As ICANN meets to decide .org’s fate, California AG says billion-dollar deal must be rejected

California Attorney General Xavier Becerra has urged ICANN to deny approval of Ethos Capital’s $1.13 billion acquisition of .org manager Public Interest Registry.

The call came in a letter (pdf) dated yesterday, just a day before ICANN’s board of directors was scheduled to meet to discuss the deal.

Becerra, who started looking into the deal in late January, wrote, right out of the gate:

I urge ICANN to reject the transfer of control over the .ORG registry to Ethos Capital. The proposed transfer raises serious concerns that cannot be overlooked.

Chief among his concerns is the fact that ICANN originally granted PIR the right to run .org largely because it was a non-profit with a committment to serve non-profits. He wrote:

If, as proposed, Ethos Capital is permitted to purchase PIR, it will no longer have the unique characteristics that ICANN valued at the time that it selected PIR as the nonprofit to be responsible for the .ORG registry. In effect, what is at stake is the transfer of the world’s second largest registry to a for-profit private equity firm that, by design, exists to profit from millions of nonprofit and non-commercial organizations

He’s also bothered about the lack of transparency about who Ethos is and what its plans are. The proposed new owners of PIR are hidden behind a complex hierarchy of dummy LLCs, and Ethos has so far refused to name its money men or to specify what additional services it might offer to boost its revenue.

Becerra also doesn’t buy the business plan, which would see PIR required to pay off a $300 million loan and, as a newly converted for-profit entity, start paying taxes.

He’s particularly scathing about the fact that ICANN approved the removal of PIR’s price caps last year despite receiving over 3,000 public comments opposing the changes and only half a dozen in favor.

“There is mounting concern that ICANN is no longer responsive to the needs of its stakeholders,” he writes.

Despite saying he “will take whatever action necessary to protect Californians and the nonprofit community”, Becerra does not specify what remedies are available to him.

But it looks like ICANN faces the risk of legal action no matter which way its board of directors votes (or voted) today.

Its current deadline to make a decision is April 20.

Whois privacy talks in Bizarro World as governments and trademark owners urge coronavirus delay

Coronavirus may have claimed another victim at ICANN — closure on talks designed to reopen private Whois data to the likes of law enforcement and trademark owners.

In a remarkable U-turn, the Governmental Advisory Committee, which has lit a series a fires under ICANN’s feet on this issue for over a year, late last week urged that the so-called Expedited Policy Development Process on Whois should not wrap up its work in June as currently planned.

This would mean that access to Whois data, rendered largely redacted worldwide since May 2018 due to the GDPR regulation in Europe, won’t be restored to those who want it as quickly as they’ve consistently said that they want it.

Surprisingly (or perhaps not), pro-access groups including the Intellectual Property Constituency and Business Constituency sided with the GAC’s request.

In an email to the EPDP working group’s mailing list on Thursday, GAC chair Manal Ismail indicated that governments simply don’t have the capacity to deal with the issue due to the coronavirus pandemic:

In light of the COVID-19 pandemic, and its drastic consequences on governments, organizations, private sector and individuals worldwide, I would like to express our serious concerns, as GAC leaders, that maintaining the current pace of work towards completion of Phase 2 by mid-June could jeopardize the delivery, efficacy and legitimacy of the EPDP’s policy recommendations.

While recognizing that the GAC has continually advised for swiftly completing policy development and implementing agreed policy on this critical public policy matter, we believe that given the current global health emergency, which puts many in the EPDP and the community under unprecedented stress (for example governments has been called to heightened duties for the continuity of essential public services), pressing important deliberations and decisions in such a short time frame on already strained participants would mean unacceptably sacrificing the product for the timeline.

We understand there are budget and human resources considerations involved in the completion of Phase 2 of the EPDP. However, we are all living through a global health pandemic, so we call on the EPDP Team to seriously reassess its course and expectations (be it on the duration of its calls, the turn-around time of reviews, its ultimate timeline and budget) emulating what numerous governments, global organizations, and households are doing to adapt during these challenging times across the world.

In April last year, before the EPDP group had even formally started its current phase of talks, Ismail wrote to ICANN to say the GAC expected the discussions to be more or less wrapped up by last November and that the new policy be implemented by this April.

Proponents of the access model such as Facebook have taken to suing registrars for not handing over Whois data in recent months, impressing the need for the issue to be urgently resolved.

So to now request a delay beyond June is a pretty big U-turn.

While Ismail later retracted her request for delay last Thursday, it was nevertheless discussed by the working group that same day, where the IPC, the BC and the ALAC all expressed support for the GAC’s position.

The registrars and registries, the non-commercial users and the ISPs were not supportive.

Delay might be tricky. For starters, hard-sought neutral working group chair Janis Karklins, has said he can’t continue working on the project beyond June 30, and the group has not secured ICANN funding for any further extensions to its work.

It will be up to the GNSO Council to decide whether to grant the extension, and the ICANN board to decide on funding.

The working group decided on Thursday to ask the Council for guidance on how to proceed.

What’s worrying about the request, or at least the IPC and BC’s support of it, is that coronavirus may just be being deployed as an excuse to extend talks because the IP owners don’t like the proposal currently on the table.

“The reality is we’re looking at a result that is… just not going to be sufficient from our perspective,” MPAA lawyer Frank Journoud, an IPC rep on the working group, said on its Thursday call. “We don’t want the perfect to be the enemy of the good, but right now we’re not even going to get to good.”

The current state of play with the working group is that it published its initial report (pdf) for public comment in February.

The group is recommending something called SSAD, for Standardized System for Access and Disclosure, in which a central gateway provider, possibly ICANN itself, would be responsible for granting Whois access credentials and fielding requests to the relevant registries and registries.

The almost 70 comments submitted before the March 23 deadline have been published in an unreadable, eye-fucking Google spreadsheet upon which transparency-loving ICANN may as well have hung a “Beware of the Leopard” sign. The staff summary of the comments is currently nine days late.

Kuala Lumpur meeting cancelled and ICANN 68 could be even trickier online

ICANN has as expected cancelled its in-person ICANN 68 meeting, which had been due to take place in Kuala Lumpur in June, due to the coronavirus pandemic.

The decision, which was never really in any doubt, was taken by its board of directors yesterday. The board considered:

Globally, a high number of people are under some form of a “stay at home” or lock-down order, directed to avoid contact with others except to receive essential services such as medical care or to purchase supplies. Schools and offices are closed, gatherings are prohibited, and international travel is largely on pause. We do not know when travel or in-person meetings will be authorized or possible. As it relates to Kuala Lumpur, Malaysia has a Movement Control Order in force at least until 14 April 2020 that prohibits meetings such as ICANN68. The duration of the Movement Control Order has already been extended once.

It appears that the four-day meeting, which will instead go ahead virtually (presumably on the Zoom conferencing service) might be even more disjointed than ICANN 67.

ICANN 67, which took place online in March, did have a centralized component — a bunch of ICANN staffers on location at its headquarters in Los Angeles — but that may not be possible this time around.

The board said that “due to current social distancing requirements, ICANN org is unable to execute a virtual meeting from a single location, and that a decentralized execution model might necessitate changes to the format.”

It added that there is support for “a flexible, modified virtual meeting format that focuses on cross-community dialogues on key policy topics, supplemented by a program of topical webinars and regular online working meetings scheduled around the key sessions.”

While there has been a lot of criticism of the Zoom platform in recent weeks due to security and privacy concerns, ICANN indicated this week that it’s not particularly concerned and will carry on using the service.

ICANN to consider cancelling ICANN 68 tomorrow

ICANN is to consider whether to cancel its in-person ICANN 68 gathering at a meeting of its board of directors tomorrow.

The agenda for its meeting tomorrow has one line item: “Impact of COVID-19 on ICANN68”.

The four-day Policy Forum is currently scheduled to take place from June 22 in Kuala Lumpur, Malaysia.

I think the chances of this event going ahead in the midst of the coronavirus pandemic are zero point zero.

March’s ICANN 67 meeting was replaced with a series of virtual Zoom rooms on February 19, when cases of Covid-19 had been reported in just 26 countries and it was still widely thought of as a Chinese problem.

According to today’s data from the European Centre For Disease Prevention and Control, coronavirus cases have been reported in 204 countries and territories. That’s pretty much all of them.

Even if some currently hard-hit countries in North America and Europe are over the hump by June, you can guarantee that somewhere in the world there’ll be a horrific Biblical epidemic going on. I can’t see ICANN taking the risk of opening its doors to the world at a time like that.

Frankly, I think ICANN 69, the annual general meeting slated for Hamburg in October, has a big question mark hanging over it as well.

Germany may have been handling its crisis relatively well compared to other nations, but ICANN has participants from 150 countries and it may well have to make its call based not on the strongest national response but the weakest.

ICANN expects “significant” budget impact from coronavirus

The ongoing coronavirus pandemic is expected to have a “significant” impact on ICANN’s budget, according to an update from the organization.

The organization published its expectations of a $140.4 million budget for the fiscal year that begins this July last December, and opened it up for public comments.

In its summary of those comments (pdf), which had a February 25 deadline and therefore were not focused on the pandemic’s potential impact, ICANN said:

the COVID-19 pandemic is affecting significantly the entire world. ICANN expects that its activities and financial position will be significantly impacted as well. The ICANN org is working with the Board to assess and monitor the potential impact to ICANN’s funding, and planned work such as face-to-face meetings, travel, etc.

Any pandemic-related changes to the budget will be published prior to board approval, ICANN said.

So where is ICANN expecting the impact? It’s not entirely clear. I would expect to see some minor gains from slashing its travel budget in the wake of social distance rules, but it’s less obvious where a “significant” shortfall could occur.

ICANN had operational revenue — the money it gets from billing registries and registrars — of $136.8 million in the fiscal year ending June 30, 2019, its most recently reported year (pdf).

Of that total, roughly $56 million came from the market leaders in both segments, Verisign and GoDaddy, both of which have been given glowing analyst coverage since the outbreak began.

One commentator recently wrote that Verisign is “immune” from coronavirus and GoDaddy’s CFO told analysts just last week that he expects the impact of coronavirus to be “minimal” in the first quarter. That could of course change in future.

Almost half of ICANN’s revenue, some $65.7 million, comes from the top 10 registries and registrars.

So is ICANN expecting to see weakness in the long tail, the few thousand accredited registrars and gTLD registries that account for under $1 million in ICANN contributions per year? Is it expecting reduced voluntary contributions from the ccTLDs and Regional Internet Registries?

Will coronavirus cause huge numbers of small businesses to abandon their domains as they go out of business? Will it inspire large numbers of the recently unemployed and quarantined to start up web-based businesses in an attempt to put food on the table? Will it cause large portfolio owners to downsize to save costs?

All of these outcomes seem possible, but these are unprecedented times, and I couldn’t being to guess how it will play out.

ICANN’s number two Cyrus Namazi quits. Probably due to sexual discrimination claims.

The head of ICANN’s Global Domains Division, Cyrus Namazi — arguably ICANN’s number-two exec — has resigned from the organization, according to multiple sources. I believe it’s related to allegations of sexual discrimination.

ICANN staffers were told this evening that he’s resigned “effective immediately” and that a public announcement will follow.

Long-time ICANN staffer Theresa Swinehart, currently senior VP of multistakeholder strategy and strategic initiatives, will run GDD while a replacement is sought.

While I don’t expect ICANN to announce the reasons for Namazi’s departure, I believe it’s related to allegations of sexual indiscretions.

I’ve been aware for a few months of allegations against Namazi for sexual discrimination and/or sexual harassment, but I’ve been unable to get sufficient on-the-record information to run a story.

What I do know, from digging around on court web sites, is that ICANN was sued about a year ago by a former staffer called Jennifer Gore for alleged disability and gender discrimination, allegedly carried out by Namazi.

Gore’s complaint can be read here (pdf). ICANN’s response can be read here (pdf).

I’ve also been made aware of a few other female ICANN staffers who have quit allegedly due to Namazi’s behavior.

And I gather he’s been on-leave recently. Anyone who was at ICANN 67 will have noted his absence.

I’ve not heard of any allegations that could be described as remotely criminal. We’re just talking about allegations of inappropriate comments and actions at work.

I have absolutely no idea how many of the allegations, if any, are true. None. I just know that there are a lot of them.

I do know that ICANN’s PR team have been banned from talking to me for the last few weeks, since I learned about these allegations — by senior VP of global communications Sally Newell Cohen — because I talked offensive smack about Namazi to him and to another senior staffer on social media messaging channels.

ALL .za domains have to link to government coronavirus web site

The South African government has decreed that every web site using a .za domain name must now carry a link to an official government coronavirus advice site.

The regulation (pdf), which largely focuses on other types of teleconmmunications services, came into effect last Thursday. It states:

Internet sites operating within .zaDNA top level domain name must have a landing page with a visible link to www.sacoronavirus.co.za

The rule applies to every site, not just those purveying health news.

ZADNA’s front page currently features this clickable graphic, slightly below the fold.

ZADNA is the registry for .za, but also the city gTLDs .joburg and .capetown. The wording of the regulation suggests that these two gTLDs are also covered by the rule, but official government communications make no mention of either.

The rules also require fake coronavirus news to be blocked, but that’s on the ISPs to implement.

You may notice that the government’s domain is SAcoronavirus.co.za. This appears to be because coronavirus.co.za currently belongs to a domainer. That bare-bones site has a non-clickable link to the government site, and also an offer to sell the domain.

An open question to the domain name industry about coronavirus

“Don’t worry. We’ve done this before.”
That was pretty much the first sentence out of my grandmother’s mouth when I called to wish her a happy Mother’s Day.
She was talking about World War II and the immediate post-war years. She’s 94, so she saw both.
She’s no Uncle Albert. I don’t think I’ve ever heard her talk about “The War” before. Not once. But when her grandson called her for the first time in embarrassing months, that was where her mind went straight away.
They couldn’t get oranges, for years, back then. If you were diabetic, you couldn’t get sugar, but they gave you extra butter instead. She developed an aversion to canned pineapple chunks that persists to this day. She still has her ration book, a souvenir of trying times, squirreled away somewhere.
She was in generally good spirits. She knows that Covid-19, if it gets through the front door of her granny flat, will very likely be the end of her. Her mind is fully intact, but her body is all kinds of fucked up. But she and the family members who bring her food are taking the proper precautions. And, she said, she’s been self-isolating since November anyway. What’s another 12 weeks?
The WWII comparison was not at all surprising to hear, of course. A lot of us have been thinking similar things. The media is currently resplendent with uplifting examples of what we Brits refer to as the “Blitz spirit” — unity and stoicism in the face of overwhelming adversity.
There are significant differences, of course.
The enemy now is not an identifiable political faction with a skull on its cap, but a remorseless, invisible beastie. The Allies are not a collection of like-minded liberal nations, but literally the entire human species.
The baddies don’t want to shoot you. They want to infiltrate your nasal cavity and make you accidentally kill your parents with a hug. You kill them with soap.
Back then, we required young men to travel overseas to kill and potentially die to serve the greater good. We asked the women they left behind to take to the factory floors and work traditionally male jobs. Now, all we ask of them is that they don’t go down the pub on a Saturday night, and apparently sometimes even that’s too big of an ask.
Society is asking me to work from home during the day and do nothing more than watch TV and play Xbox in the evenings. Fine. I can do that. I was doing that anyway. This, apparently, is how my generation gets to save lives.
It doesn’t feel like much of a sacrifice.
Worldwide, people are sitting alone at home, twiddling their thumbs, watching slightly-less-than-hi-def Netflix, and wondering how they can do more to make a positive difference in this civilizational battle.
In the domain industry, we’ve recently seen the Internet Commerce Association attempt to help out people who are financially struggling due to coronavirus with its #DomainAssist Twitter campaign.
I’m not sure how effective it’s going to be, but ICA members have money, are trying to make a difference, and I’m certainly not going to knock them for it.
But there is one battle that the domain industry is uniquely positioned, and maybe even obligated, to fight.
That’s the fight against misinformation.
The World Health Organization started alerting the world to the Covid-19 “infodemic” in early February.
“We’re not just fighting an epidemic; we’re fighting an infodemic,” WHO director-general Tedros Adhanom said at the Munich Security Conference February 15. “Fake news spreads faster and more easily than this virus, and is just as dangerous.”
Hear that? The world’s top doc says that misinformation is just as dangerous as something that could kill your grandmother.
Just as crime flourished in London during the Blitz, 21st century fraudsters have been quick to take advantage of the coronavirus panic.
The fake news ranges from the harmlessly satirical — a quarantined Tom Hanks being supplied with a volleyball for company — to the life-threatening — tales of how ingesting silver, taking cocaine or drinking bleach can protect your from the virus.
In India, fake news is persuading people to drink cow piss.
Some of these scammers are just conspiracy theorists raging against the Big Pharma machine. Others are actively trying to make money hawking bogus and dangerous fake vaccines and cures. In the era of pandemic, they’re just as bad as each other.
It’s serious stuff. An infected person who thinks they’ve ingested the magic cure is less likely to take the proper precautions and more likely to transmit the virus to others, who will transmit it to others, who will transmit it to others… and then a bunch of people die.
So far, the WHO and other health authorities have rightly been focused largely on the social media platforms where the majority of this bogosity spreads.
The likes of Facebook, Twitter and Google have made changes to their usage policies or content-promotion algorithms in response to the crisis.
Twitter has banned tweets that go against the official guidance on reducing the spread of the virus. Facebook is promoting authoritative news sources and fact-checking misinformation. Google searches for coronavirus return curated, science-based info embedded in the results page, and banned coronavirus-related advertising. YouTube is taking down videos peddling dangerous misinformation.
The social media side of the technology industry certainly seems to be backtracking on its usual “we just a neutral platform” stance.
But it’s not just happening on social media. Many of these posts lead to web sites that are harmful. Some are simple frauds and phishing attacks. Others promote fake cures or urge readers to ignore the official science-based advice.
These web sites use domain names. Thousands have been registered in recent weeks.
NewsGuard has identified dozens of web sites that are promoting coronavirus misinformation. Fact-checking sites such as the AFP and Snopes have identified many more.
So here’s my open question, which I pose to every registry, registrar and reseller reading this:
If you are told about a domain name under your management that is publishing dangerous misinformation, will you take it down?
I’d like to think I know the answer to this question already, but I’m not sure I do.
Registries and registrars are notoriously reluctant to act on complaints about the contents of web sites. Many require a court order before taking action.
During peace time, worthy principles such as free speech, privacy, and legal due process all play a role in this kind of decision-making.
The latest version of the Framework to Address DNS Abuse lists four types of content that its dozens of domain-industry signatories “should” (as opposed to “must”) act on — child sex abuse material, illegal opioid sales, human trafficking, and credible incitements to violence.
The underlying principle leading to this list is “the physical and often irreversible threat to human life”.
I’m reminded of the ethical conundrum faced by EasyDNS and CEO Mark Jeftovic back in 2014, when the company changed its usage policies after a guy died due to fake pharma bought via a domain under its management.
“In one case we have people allegedly pirating Honey Boo Boo reruns and on the other we have people dying. We don’t know where exactly, but the line goes somewhere in between there,” Jeftovic wrote at the time.
I don’t wish to pick on EasyDNS or Jeftovic — changing one’s mind in the face of new evidence is an admirable trait — but I think his quote poses the question quite well.
There’s a line where free speech ends and incitement to virological violence begins.
Figuring out where that line is is something the domain name industry is going to have to get to grips with, fast.

More ICANN events cancelled for May

ICANN has cancelled its annual GDD Industry Summit and DNS Symposium, which had been scheduled to take place in Paris, France, in May.
“The decision to cancel these events was made in light of the rapidly evolving COVID-19 virus outbreak and, for the GDD Summit, included conversations with the Contracted Parties House,” ICANN said in a statement.
The two events had been due to take place back to back from May 3 to 6 and May 7 and 8, respectfully.
The GDD event is for commercial members of the domain name industry — registries and registrars — while the Symposium focuses on the technical side of the industry and had planned to focus on DNS security.
It appears that, unlike ICANN 67, neither is being replaced with a virtual meeting.

Delay .org deal because of… coronavirus? Gimme a break

Opponents of Public Interest Registry’s proposed acquisition by Ethos Capital are now claiming that ICANN should delay approval of the deal due to coronavirus.
A statement, released yesterday by digital rights group Access Now with the apparent approval of several other like-minded groups, outlines a few reasons why coronavirus means ICANN should reject, or at least delay its consideration of, the deal.
ICANN is currently working towards a March 20 deadline to deliver its verdict.
Peter Micek, general counsel for Access Now, said in the statement:

Far from routine, this transfer would further imperil crucial channels of trusted information in a precarious time. From Médecins Sans Frontières to Wikipedia to many of the world’s hospitals, organizations that disseminate accurate health information and connect affected communities with public resources depend on the .ORG domain. Now is not the time to shift the ground beneath their online activities.

Could a $0.97 increase in the cost of wikipedia.org this year see Wikipedia’s hive mind crumble and turn into the digital equivalent of Jenny McCarthy’s brain? Will it prompt MSF volunteers to retreat, screaming, from the front lines? I don’t think so.
The statement goes on to suggest that China would be able to use its substantial financial and political clout to lean on Ethos’ secretive backers to something something something coronavirus. Kenneth Roth, executive director of Human Rights Watch said:

The Chinese government routinely uses economic pressure to censor critics or inconvenient information, such as about its disastrous early cover-up of the coronavirus outbreak. Investors in the private equity firm that wants to buy the .ORG domain inevitably will have economic interests that Beijing could threaten.

While there may well be a nugget of truth in there, I fail to see how it applies to the current pandemic. Is the argument that China will pressure Ethos’ billionaire money men to close down domains belonging to organizations disseminating accurate Covid-19 information? It seems a stretch.
China already has substantial powers to shut down domains within its own borders, and requires registries operating in the country to comply with Draconian censorship rules. I’m not aware of any cases of these existing powers being exercised against domains globally.
A third argument is that ICANN is using coronavirus as a convenient smokescreen to quietly approve the acquisition while everyone else is busy ram-raiding corner stores for toilet paper.
Daniel Eriksson, head of technology at Transparency International, said in the statement:

If this transfer goes ahead during the current crisis as planned, we’ll look back on it as an example of vested interests taking advantage of the extraordinary situation created by the COVID-19 pandemic to further their own concerns at the expense of the broader good of society. We need to be vigilant against any such actions, and this is precisely the role of many civil society organizations that have a watchdog function. We need maximum transparency and integrity around the sale of .ORG, and that is simply not possible if the sale is rushed through at a moment when peoples’ attention is elsewhere.

Again, this seems like a stretch. The announcement of the acquisition predates the discovery of Covid-19 by weeks, and it has been subject to intense scrutiny, engagement, comment and unprecedented — albeit imperfect — levels of transparency ever since. This is an acquisition being negotiated to a large extent in the public square.
I’ll be generous and suggest a fourth explanation: this is probably just a poor-taste (but, let’s face it, successful) attempt to grab headlines by linking the #SaveDotOrg campaign, however thinly, to the pandemic currently occupying the world’s collective conscious.
There are plenty of good arguments that could be — and are being — made in favor of further delay and scrutiny of the deal, but I don’t think coronavirus is one of them.