioners believe rigs the system towards the registrars with the most money.

According to the Nominet, registrars with £450 of credit get six connections per minute, rising to nine per minute for those with £4,500, 60 per minute for £45,000 and, at the top end, 150 per minute for registrars with £90,000 stashed in the Bank of Nominet.

Larger registrars with multiple Nominet accreditations, known as “tags” in the .uk space, will be able to stack their connections for an even greater chance at grabbing the best names.

Registrars such as GoDaddy are already taking pre-orders and will auction off the domains they catch to the highest bidder, if there are multiple pre-orders for the same names, so there’s potentially a fair bit of money to be made.

The small registrars say these credit-based rules are “disproportionately unfair” to their business models.

They point out that it doesn’t make much sense to rate-limit connections based on their proven ability to pay, given that there’s no link between how many they plan to register in the crucial first minute after the drop and how many they intend to register overall.

Nominet says on its web site that the tiers as described are provisional and will be firmed up the week of June 24.

The petitioners are also bothered that Nominet has not made any EPP code available to help the smaller guys, which have fewer engineering resources, to adjust to this temporary, time-sensitive registration system, and that the release plan was not communicated well to registrars.

They further claim that Nominet has not conducted enough outreach to .uk registrants to let them know their grandfathered rights will soon expire.

Many well-known brands have yet to claim their trademark.uk names, they claim.

Nominet has previously told DI that it planned to advertise the end of grandfathering in the press and on radio in the run-up to the release.