Latest news of the domain name industry

Recent Posts

Bizarre redactions in Pirate Bay founder’s ICANN registrar ban

Kevin Murphy, August 26, 2021, Domain Policy

ICANN has finally published a complaint from Pirate Bay founder Peter Sunde, who has been banned from owning an accredited registrar, but it’s full of bizarre redactions that serve only to make it look like the Org is hiding something.

You may recall that Sunde said in March that ICANN had rejected his application to have his registrar, Sarek, formally accredited.

He told DI that it happened because ICANN was worried he’d be a “pain in the ass” due to his previous association with the Pirate Bay file-sharing site and his criminal conviction for copyright infringement.

Not long after speaking to us, he filed a formal complaint with ICANN, which ICANN, five months later, published this week.

There’s not much in the complaint (pdf) that we have not already reported, but what’s notable is the amount of unnecessarily redacted text.

ICANN seems chiefly concerned with poorly obfuscating the identity of the staffer with whom Sunde was dealing on, and who ultimately rejected, his accreditation application.

The Org goes to the extent of redacting gender pronouns, so the reader can’t tell whether the person in question is male or female.

But the information that remains unredacted in the very same sentence is more than sufficient to identify the staffer concerned.

I’ve even been on national TV mentioning [NAME REDACTED] that I talked to today, regarding [PRONOUN REDACTED] failure to disclose the 3200 comments that was against the price cap removal of .ORG in [PRONOUN REDACTED] summary report for ICANN regarding the case.

The person who compiled the comment summary on the .org price caps issue, a public document (pdf), was Russ Weinstein, who’s also the guy in charge of registrar accreditation matters.

What possible benefit could be had from obfuscating his identity? And if doing so is so important, why do it in such an incompetent way?

The document also appears to redact the names of Facebook CEO Mark Zuckerberg and Swedish prog-rocker Björn Afzelius, both in the context of well-reported news stories mere seconds away in a search engine.

Reference to Sunde’s own criminal convictions, which are also well-reported and he has never been shy about addressing, also appear to be redacted.

For avoidance of doubt, I’m not saying that ICANN is hiding anything sinister, nor am I saying Sunde’s complaint has merit, but this redaction-happy attitude serves only to make the Org appear less transparent than it really should be.

If these redactions are attempts to hide personally identifiable information under ICANN’s privacy policy, they failed miserably on pretty much every count, even after five months.

This is privacy theater, created by people who don’t know the first thing about privacy.

ICANN has yet to respond Sunde’s complaint.

.web ruling hands Afilias a chance, Verisign a problem, and ICANN its own ass on a plate

Kevin Murphy, May 26, 2021, Domain Policy

ICANN has lost yet another Independent Review Process case, and been handed a huge legal bill, after being found to have violated its own rules on transparency and fairness.

The decision in Afilias v ICANN has failed to definitively resolve the issue of whether the auction of the .web gTLD in 2016, won by a shell applicant called Nu Dot Co backed by $135 million of Verisign’s money, was legit.

ICANN’s now urging NDC, Afilias and other members of the .web contention set to resolve their beefs privately, which could lead to big-money pay-days for the losing auction bidders at Verisign’s expense.

For ICANN board and staff, the unanimous, three-person IRP panel decision is pretty damning, with the ruling saying the org “violated its commitment to make decisions by applying documented policies objectively and fairly”.

It finds that ICANN’s board shirked its duty to consider the propriety of the Verisign/NDC bid, allowing ICANN staff to get perilously close to signing a registry contract with an applicant that they knew may well have been in violation of the new gTLD program rules.

Despite being named the prevailing party, it’s not even close to a full win for Afilias.

The company had wanted the IRP panel to void the NDC/Verisign winning bid and award .web to itself, the second-highest bidder. But the panel did not do that, referring the decision instead back to ICANN.

As the loser, ICANN has been hit with a $1,198,493 bill to cover the cost of the case, which includes Afilias’ share of $479,458, along with another $450,000 to cover Afilas’ legal fees connected to an earlier emergency IRP request that ICANN “abusively” forced Afilias into.

The case came about due to a dispute about the .web auction, which was run by ICANN in July 2016.

Six of the seven .web applicants had been keen for the contention set to be settled privately, in an auction that would have seen the winning bid distributed evenly among the losing bidders.

But NDC, an application vehicle not known to be particularly well-funded, held out for a “last resort” auction, in which the winning bid would be deposited directly into ICANN’s coffers.

This raised suspicions that NDC had a secret sugar daddy, likely Verisign, that was covertly bankrolling its bid.

It was not known until after NDC won, with a $135 million bid, that these suspicions were correct. NDC and Verisign had a “Domain Acquisition Agreement” or DAA that would see NDC transfer its .web contract to Verisign in exchange for the money needed to win the auction (and presumably other considerations, though almost all references to the terms of the DAA have been redacted by ICANN throughout the IRP).

Afilias and fellow .web applicant Donuts both approached ICANN before and after the auction, complaining that the NDC/Verisign bid was bogus, in violation of program rules requiring applicants to notify ICANN if there’s any change of control of their applications, including agreements to transfer the gTLD post-contracting.

ICANN has never decided at the board level whether these claims have merit, the IRP panel found.

The board did hold a secret, off-the-books discussion about the complaints at its retreat November 3, 2016, and concluded, without any type of formal vote, that it should just keep its mouth shut, because Afilias and Donuts had already set the ball rolling on the accountability mechanisms that would ultimately lead to the IRP.

More than half the board was in attendance at this meeting, and discussions were led by ICANN’s top two lawyers, but the fact that it had even taken place was not disclosed until June last year, well over three and a half years after the fact.

Despite the fact that the board had made a conscious, if informal, choice not to decide whether the NDC/Verisign bid was legit, ICANN staff nevertheless went ahead and started contracting with NDC in June 2018, taking the .web contention set off its “on-hold” status.

Talks progressed to the point where, on June 14, ICANN had sent the .web contract to NDC, which immediately returned a signed copy, and all that remained was for ICANN to counter-sign the document for it to become binding.

ICANN VP Christine Willett approved the countersigning, but four days later Afilias initiated the Cooperative Engagement Process accountability mechanism, the contract was ripped up, and the contention set was placed back on hold.

“Thus, clearly, a registry agreement with NDC for .WEB could have been executed by ICANN’s Staff and come into force without the Board having pronounced on the propriety of the DAA under the Guidebook and Auction Rules,” the IRP panel wrote.

This disconnect between the board and the legal staff is at the core of the panel’s criticism of ICANN.

The board had decided that Afilias’ claim that NDC had violated new gTLD program rules was worthy of consideration and had informally agreed to defer making a decision, but the staff had nevertheless gone ahead with contracting with a potentially bogus applicant, the panel found.

In the opinion of the Panel, there is an inherent contradiction between proceeding with the delegation of .WEB to NDC, as the Respondent [ICANN] was prepared to do in June 2018, and recognizing that issues raised in connection with NDC’s arrangements with Verisign are serious, deserving of the Respondent’s consideration, and remain to be addressed by the Respondent and its Board, as was determined by the Board in November 2016. A necessary implication of the Respondent’s decision to proceed with the delegation of .WEB to NDC in June 2018 was some implicit finding that NDC was not in breach of the New gTLD Program Rules and, by way of consequence, the implicit rejection of the Claimant’s [Afilias’] allegations of non-compliance with the Guidebook and Auction Rules. This is difficult to reconcile with the submission that “ICANN has taken no position onw hether NDC violated the Guidebook”.

The upshot of the panel’s ruling is to throw the issue back to ICANN, requiring the board to decide once and for all whether Verisign’s auction gambit was kosher.

If you’ll excuse the crude metaphor, ICANN’s board has been told to shit or get off the pot:

The evidence in the present case shows that the Respondent, to this day, while acknowledging that the questions raised as to the propriety of NDC’s and Verisign’s conduct are legitimate, serious, and deserving of its careful attention, has nevertheless failed to address them. Moreover, the Respondent has adopted contradictory positions, including in these proceedings, that at least in appearance undermine the impartiality of its processes.

[The panel r]ecommends that the Respondent stay any and all action or decision that would further the delegation of the .WEB gTLD until such time as the Respondent’s Board has considered the opinion of the Panel in this Final Decision, and, in particular (a) considered and pronounced upon the question of whether the DAA complied with the New gTLD Program Rules following the Claimant’s complaints that it violated the Guidebook and Auction Rules and, as the case may be, (b) determined whether by reason of any violation of the Guidebook and Auction Rules, NDC’s application for .WEB should be rejected and its bids at the auction disqualified;

At the same time as the decision was published last night — shortly after midnight UTC and therefore helpfully too late to make it into today’s edition of ICANN’s godawful new email subscriptions feature — ICANN issued a statement on the outcome.

“In its Final Declaration, the IRP panel ruled that the ICANN Board, and not an IRP panel, should decide which applicant should become the registry operator for .WEB,” CEO Göran Marby said.

“The ICANN Board will consider the Final Declaration as soon as feasible, within the timeframe prescribed in the Bylaws, and remains hopeful that the relevant .WEB applicants will continue to seek alternatives to resolve the dispute between them raised during the IRP,” the statement concludes.

That should be of concern to Verisign, as any non-ICANN resolution of the .web battle is inevitably going to involve Verisign money flowing to its competitors.

But my first instinct strikes me that this a is a low-probability outcome.

It seems to me much more likely at first glance that ICANN will rule the NDC/Verisign ploy legitimate and proceed to contracting again.

For it to declare that using a front organization to bid for a gTLD is against the rules would raise questions about other applications that employed more or less the same tactic, such as Automattic’s successful bid, via an intermediary, for .blog, and possibly the 100-ish applications Donuts and Rightside cooperated on.

The ICANN bylaws say the board has to consider the IRP’s findings at its next meeting, for which there’s currently no published date, where feasible.

I should note that, while Donuts acquired Afilias last December, the deal did not include its .web application, which is why both the panel’s decision and this article refer to “Afilias” throughout.

Verisign hopeful after decision reached in .web gTLD case

Kevin Murphy, May 25, 2021, Domain Policy

The fate of .web has been decided, over 20 years after it was first applied for, and Verisign thinks it might emerge triumphant.

The company said last night that the ICANN Independent Review Panel handling the case of Afilias v ICANN reached a decision May 20 and delivered it to Verisign the following day.

Verisign says the panel “dismissed Afilias’ claims for relief seeking to invalidate the .web auction and to award the .web TLD to Afilias, concluding that such issues were beyond its jurisdiction.”

Sounds good for Verisign so far. Afilias wanted its $135 million bid for .web, submitted via an intermediary called Nu Dot Co, thrown out due to claims that ICANN violated its own bylaws by not sufficiently vetting the bidder.

But Verisign goes on to say “the panel’s ruling recommends that ICANN’s Board of Directors consider the objections made about the .web auction and then make a decision on the delegation of .web”.

It adds that the panel found that ICANN violated its fairness and transparency commitments:

With respect to ICANN, the ruling finds that certain actions and/or inaction by ICANN in response to Afilias’ objections violated aspects of ICANN’s bylaws related to transparency and fairness. These findings are particular to ICANN’s actions and not conduct by Verisign. Verisign anticipates that ICANN’s Board will review the panel’s ruling and proceed consistent with the panel’s recommendation to consider the objections and make a decision on the delegation of .web.

Based on Verisign’s statements, it seems that ICANN lost, but Afilias didn’t win.

The revelation was buried in a Securities and Exchange Commission filing on an unrelated financial matter last night. Hat tip to @jintlaw for spotting and tweeting about it.

It’s the most eagerly anticipated IRP ruling since 2011’s .xxx case, but in stark contrast to Rod “let’s draft this tweet” Beckstrom-era ICANN, where the decision was posted in a matter of hours, the 2021 org has not yet posted the panel’s findings or made a public statement acknowledging the ruling.

Verisign says it intends to “vigorously pursue” .web, but “can provide no assurance” as to which way the ICANN board of directors will swing.

ICANN refuses to say why it allowed Donuts to buy Afilias

Kevin Murphy, March 29, 2021, Domain Policy

ICANN appears determined to make its decision-making process when it comes to industry consolidation as opaque as possible.

The Org has denied a request from two rival registries for information about how it approved the acquisition of Afilias by Donuts last December, apparently exploiting a loophole in its bylaws.

The transaction got the nod from ICANN after its December 17 board of directors meeting, at which the board discussed the deal and gave CEO Göran Marby the nod to go ahead and process the request.

What it didn’t do was pass a formal resolution approving the deal, which seems to have given it the room to wriggle out of its transparency requirements, such as publishing its rationale and briefing materials.

It’s a trick it also used last year when it decided to bar Ethos Capital from acquiring Public Interest Registry.

In response to a Documentary Information Disclosure Process request (pdf) last month, filed by Dot Hotel and Domain Venture Partners, ICANN said:

ICANN org makes available, as a matter of due course, on the ICANN website the resolutions taken, preliminary report, minutes, and the Board briefing materials for each Board meeting… ICANN org has already published all materials for the 17 December 2020 Board meeting.

No new information was published.

The DIDP was filed by two applicants for the new gTLD .hotel, which are competing with applications originally filed by both Donuts and Afilias.

They’d also asked for ICANN’s rationale for allowing Donuts to own two .hotel applications post-acquisition, but ICANN said it had no documents reflecting that rationale.

The .hotel contest is also the subject of an Independent Review Process case and a lawsuit, in which DVP is a plaintiff.

Got beef with ICANN? Why you may not want to use the Ombudsman

Kevin Murphy, February 25, 2021, Domain Policy

Complaining to the independent Ombudsman may not be the best way to start a beef with ICANN, and that’s according to the Ombudsman himself.

Herb Waye told DI this week that consulting him as a first port of call may well lock complainants out of escalating their complaints through his office in future procedures.

Earlier this week, I reported on a lawsuit filed by three so-far unsuccessful .hotel gTLD applicants, which among other things alleges that ICANN’s Request for Reconsideration appeals process is a “sham”.

Reconsideration has quite a high barrier to success, and complaints are rarely successful. Requests are dealt with by the Board Accountability Mechanisms Committee, a subset of the very same board of directors that passed the resolution being complained about, advised by the same ICANN lawyers.

But RfRs are also automatically sent to the Ombudsman for a determination before the BAMC looks into them, which should provide a valuable and ostensibly independent second set of critical eyes.

However, in practice this has almost never happened since the provision was added to the ICANN bylaws five year ago.

The .hotel plaintiffs tallied up the 14 RfRs related to the new gTLD program since 2017 and found that the Ombudsman had recused himself, without detailed explanation, on every single occasion. Their complaint in California Superior Court reads:

Neither ICANN nor the Ombudsman has provided any intelligible reason for this gross flouting of ICANN’s bylaws and the Ombudsman’s dereliction of duty, other than a naked and vague claim of “conflict of interest”. The lack of any Ombudsman process not only violates ICANN’s bylaws and its contracts with Plaintiffs, but it renders the promise of a fair and independent Reconsideration process null and illusory, and the notion of true accountability a farce.

The ICANN bylaws state that the Ombudsman must recuse himself from considering RfRs “involving matters for which the Ombudsman has, in advance of the filing of the Reconsideration Request, taken a position while performing his or her role as the Ombudsman”.

According to Waye’s explanation, this is a very broad standard indeed. He told DI in an email:

it is not just me but over 18(?) years of Office of the Ombudsman involvement in complaints or investigations. So I need to go back through the archives when I receive an RR to make sure neither Chris [LaHatte] nor Frank [Fowlie] have made a determination (it doesn’t have to be a public report (or position) or a report to the Board to qualify for recusal).

Among other factors, it also doesn’t have to be a past determination directly involving the RR requestor either… if the substance of the RR has been reviewed by the Office in the past, or if the RR is about an issue similar to one that has been the subject of a complaint and a determination, then recusal is also required to avoid inconsistencies or perceived bias.

He consults with his “independent outside counsel”, Dave Marglin, when figuring out whether recusal is necessary, he said.

Waye published an explanation of his role in Reconsideration on page 19 of the Ombusdman’s most-recent annual report (pdf).

I wondered whether a 2015 decision by Waye predecessor LaHatte related to the new gTLD program’s controversial Community Priority Evaluation might account for the spate of recusals over the last few years, but Waye would not be drawn.

“I can’t identify specifics about each recusal as I must at all cost avoid identifying past complainants or subjects of complaints,” he said. “As I mentioned, some published reports may be the reason for a recusal but it may also be the result of the RfR issue having passed through my Office prior to the RfR being filed as a complaint; which may or may not be a known fact, so I err on the side of caution and treat all recusals the same.”

Given that the Ombudsman also deals with sensitive interpersonal interactions, including sexual harassment complaints, a code of confidentiality could be a good thing.

But it also means that there are an unknown number of undisclosed topics, dating back the best part of two decades, that the Ombudsman is apparently powerless to address via the Reconsideration process.

And that list of untouchable topics will only get longer as time goes by, incrementally weakening ICANN’s accountability mechanisms.

It seems to me that for companies with no interest in confidentiality but with serious complaints against an ICANN board action, complaining to the Ombudsman as the first port of call in a case that would likely be escalated to Reconsideration, Cooperative Engagement Process and Independent Review Process may be a bad idea.

Not only would they be locking the Ombudsman out of their own subsequent RfR, but they’d be preventing him or her getting involved in related RfRs for eternity.

Waye does not disagree. He said:

I think anyone considering bringing a complaint to the Office of the Ombuds should now consider their desired outcome if there is any possibility the issue may be something that could eventually take the RfR route. Do they want an informal (potentially confidential) determination from the Ombuds or do they want something more “public” from the Ombuds in the form of a substantive evaluation made directly to the BAMC. It’s still a new process and my participation in the RfR accountability mechanism is still a work in progress for the people considering using the RfR. But it’s what the community wanted and we will make it work.

It strikes me that the Reconsideration policy outlined in the ICANN bylaws is, by accident or design, self-terminating and opaque. It becomes less useful the more often it is used, as the range of topics the Ombudsman is permitted to rule on are slowly whittled away in secret.

It also occurs to be that it might be open to abuse and gaming.

Worried that a rival company will try to use Reconsideration to your disadvantage? Why not file a preemptive Ombudsman complaint on the same topic, forcing him to recusing himself and leaving the eventual RfR in the hands of the far-from-objective BAMC and ICANN board?

Waye said:

I suppose it would be possible, though it would require me making a determination or taking a position of sorts related to the eventual RfR… a complaint doesn’t automatically mean recusal. And of course it would mean me and my counsel not seeing through the “gaming” agenda and declining the complaint at the outset.

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Kevin Murphy, February 5, 2021, Domain Registrars

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.

ICANN made over $500k in secret lawyer payments over [REDACTED] legal dispute

Kevin Murphy, November 17, 2020, Domain Policy

ICANN has approved a payout of over half a million dollars to outside lawyers for work on a legal dispute it does not want you to know about.

The board of directors a week ago approved the disbursement of a “[Redacted – Privileged & Confidential]” sum to undisclosed parties in relation to “extensive activity in [Redacted – Privileged & Confidential]”.

Under ICANN policy, the fact that board approval was required means that the amount being paid is at least $500,000. The redacted resolution also authorizes additional payments up to $499,999.

ICANN isn’t providing any hints about what the payments concern, other than that it’s a legal dispute of some kind. The resolution states:

When required, ICANN must engage outside legal counsel to help prepare for and defend against all types of disputes that are brought against ICANN. When those disputes become highly contentious they often require significant involvement during a certain time period by outside counsel and that significant amount of time also results in significant fees and related expenses.

The words “related expenses” may be telling. We may not just be talking about lawyers’ fees here.

ICANN also does not state when the expenses were incurred, other than to note that the org’s budget for fiscal 2020, which ended June 30, “contemplated” the need for such payments.

So we’re talking about a legal issue that ICANN was aware of before May 2019, when the FY20 budget was approved, possibly as far back as December 2018, when earlier versions of that budget were published.

Known legal disputes that were active back then and have seen activity in the last few months include the Afilias Independent Review Process complaint about the .web auction and DotConnectAfrica’s court appeal over its .africa loss.

But both of those cases are matters of public record. ICANN even regularly publishes legal documentation on both. They’re not secret.

The only cases I’m aware of that ICANN has actively tried to keep secret involve allegations of sexual discrimination and harassment made against at least one former senior staffer. One such lawsuit was filed late February 2019.

But the hundreds of thousands doled out by ICANN last week could be related to just about anything.

ICANN’s bylaws give the board a broad brush when it comes to redacting information from published resolutions:

any actions relating to personnel or employment matters, legal matters (to the extent the Board determines it is necessary or appropriate to protect the interests of ICANN), matters that ICANN is prohibited by law or contract from disclosing publicly, and other matters that the Board determines, by a three-quarters (3/4) vote of Directors present at the meeting and voting, are not appropriate for public distribution

Usually, when ICANN redacts information, it’s related to personnel matters such as management bonuses.

Whatever it was ICANN just spent your money on, ICANN ain’t saying.

This ICANN comment period is a Kafkaesque nightmare

Kevin Murphy, September 29, 2020, Domain Policy

With the deadline for commenting on draft new gTLD program rules rapidly approaching, you may be tempted to visit the ICANN web site to peruse the comments that have already been submitted by others. Good bloody luck.

The way ICANN has chosen to present the comments is so bafflingly opaque, confusing and confounding that I can’t help but conclude it must have been deliberately designed to be as soul-crushing as possible.

Regular comment periods are pretty straightforward: you email your comments as prose to ICANN, ICANN publishes the email and any attachments for others to read. Everyone knows where everyone stands. Job done.

But recently there’s been a worrying trend towards a questionnaire and spreadsheet model based around Google Docs, and that’s the model being used for comments on the final draft report of the new gTLD program working group, known as SubPro.

You can check out the spreadsheet here.

The first thing you’ll notice is that the spreadsheet is 215 columns wide, with each respondent given one row for their responses.

You’ll also notice that the spreadsheet doesn’t seem to understand line breaks. Where the respondent has provided some textual commentary, it’s spread across multiple columns in some cases and not in others.

And then there’s the column headings.

While stumbling randomly through the spreadsheet, I discovered an interesting nugget of information — it seems the new gTLD registry MMX wants the next application round delayed until all of the 2012 round have been launched, which I found a bit surprising.

This nugget can be found under the column heading “Enter your response here”, a heading that is helpfully shared by 90 (ninety) other columns on the same damn page.

The heading “Do you want to save your progress and quit for now? You will be able to return to the form to complete it at a later time” appears 10 times in the document.

No information in adjacent columns sheds any light on what triggered MMX to make its comment.

In order to figure out the question for pretty much any response, the only option appears to be to cross-reference the spreadsheet with the original form questionnaire, which can be found as a PDF here.

But the questionnaire has 234 questions and there’s no straightforward correlation between the question number and the columns on the spreadsheet, which are addressed as AA through IG.

So when you see that European industry group CENTR went to the trouble to “Support Output(s) as written” in column DI, under the heading “If you choose one of the following responses, there is no need to submit comments”, it’s virtually impossible to figure out what it actually supports.

If you are able to figure out which question it was answering, that probably won’t help you much either.

The form merely contains brief summaries of changes the working group has made. To see the “Output(s) as written” you’d have to cross-reference with the 363-page draft final report (pdf).

A lot of you are probably thinking that I should just export the spreadsheet into Excel or OpenOffice and clean it up a bit. But, no, you can’t. ICANN has disabled exporting, downloading, and even copy-pasting.

It’s enough to make one feel like going out and licking the floor on public transport.

Way to go on the transparency, ICANN!

I have to believe that the ICANN staffer responsible for compiling all these comments into the official ICANN summary has some tools at his or her disposal to render this mess decipherable, because otherwise they’ve got a huge, hair-ripping job on their hands.

Of course, since there doesn’t appear to be a way for the rest of us to verify the summary report’s accuracy, they can probably just write whatever they want.

ICANN’s .org decision was NOT unanimous, and it was made in secret

When ICANN announced its decision to deny Public Interest Registry’s request to be acquired by Ethos Capital at the end of April, I felt a little foolish.

I’d confidently predicted just days earlier that the decision by the board would not be unanimous, but ICANN, in announcing the decision, said “the entire Board stands by this decision”.

But it turns out I was right after all. Three directors voted against the consensus and one abstained.

The dissenting votes were cast by industry policy consultant Avri Doria, Serbian internet pioneer Danko Jevtović, and former Sudanese ccTLD operator Ihab Osman.

Doria and Jevtović voted against the first resolved clause, which rejected PIR’s request. All three voted against the second resolved clause, which would have allowed PIR to file a second request.

Sarah Deutsch, a private practice lawyer, abstained from both votes, presumably because she also sits on the board of the Electronic Frontier Foundation, the civil liberties group that can, via California’s attorney general, probably be credited most with getting the transaction killed.

All three dissenters and Deutsch are Nominating Committee appointees.

According to the preliminary report of the April 30 meeting, “Doria indicated that she would be voting against the resolution and explained her views about how the public interest would be better served by ICANN granting its consent to PIR’s request.”

What her reasons were are not reflected in the record.

It also seems likely that any substantive minuting of ICANN’s decision is likely to be limited, as it appears to have been made at a different, off-the-books session at an unspecified earlier date.

The preliminary report notes the “the Board discussed and considered alternative draft resolutions for potential Board action as part of an earlier briefing”.

No such earlier meeting is listed on ICANN’s web site. The board’s previous formal meeting, two weeks earlier, had PIR’s request removed from the agenda at the last minute.

So it appears that ICANN’s board decided to reject the deal basically in secret at some point between April 17 and April 29, during a meeting of which ICANN has no obligation to publicly release the minutes.

Nice transparency loophole!

There’s always the Documentary Information Disclosure Policy, I suppose.

Court rules domain name list should stay secret

Publishing a list of every domain name in their zone is something that most TLD registries do automatically on a daily basis, but a court in Chile has ruled that doing so is a cybersecurity risk.

NIC Chile, which runs .cl, said last week that it has won an appeal against a Transparency Council ruling that would have forced it to publish a list of the domains it manages.

The Court of Appeals ruled that the registry was within its rights to refuse to hand over an Excel spreadsheet listing the 575,430 domains in .cl to the person who requested it.

The request was just for the list of domains, with none of the other data you’d find in a zone file and no Whois information about the registrants.

Nevertheless, the court unanimously ruled that to hand over the list would present “cybersecurity risks”, according to NIC Chile attorney Margarita Valdés Cortés.

NIC Chile said in a statement:

In this particular case, it was considered that the bulk delivery of domain names to a private individual could generate risks of cybersecurity of various kinds, both in access to information as a result of those domain names as well as the possibility that, by having such a list, attacks on servers, phishing, spam or others could be made easier. Similarly, the ruling of the Court of Appeals understood that the delivery of the data affects commercial and economic rights of the holders of these .CL domains, and considered that there is a legal cause that justifies NIC Chile´s refusal to turn over the list of all registered names.

Cortés said that the case will now go to the nation’s Supreme Court for a final decision, after the Transparency Council appealed.

Access to zone files is considered by many security researchers to be an invaluable tool in the fight against cybercrime.

NIC Chile has published the ruling, in Spanish, here (pdf).

  • Page 1 of 2
  • 1
  • 2
  • >