ICANN adds another six months to Whois reform roadmap

ICANN says that its preparatory work for possible Whois reforms will take another six months.

The Operational Design Phase for the System for Standardized Access and Disclosure will now conclude “by the end of February 2022”, ICANN said this week.

That’s after the Org missed its original September deadline after six months of work.

ICANN program manager Diana Middleton said at ICANN 72 last week that ODP had been delayed by various factors including surveys taking longer than expected and throwing up more questions than they answered.

A survey of Governmental Advisory Committee members due September 17 was extended until the end of October.

But she added that ICANN intends to throw its first draft of the output — an Operational Design Assessment — at its technical writers by the end of the month, with a document going before the board of directors in early February.

SSAD is the proposed system that would funnel requests for private Whois data through ICANN, with a new veneer of red tape for those wishing to access such data.

The ODP is ICANN’s brand-new process for deciding how it could be implemented, how much it would cost, and indeed whether it’s worthwhile implementing it at all.

It’s also being used to prepare for the next round of new gTLDs, with a 13-month initial deadline.

The longer the current ODP runs, the greater the cost to the eventual SSAD user.

ICANN domains revenue ahead of estimates again

ICANN made a few million dollars more than expected in the third calendar quarter, according to its latest financials.

Overall revenue for the three months ended September 30, ICANN’s first fiscal quarter, was $38 million, ahead of the budgeted $35 million and the $36 million in the year-ago quarter.

Expenses were $27 million against a $32 million budget, due again to the lack of travel because of the pandemic. ICANN meetings are costing around $500,000 a pop right now, mostly spent on interpreters and translation, a few million bucks less that it normally spends.

The Org was running at an excess (profit) of $10 million for the quarter, compared to a $3 million budget.

ICANN said (pdf) that registry and registrar transaction fees, a good indicator of sales in the domain name industry, came in at $15 million and $10 million respectively, both $1 million better than the budget.

Other registrar fees, which includes fixed accreditation fees, were also $1 million over budget, at $4 million, perhaps due to the fact that not as many registrars de-accredited as expected.

If you guessed Facebook’s “Meta” rebrand, you’re probably still a cybersquatter

Guessing that Facebook was about to rebrand its corporate parent “Meta” and registering some domain names before the name was officially announced does not mean you’re not a cybersquatter.

Donuts this week reported that its top-trending keyword across its portfolio of hundreds of TLDs was “meta” in October. The word was a new entry on its monthly league table.

We’re almost certainly going to see the same thing when Verisign next reports its monthly .com keyword trends.

The sudden interest in the term comes due to Facebook’s October 28 announcement that it was calling its company Meta as part of a new focus on “metaverse” initiatives.

The announcement was heavily trailed following an October 19 scoop in The Verge, with lots of speculation about what the name change could be.

Many guessed correctly, no doubt leading to the surge in related domain name registrations.

Unfortunately for these registrants, Facebook is one of the most aggressive enforcers of its trademark out there, and it’s pretty much guaranteed that Meta-related UDRP cases will start to appear before long.

While Facebook’s “Meta” trademark was only applied for in the US on October 28, the same date as the branding announcement, the company is still on pretty safe ground, according to UDRP precedent, regardless of whether the domain was registered before Facebook officially announced the switch.

WIPO guidelines dating back to 2005 make it clear that panelist can find that a domain was registered in bad faith. The latest version of the guidelines, from 2017, read:

in certain limited circumstances where the facts of the case establish that the respondent’s intent in registering the domain name was to unfairly capitalize on the complainant’s nascent (typically as yet unregistered) trademark rights, panels have been prepared to find that the respondent has acted in bad faith.

Such scenarios include registration of a domain name: (i) shortly before or after announcement of a corporate merger, (ii) further to the respondent’s insider knowledge (e.g., a former employee), (iii) further to significant media attention (e.g., in connection with a product launch or prominent event), or (iv) following the complainant’s filing of a trademark application.

Precedent for this cited by WIPO dates back to 2002.

So, if you’re somebody who registered a “meta” name after October 19, the lawyers have had your number for the better part of two decades, and Facebook has a pretty good case against you. If your name contains strings such as “login” or similar, Facebook’s case for bad faith is even stronger.

Of course, “meta” is a dictionary word, and “metaverse” is a term Facebook stole from science fiction author Neal Stephenson, so there are likely thousands of non-infringing domains, dating back decades, containing the string.

That doesn’t mean Facebook won’t sic the lawyers on them anyway, but at least they’ll have a defense.

ICANN 72 has lowest turnout since records began

Last week’s public ICANN meeting saw the fewest attendees since the Org started compiling and publishing statistics over five years ago.

According to a new blog post from meetings veep Nick Tomasso, there were 1,305 attendees at ICANN 72, which was the sixth consecutive public meeting to take place on Zoom due to the pandemic.

That’s smaller than the 1,330 who showed up virtually for the mid-year meeting, which typically have fewer attendees than the end-of-year AGM.

In fact, it’s the lowest number of documented attendees since ICANN first started regularly publishing the stats, with ICANN 55 in March 2016. That meeting was in Morocco, was hit by fears of terrorism, and still managed 2,273 attendees.

Even the 2017 meeting in Johannesburg, a long-haul flight for most ICANNers, attracted more people.

Last week’s meeting took place on Seattle time. This was fine for ICANN’s west coast staff, but meant sessions kicked off towards the end of business hours in Europe and in the middle of the night in east Asia.

But Tomasso reports that 22.1% of “real time” attendees were from Asia-Pac, with 20.8% coming from Europe. North Americans accounted for 35% of participants.

Participating in ICANN 72 was free, only requiring an account on ICANN’s web site. But there were no free flights or hotels, and the only thing in the virtual schwag bag was an origami fish or something.

ICANN boss warns over existential “threat” from Russia

The Cthulian threat of an intergovernmental takeover of ICANN has reared its head again, but this time a resurgent, interventionist Russia is behind it and ICANN’s CEO is worried.

Speaking at ICANN 72, the Org’s virtual annual general meeting this week, Göran Marby highlighted recent moves by Russia in the UN-backed International Telecommunications Union as a “threat” to ICANN’s existence and the current internet governance status quo in general.

Speaking at a constituency meeting on Monday, Marby said:

We see a threat to the multistakeholder model and ICANN’s role in the Internet ecosystem. And anyone in this call are well aware about this threat: Russia in their attempt to be the next secretary-general of the ITU. Their platform is about having a government running not only ICANN but also the RIRs, the IETF and the root server system.

Marby is referring to two things here: Russia’s month-old policy document calling for the exploration of ways to centralize control over many of the internet’s functions under governments, and its attempt to have one of its former ministers installed as the next head of the ITU at next year’s election.

Secretary-general Houlin Zhao’s second and last four-year term is up next year, and Russia is aggressively promoting its own Rashid Ismailov as his successor. American ITU lifer Doreen Bogdan-Martin is considered the main competition and equally aggressively promoted by the US government.

Marby’s clearly concerned that a Russian secretary-general would give more weight to Russia’s current position on internet governance, which is very much about reducing US influence, doing away with ICANN, and bringing internet infrastructure under intergovernmental control.

At a separate session on Tuesday, Marby referred to this state of affairs as a “threat against the interoperability of the internet, not only ICANN as an institution”.

Such threats from the ITU are certainly nothing new — I’ve been reporting on them for almost as long as I’ve been covering ICANN — but Marby seems to think it’s different this time. He said during the ICANN 72 session:

Some of you would say: oh, we heard that before. But this time I would say it’s a little bit different because I think that some of the positions we see there are more mainstream than they were only five years ago.

Russian-born cybersecurity policy expert Tatiana Tropina concurred, calling Marby’s concerns “very valid” and telling the same ICANN session:

The points Russia makes at the ITU are scary because they can speak to many governments. They are quite moderate — or, rather, midstream — now, but they do refer to issues of power and control.

Russia’s positions were spelled out in a recent ITU policy document, a “risk analysis of the existing internet governance and operational model”.

According to Russia, ICANN poses a risk because it’s based in the US and therefore subject to the US judicial and legislative systems, as well as the Office of Foreign Assets Control, which restricts American companies’ ability to deal with organizations or states deemed to support “terrorism” and is unpopular in the Middle East:

Critical infrastructure operators/ organizations (ICANN, PTI, RIRs, etc.) may be forced to comply with sanctions of a national administration under which jurisdiction they are located. A number of operational organizations performing supranational functions in the Internet governance are registered in the USA, and they must comply with all laws, rules and regulations of the US judicial authorities as well as of the Office of Foreign Assets Control (OFAC)

It also thinks there’s a risk of the current model favoring big business over the public interest, harming “the preservation of national and cultural heritage, identity of the territory and language”, and it points to ICANN’s decision to award the .amazon gTLD to Amazon over the objections of the eight governments of the Amazonia region.

It’s also worried about the hypothetical ability of ICANN to disconnect ccTLDs from the rest of the world, due to its influence over the DNS root server system, perhaps at the demand or request of the US government.

You can download the Russian document, which covers a broader range of issues, from here as a Word file, but be warned: if you’re not using Microsoft software you may not be able to open it. Because interoperability, yeah?

Big dose of reality for gTLD-hungry dot-brand applicants

Anyone tuning into yesterday’s Brand Registry Group session at ICANN 72 expecting good news about new gTLDs was in for a reality check, with a generally gloomy outlook on display.

BRG members expressed frustration that ICANN continues to drag its feet on the next application round, failing to provide anywhere near the degree of certainty applicants in large organizations need.

Meanwhile, a former ICANN director clashed with GoDaddy’s chief new gTLD evangelist on whether the 2012 round could be considered a success and whether there really is a lot of demand for the next round.

The BRG has arguably been the most vocal group in the community when it comes for calling for ICANN to stop messing around and approve the next round already, so members are naturally not enthused about the recent approval of an Operational Design Phase, a new layer of bureaucracy expected to add at least 13 months to the next-round runway.

Deborah Atta-Fynn, a VP at current and prospective future dot-brand owner JP Morgan Chase, expressed frustration with ICANN’s inability to put a date on the next round, or even confirm it will be approved, saying that it’s tough to get departmental buy-in for a project with undefined timing and which may never even happen.

Would-be dot-brands “need that clarity, and they need that definitive timeline” she said.

“In the same way that ICANN has to ramp up, we need to ramp up,” she said. “We have to get internal stakeholders from legal and marketing and whatever other groups may be involved to buy into it. They need to see the value, they need to see the use cases.”

“That open-endedness of the timeline makes it very difficult for us to get that stakeholder buy-in that we need. It makes it difficult for us to do any definitive planning,” she said.

Nigel Hickson, now the UK’s Governmental Advisory Committee representative and a civil servant but a senior ICANN staffer at the time of the 2012 round, concurred with the need for firmer timeline.

“It’s very difficult to tell ministers that something is going to happen, and then it doesn’t happen for a couple of years, because basically they lose interest,” he said. “Having some predictability in this process is very important.”

But probably the most compelling interventions during yesterday’s session came from former ICANN director Mike Silber, a new gTLD skeptic who abstained from the 2011 vote approving the program, and new gTLD evangelist Tony Kirsch, now with GoDaddy Registry after years with Neustar.

Silber had some stern words for ICANN of 2011, and for the two CEOs preceding Goran Marby, and indicated that he was an admirer of the policy work done by the New gTLD Subsequent Procedures working group (SubPro) and a supporter of a thorough ODP.

Silber started by taking a pop at former ICANN directors and staffers who he said pushed the program through “for their own personal benefit or ego boost or whatever”, then left the Org to let others “clean up the mess they created by rushing”. He didn’t name them, but I can think of at least three people he might have been talking about, including ICANN’s then-chair and then-CEO.

“This time it doesn’t look like a rush,” he said.

He went on to say that he expects the next application round to be a different animal to 2012, with less speculation and a more realistic approach to what new gTLDs can achieve.

“If you look at the number of applications and look at the number of TLDs actually launched and the number of TLDs that have actually been successful, I think that he hype that existed in 2012 is not there any longer,” he said.

“I think people are going to look long and hard before submitting an application,” Silber said. “These weird and wonderful applications for these weird and wonderful TLDs, by people who thought they would make a fortune, are vaporware.”

“I think applicants now are more serious, and I think there’s going to be a lot less speculation,” he said.

This hype-reduction takes the pressure of ICANN to quickly approve the next round, he said.

Counterpoint was provided by GoDaddy’s Kirsch, a long-time cheerleader for new gTLDs and in particular dot-brands. He’s not a fan of the ODP and the delay it represents.

Kirsch said that new gTLD advocates are reflecting the fact that there’s demand for both top-level and second-level domains out there.

“If there is no customer base, if there is no demand, then there is no revenue base,” he said.

He pointed to data showing that, while there are only 26 million new gTLD domains registered today, there have been 136 million registered over the lifetime of the 2012 round to date (about seven years).

While agreeing that the next round might see less wild top-level speculation, and that the industry has “matured”, Kirsch suggested there might actually be more applications for generic dictionary TLDs next time, but with a better understanding of the marketing commitment needed to make them succeed.

“I’m working with people right now who are doing that with a far greater business plan underneath it, and an understanding that if they don’t have that they won’t succeed with a generic term in the new world,” he said.

Silber dismissed the 136 million number as “indicative of speculation”, which Kirsch did not try very hard to dispute, and expressed skepticism about the level of demand at the top level.

“I find it quite amusing that people say there’s real demand, but then they need a target date to actually drive demand and it makes me worry that maybe the demand’s not quite as real as they think it is,” he said.

Atta-Fynn, Kirsch and session chair Martin Sutton challenged this.

“I think that the the idea that we need to target date to drive demand is incorrect,” Kirsch said. “I think we need a target date to convert interest into demand.”

“It is incumbent on ICANN to make sure that it provides a robust and visible plan for applicants to buy into this, because I think everyone’s watching and we’ve had enough time. It’s time to turn this into a into a real program that that benefits all internet users around the world,” he said.

UDRP respondent has name hidden on mental health grounds

An accused cybersquatter has had his or her name redacted from the UDRP record on mental health grounds in what appears to be an unprecedented decision.

The case of Securian Financial Group v [redacted] resulted in the transfer of securian.contact to the complainant, but the ADR Forum panelist did not make a determination on the merits.

Rather, the registrant had asked for the domain to be transferred free of charge and for their personal details to be kept out of the public record, telling the panelist:

I have a documented mental health history. I want to request ICANN and/or the complainant to at least redact my personal information from this case on medical grounds… I do not want to submit or reveal my medical documents to anyone, but if required by ICANN, I will do so.

The registrant said that the case had proved “mentally impactful” and that they did not want their name appearing in search results as it could affect their job and university applications.

The panelist found UDRP precedent of personal information being redacted in cases of identity theft and applied it to these apparently novel circumstances.

Because the respondent offered to freely give up the domain, the panelist did not decide on what would presumably have been a fairly cut-and-dried case.

Guy fills exact-match domain with porn, wins UDRP anyway

A Chinese registrant has managed to survive a UDRP over an exact-match domain name, despite not responding to the complaint and filling the associated web site with porn.

An ADR Forum panelist yesterday ruled the registrant could keep the domain boltonmenk.com (NSFW) despite Bolton & Menk, a Minnesota engineering firm that says it was founded in 1949, claiming infringement of common-law trademark.

Bolton & Menk has used the hyphenated version, bolton-menk.com, since 1996.

The non-hyphenated version at issue in this case has been in the hands of third-party registrants for at least 15 years, with at least 13 drops, according to DomainTools.

It seems to have been mostly parked with regular, inoffensive ads, and it was presumably only the recent addition of hard-core pornography that caught the complainant’s attention.

But the UDPR panelist ruled that Bolton & Menk, which has only a pending US trademark application, had failed to provide enough evidence that its brand also operates as a common-law trademark.

The complaint was therefore dismissed for the complainant’s lack of rights without even considering the registrant’s bad faith or legitimate interests.

It looks like a case of the bad guy getting away with it due to a less-than-comprehensive complaint.

Surprise eleventh-hour picks for NomCom leadership after ICANN U-turn

ICANN has named the new chair of its influential Nominating Committee, and it’s not who you might have expected.

The Org last night said Michael Graham will chair NomCom for the 2022 cycle, with Damon Ashcraft taking the chair-elect role.

The news came weeks later than expected — live during an online Prep Week session of ICANN 72 last night in fact — and followed a secretive ICANN vote that saw the board of directors U-turn on its initial selection.

ICANN said that 2021 chair-elect Tracy Hackshaw — who under ICANN convention was the heir apparent for the chair, replacing Ole Jacobsen — had “withdrew his candidacy for 2022 NomCom Chair due to a new professional role he has taken”.

No additional information on the withdrawal, which came as a surprise even to NomCom insiders, was made available. Hackshaw has not responded to an October 5 request for comment and does not appear to have addressed his withdrawal in public.

It’s the second time in recent years a chair-elect has not gone on to take the chair. In 2015, Ron Andruff was snubbed after poor peer-evaluation results. Hackshaw, however, appears to have scored more respectably in his review.

While the leadership picks were not revealed until the 11th hour, it seems ICANN actually made its choice in secret two weeks ago.

In a September 30 vote, the board selected Graham and Ashcraft.

But that resolution actually overrode and replaced a September 12 resolution, which was never published, appointing Hackshaw as NomCom chair. The September 30 resolution states:

Whereas, prior to publishing the Approved Resolutions of the 12 September 2021 Board meeting, the Board became aware of new information that is relevant to the evaluation of candidates.

Whereas, taking into account this new information, the BGC has recommended that the Board rescind its previous resolution and approve Michael Graham be appointed as the 2022 NomCom Chair and J. Damon Ashcraft be appointed as the 2022 NomCom Chair-Elect

That resolution was redacted in its entirety until last night. For some reason ICANN found it necessary to keep its NomCom picks secret until the very last moment.

The 2022 NomCom has the responsibility of picking three ICANN directors, one member of the Public Technical Identifiers board, two ALAC reps, and one member each of the ccNSO Council and GNSO Council.

Both chair and chair-elect are IP lawyers. New chair Graham is travel company Expedia’s top IP guy, and Ashcraft is a partner at the law firm Snell & Wilmer. It’s Ashcraft’s second go at the job in recent years, having chaired the 2019 committee.

Due to the leadership kerfuffle, the NomCom is starting its work on this cycle slightly later than usual.

Man with broken shift key sues ICANN and GoDaddy over Bitcoin domain

Sometimes I wonder if all they teach you at American law schools is how to correctly use upper-case letters.

A Georgia man who lost a cybersquatting case with Sotheby’s, concerning his registration of sothebysauctionbitcoin.com, has taken the auction house, along with ICANN, GoDaddy, and ADR Forum to court.

Harris’ case is filed pro se, which is Latin for “he doesn’t have a lawyer, his complaint makes no sense, and the case is going to get thrown out of court”.

He claims a UDRP decision that went against him recently was incorrect, that ADR Forum is corrupt and biased, and that the UDRP itself is flawed.

The domain was registered with GoDaddy, and ADR Forum was the UDRP provider.

He wants his domain back, along with root-and-branch reform of the UDRP and “self-regulating lumbering Monopolistic Behemoth” ICANN, which is apparently still working under the auspices of the US Department of Commerce.

Here’s a flavor of the filing (pdf), which was filed in a Georgia District Court yesterday:

We are ASKING THE Court to find the UDRP (Uniform Dispute Resolution Procedure) #FA2108001961598 (Sotheby’s and SPTC v Harris) Arbitration process and resulting ruling was Fatally Flawed; whereas ICANN failed to properly parse the “Provider” and we believe allowed Sotheby’s Counsel of Record in those proceeding to have specifically chosen ADR Form ADR FORUM whose history is tainted by a Consent Decree in their previous corporate iteration as an arbitration Provider for bad behavior and is also known to be a pro Claimant Provider.

In the version published to PACER, the complaint ends abruptly mid-sentence and seems to have one or more pages missing.

The decision in the original UDRP case is equally enlightening. Harris apparently sent nine responses to the complaint, many of which seemed to argue that Sotheby’s should have made an offer for the domain instead of “intimidating and bullying” him.

Harris apparently argued that the registration was a “legitimate investment”, thereby conferring rights to the domain.

Sole panelist Neil Anthony Brown seems to have taken pity on Harris, who had declared that Sotheby’s citation of previous UDRP cases was “irrelevant”, by deciding the case (against him, of course) without direct reference to prior precedent.

It was basically a slam-dunk decision, as I expect this lawsuit will also be.