Recent Posts
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
Australia considers dumping the .com.
Australian domain overseer auDA is thinking about allowing people to register .au domains directly at the second level for the first time.
The organization has opened up a consultation that would allow registrations such as example.au, rather than just the current system of example.com.au, example.org.au and so on.
The move follows the successful recent releases of 2LDs in the UK (.uk) and New Zealand (.nz) ccTLDs and can be seen as a bid to remain competitive in the face of the new gTLD program’s huge expansion of TLD choice.
A consultation paper (pdf) published today reads:
It is suggested that unprecedented competition from new gTLDs requires .au to be more responsive to global market forces. For .au to remain a strong and highly-regarded TLD we need not only to rely on its distinctive Australian identity and good reputation, but continue to innovate in order to counter the likely impact of hundreds of new gTLDs flooding the market. Whilst .au is currently very popular with Australian users, there is potential for new gTLDs to erode the brand equity in .au.
Currently, .au has over a dozen different second-level options, but about 85% of registrations are in .com.au. The TLD has just shy of three million names today.
Complicating matters slightly, the different 2LDs have different registration policies, so auDA would need to figure out a way to harmonize them for direct registrations.
auDA speculates that direct registrations may increase the adoption of .au domain names by individuals not currently able to obtain .com.au names but unaware of the individual-focused .id.au (it exists, apparently), thereby growing the .au name space.
It also worries that many second-level direct registrations may turn out to be defensives, registered by the registrants of the matching .com.au names.
The consultation is open for comments until June 1.
Does Chehade agree with Donuts on .doctor?
Should governments have the right to force business-limiting restrictions on new gTLD operators, even though they don’t have the same rules in their own ccTLDs?
ICANN CEO Fadi Chehade evidently believes the answer to that question is “No”, but it’s what ICANN is controversially imposing on Donuts and two other .doctor applicants anyway.
Donuts recently filed a Request for Reconsideration appeal with ICANN over its decision to make the .doctor gTLD restricted to medical professionals only.
It was an unprecedented “Public Interest Commitment” demanded by ICANN staff in order to keep the Governmental Advisory Committee happy.
The GAC has been asking for almost two years for so-called “Category 1” gTLD strings — which could be seen to represent highly regulated sectors such as law or medicine — to see a commensurate amount of regulation from ICANN.
Governments wanted, for example, registrants to show professional credentials before being able to register a name.
In the vast majority of instances, ICANN creatively reinterpreted this advice to require registrants to merely assert that they possess such credentials.
These rules were put in registries’ contracts via PICs.
But for some reason in February the organization told Donuts that .doctor domains must be “ascribed exclusively to legitimate medical practitioners.”
According to Donuts, this came out of the blue, is completely unnecessary, an example of ICANN staff making up policy on the spot.
Donuts wants to be able to to sell .doctor names to doctors of any discipline, not just medical doctors. It also wants people to be able to use the names creatively, such as “computer.doctor” or “skateboard.doctor”.
What makes ICANN’s decision especially confusing is that CEO Fadi Chehade had the previous day passionately leaped to the defense of new gTLD registries in their fight against unnecessary GAC-imposed red tape.
The following video, in which Chehade uses .dentist as an example of a string that should not be subject to even more oversight, was taken February 11 at a Q&A with the Domain Name Assocation.
The New gTLD Program Committee meeting that authorized ICANN staff to add the new PIC took place February 12, the very next day. Chehade did not attend.
It’s quite remarkable how in line with registries Chehade seems to be.
It cuts to the heart of what many believe is wrong with the GAC — that governments demand of ICANN policies that they haven’t even bothered to implement in their own countries, just because it’s much easier to lean on ICANN than to pass regulations at home.
Here’s the entire text of his answer. He’s describing conversations he’d had with GAC members earlier in the week.
They’re saying stop all the Category 1 TLDs. Stop them. Freeze them!
And we said: Why do we need to freeze them? What’s the issue?
They said: It’s going to harm consumers.
How will it harm consumers? We started having a debate.
It turns out that they’re worried that if somebody got fadi.casino or fadi.dentist, to pick one of Statton’s [Statton Hammock, VP at Rightside, who was present], that this person is not a dentist and will pluck your ear instead of your teeth. How do you make sure they’re a dentist?
So I asked the European Commission: How do you make sure dentist.eu is a dentist?
They said: We don’t. They just get it.
I said: Okay, so why do these guys [new gTLD registries] have to do anything different?
And they said: The new gTLD program should be better or a model…
I said: Come on guys, do not apply rules that you’re not using today to these new folks simply because it’s easy, because you can come and raise flags here at ICANN. Let’s be fair. How do you do it at EU?
“Well, if somebody reports that fadi.dentist.eu is not a dentist, we remove them.”
Statton said: We do the same thing. It’s in our PICs. If fadi.dentist is not, and somebody reports them…
They said: But we can’t call compliance.
You can call compliance. Anyone can call compliance. Call us and we’ll follow up. With Statton, with the registrar.
What we have here is Chehade making a passionate case for the domain name industry’s right to sell medical-themed domain names without undue regulation — using many of the same arguments that Donuts is using in its Reconsideration appeal — then failing to show up for a board meeting the next day when that specific issue was addressed.
It’s impossible to know whether the NGPC would have reached a different decision had Chehade been at the February 12 meeting, because no formal vote was taken.
Rather, the committee merely passed along its “sense” that ICANN staff should carrying on what it was doing with regards implementing GAC advice on Category 1 strings.
While Chehade is but one voice on the NGPC, as CEO he is in charge of the ICANN staff, so one would imagine the decision to add the unprecedented new PIC to the .doctor contract falls into his area of responsibility.
That makes it all the more baffling that Donuts, and the other .doctor new gTLD applicants, are faced with this unique demand to restrict their registrant base to one subset of potential customers.
Could you survive a .sucks UDRP?
If you register a .sucks domain matching a brand, could you survive a subsequent UDRP complaint? Opinion is mixed.
In my view, how UDRP treats .sucks registrants will be a crucial test of Vox Populi Registry’s business model.
Vox Populi Registry clearly envisages — and is actively encouraging with its policies — genuine critics, commentators and consumer advocates to register .sucks domains that match famous trademarks.
I really like this idea. Power to the people and all that.
But will UDRP panelists agree with me and Vox Pop? Cybersquatting case law under UDRP says, very firmly: “It depends.”
Statistics generally favor mark owners
To date, there have been exactly 100 resolved UDRP complaints against domains that end in “sucks.com”.
Of those, 47 cases ended up with a full transfer of the domain to the trademark owner. Only 30 resulted in a the complaint being denied.
Another 19 cases were withdrawn or terminated; the remainder were split decisions.
So it seems, based on historical “sucks” cases, that the odds favor trademark owners.
But each case is, theoretically at least, judged on its merits. So it does not necessarily hold that most .sucks UDRP complaints will be successful.
What does WIPO say?
The World Intellectual Property Association, which administers most UDRP cases, published a set of guidelines for its panelists.
Some guidelines specifically addresses “sucks” sites, but the advice is not always clear-cut.
There are three elements to UDRP. First, the complainant must show that the domain name in question is identical or confusingly similar to its trademark.
According to WIPO, it’s the “consensus view” of UDRP panelists that adding “sucks” to a trademark at the second level does NOT stop a domain being confusiningly similar. WIPO says:
Generally, a domain name consisting of a trademark and a negative or pejorative term (such as [trademark]sucks.com) would be considered confusingly similar to the complainant’s trademark for the purpose of satisfying the standing requirement under the first element of the UDRP (with the merits of such cases typically falling to be decided under subsequent elements). Panels have recognized that inclusion of a subsidiary word to the dominant feature of a mark at issue typically does not serve to obviate confusion for purposes of the UDRP’s first element threshold requirement, and/or that there may be a particular risk of confusion among Internet users whose first language is not the language of the domain name
Some panels have disagreed with this prevailing view, however.
It remains to be seen whether moving the string “sucks” to the right of the dot would affect the outcome, but it’s established UDRP case law that the dot in a domain can be pretty much ignored when testing for similarity.
The TLD a domain uses can be taken into account if it’s relevant or disregarded if it is not, according to precedent.
The second test under UDRP is whether the registrant of the domain has legitimate rights or interests.
Panelists disagree on this point. WIPO says:
The right to criticize does not necessarily extend to registering and using a domain name that is identical or confusingly similar to the complainant’s trademark. That is especially the case if the respondent is using the trademark alone as the domain name (i.e., [trademark.tld]) as that may be understood by Internet users as impersonating the trademark owner.
That view would seem to apply specifically to the use cases Vox Pop has in mind — the registry wants critics to own [trademark].sucks domains in order to criticize the trademark owner.
In the 2003 case of natwestbanksucks.com, the WIPO panel drew on earlier precedent to find that the registrant had no rights to the domain.
Respondents’ can very well achieve their objective of criticism by adopting a domain name that is not identical or substantially similar to Complainants’ marks. Given the free nature of the media which is the Internet and the chaotic spamming that has become epidemic, it does not appear that one can be at full liberty to use someone else’s trade name or trademark by simply claiming the right to exercise a right to freedom of expression”.
In other words: you may have a right to free speech on the internet, but you do not have the right to exercise it simply by adding “sucks” to a famous trademark.
But other UDRP panelists have disagreed. WIPO says that some panelists have found:
Irrespective of whether the domain name as such connotes criticism, the respondent has a legitimate interest in using the trademark as part of the domain name of a criticism site if such use is fair and noncommercial.
The third element of UDRP is bad faith. Complainants have to show that the registrant is up to something dodgy.
Some panelists have a pretty low threshold for what constitutes bad faith. Merely having the page parked — even if you did not park it yourself — can point to bad faith, especially in “sucks” cases.
WIPO says that “tarnishment” of a trademark — such as posting porn, which is banned under Vox Pop’s AUP anyway — can be bad faith, but legitimate criticism would not usually:
While it would not normally extend to the mere posting of information about a complainant, or to the posting of genuine, non-commercial criticism regarding the trademark holder, it may extend to commercially motivated criticism by (or likely on behalf of) a competitor of such trademark holder.
So, with all that in mind, here are some tips for improving your odds of surviving a .sucks UDRP.
How to beat a .sucks UDRP
Poring over dozens of “sucks.com” decisions, it quickly becomes clear that there are certain things you should definitely do and not do if you want to keep a hold of your brand-match .sucks domain.
Given the volume of precedent, you’ll have a hard time showing that your domain is not identical or confusingly similar to the trademark in question — strike one — but there are ways to show legitimate interests and rebut claims of bad faith.
1. Respond
To show you lack legitimate interests, the complainant only needs to make a face-value argument that you do not. Then the burden of proof to show rights switches to you.
If you don’t respond to the UDRP, the panel will find you lack rights. Panelists rarely try to fight the corner of a registrant who has not responded.
That’s strike two.
2. Don’t allow your domain to be parked
If a domain is parked, UDRP panelists in “sucks.com” cases invariably find that the registrant lacks legitimate interests and has shown bad faith.
Parking is considered a commercial activity, so you won’t be able to argue convincingly that you’re exercising your right to non-commercial free speech if your domain is splashed with links to the trademark owner’s competitors.
This holds true even if the domain was automatically parked by your registrar.
Dozens (hundreds?) of UDRP cases have been lost because Go Daddy parked the newly registered domain automatically, enabling the complainant to show commercial use.
Panelists are usually happy to overlook the lack of direct bad faith action by the registrant in such cases.
Parking will usually lead to strikes two and three.
In the case of .sucks, parking is actually banned by Vox Populi’s acceptable use policies (pdf).
But the registry will only enforce this policy if it receives a complaint. I don’t know if the Registry-Registrar Agreement, which isn’t public, prohibits registrars auto-parking new domains.
3. Develop a site as soon as possible
In some “sucks.com” cases, respondents have argued that they had intended to put up a criticism site, but could not provide evidence to back up the claims.
If you register a .sucks matching a trademark, you’ll want to put up some kind of site ASAP.
In the case of kohlersucks.com, the registrant had merely framed a Better Business Bureau web page, which was found to show non-commercial criticism use.
4. Don’t offer to sell the domain
It should go without saying that offering to sell the domain to the trademark owner shows bad faith; it looks like extortion.
Panelists regularly also find that registrants give up their legitimate rights to a domain as soon as they make it available to buy.
5. Don’t make any money whatsoever
The second you start making money from a domain that matches a trademark, you’re venturing into the territory of commercial use and are much more likely to fail the WIPO test of “genuine, non-commercial criticism”.
6. Be American
Depressingly, you stand a better chance of fighting off a UDRP on free speech grounds if both the case involves US-based parties and a US-based panelist.
Panelists are more likely to draw on the US Constitution’s First Amendment and associated non-UDRP case law when determining rights or legitimate interests, when the registrant is American.
Merely registering with a US-based registrar is not enough to confer First Amendment rights to a registrant living outside of the US, according to UDRP panels.
Even though freedom of speech is a right in most of the world, in the universe of UDRP it seems the rest of us are second-class citizens compared to the yanks.
ICANN wins .hotels/.hoteis confusion appeal but has to pay up anyway
The proposed new gTLDs .hotels and .hoteis are too confusingly similar to coexist on the internet.
That’s the result of an Independent Review Process decision this week, which denied .hotels applicant Booking.com’s demand to have ICANN’s string confusion decision overturned.
But the IRP panel, while handing ICANN a decisive victory, characterized the string confusion and IRP processes as flawed and said ICANN should have to pay half of the panel’s $163,000 costs.
Booking.com filed the IRP a year ago, after the new gTLD program’s String Similarity Panel said in February 2013 that .hotels was too similar to rival Despegar Online’s proposed .hoteis.
.hoteis is the Portuguese translation of .hotels. Neither string was contested, so both would have been delegated to the DNS root had it not been for the confusion decision.
In my view, the String Similarity Panel’s decision was pretty sound.
With an upper-case i, .hoteIs is virtually indistinguishable from .hotels in browsers’ default sans-serif fonts, potentially increasing the ease of phishing attacks.
But Booking.com, eager to avoid a potentially costly auction, disagrees with me and, after spending a year exhausting its other avenues of appeal, filed an IRP in March 2013.
The IRP decision was handed down on Tuesday, denying Booking.com’s appeal.
The company had appealed based not on the merits of the SSP decision, but on whether the ICANN board of directors had acted outside of its bylaws in establishing an “arbitrary” and opaque SSP process.
That’s because the IRP process as established in the ICANN bylaws does not allow appellants to changed a decision on the merits. IRP panels are limited to:
comparing contested actions of the Board to the Articles of Incorporation and Bylaws, and with declaring whether the Board has acted consistently with the provisions of those Articles of Incorporation and Bylaws.
The IRP panel agreed that the SSP process could have been fairer and more transparent, by perhaps allowing applicants to submit evidence to the panel and appeal its decisions, saying:
There is no question but that that process lacks certain elements of transparency and certain practices that are widely associated with requirements of fairness.
But the IRP panel said Booking.com was unable to show that the ICANN board acted outside of its bylaws, highlighting the limits of the IRP as an appeals process:
In launching this IRP, Booking.com no doubt realized that it faced an uphill battle. The very limited nature of the IRP proceedings is such that any IRP applicant will face significant obstacles in establishing that the ICANN Board acted inconsistently with ICANN’s Articles of Incorporation or Bylaws. In fact, Booking.com acknowledges those obstacles, albeit inconsistently and at times indirectly.
…
Booking.com has failed to overcome the very obstacles it recognizes exist.
The IRP panel quoted members of ICANN’s New gTLD Program Committee extensively, highlighting comments which questioned the fairness of the SSP process.
In contrast to usual practice, where the losing party in an IRP bears the costs of the case, this panel said the $163,000 costs and $4,600 filing fee should be split equally between ICANN and Booking.com:
we can — and we do — acknowledge certain legitimate concerns regarding the string similarity review process raised by Booking.com, discussed above, which are evidently shared by a number of prominent and experienced ICANN NGPC members.
…
In view of the circumstances, each party shall bear one-half of the costs of the IRP provider
Booking.com and Despegar will now have to fight it out for their chosen strings at auction.
The full decision can be read in PDF format here. Other documents in the case can be found here.
The TL;DR version: ICANN wins because it has stacked the appeals deck in its favor and the IRP process is pretty much useless, so we’re going to make them pay up for being dicks.
The IANA transition in a nutshell
The US plan to remove itself from its unique DNS oversight role is about creating a coalition of nations to thwart attempts by Russia and other “authoritarian” countries to increase government control of the internet.
That’s according to Larry Strickling, assistant secretary at the US National Telecommunications and Information Administration, who delivered a beautifully succinct explanation to confused senators at a hearing in Washington DC this week.
Despite unnecessary diversions into issues such as net neutrality and copyright protection — which I’m sure was not at all due to senators trying to score points with their corporate paymasters — the Commerce Committee hearing was surprising well-informed and not nearly as angry as it could have been.
Senators, mostly Republicans, reiterated their concerns that for the US to give up its role in the IANA functions contract could invite a takeover of ICANN by unfriendly nations such as China and Russia, thereby harming internet freedom.
At one point, Strickling was asked by a senator: “If there’s not a problem, what are we trying to fix here?”
His answer was one the best explanations of the political back-story of the transition that I’ve heard, so I’m going to quote it in full here.
There has been a problem, sir. At the end of 2012 when the world’s governments got together in Dubai for the ITU WCIT — World Conference on International Telecommunications — you had around 80 countries who voted to say the ITU needs to be more involved in internet governance. These were largely countries in the developing world siding with the more authoritarian regimes.
Part of the impetus for this was the continued irritation that many governments have, that has been exploited by authoritarian countries, that the United States with its special role with ICANN is in a position to control the internet in these developing counties and to turn it off in these countries and to otherwise interfere with the ability of countries to manage their own affairs with respect to the internet.
After this [IANA transition] announcement was made the next two large international meetings at which governments came together you saw a major change in position among the developing countries. We didn’t see any change in position from the authoritarian countries — and you’re not, they’re not going to change their views on this. But the key to succeeding in this on the global stage is to bring the rest of the world along with us, and that’s what we saw at the NETmundial conference in Brazil last April where the only countries who spoke out against the multi-stakeholder model of internet governance were Russia and Cuba.
We then flash forward to the ITU plenipotentiary conference in Busan last November and again you had Russia with the same proposals it’s been making for 10 years: that these functions ought to be transferred to the ITU and managed by governments. And that was beaten back by a coalition of developed and developing countries. So we’ve seen immediate results, or significant results, by the basis of our having been able to take this issue off the table for these countries, to get them to look at what’s really best for them without this overhang of a US role that was unique among governments and which was a source of irritation to governments and was being exploited to our detriment by foreign governments.
The fact of the matter is that the role we play with respect of the IANA functions is a clerical role. It’s truly stewardship. As I said before, we don’t provide any oversight of the policy judgments that ICANN and the multi-stakeholder community make. We participate as a government in the Governmental Advisory Committee, and we will continue to do that in future and will be vigorous advocates for a free and open internet.
The special role we play with respect of the IANA functions is totally administrative and clerical, yet it has been exploited by other governments — authoritarian governments — to our detriment. We’ve taken that off to the table by announcing this transition and as we complete it we will continue to see the benefits of that through the continued adoption and support for this model by the developing world.
His views were echoed by ICANN CEO Fadi Chehade more than once during the hearing, talking about how the transition process is designed to bring on board the “middle countries”, rather than already-allied nations or the fringe, minority authoritarian countries.
He cited Brazil as the key example of a government once in favor of more ITU control of the internet that is now, largely due to Chehade’s outreach and its key role in the NETmundial conference, firmly in the multi-stakeholder model camp.
The entire archived hearing can be viewed here.
ICANN ditches plan to give governments more power
ICANN has quietly abandoned a plan to make it harder for its board of directors to go against the wishes of national governments.
A proposal to make a board two-thirds super-majority vote a requirement for overruling advice provided by the Governmental Advisory Committee is now “off the table”, ICANN CEO Fadi Chehade told a US Senate committee hearing today.
The threshold, which would replace the existing simple majority requirement, was proposed last August as a result of talks in a board-GAC working group.
At the time, I described the proposal as a “fait accompli” — the board had even said it would use the higher threshold in votes on GAC advice in advance of the required bylaws change.
But now it’s seemingly gone.
The news emerged during a hearing of the Senate Committee on Commerce, Science, and Transportation today in Washington DC, which was looking into the transition of US oversight of ICANN’s IANA functions to a multi-stakeholder process.
Asked by Sen. Deb Fischer whether the threshold change was consistent with ICANN’s promise to limit the power of governments in a post-US-oversight world, Chehade replied:
You are right, this would be incongruent with the stated goals [of the IANA transition]. The board has looked at that matter and has pushed it back. So it’s off the table.
That came as news to me, and to others listening to the hearing.
The original plan to change the bylaws came in a board resolution last July.
If it’s true that the board has since changed its mind, that discussion does not appear to have been documented in any of the published minutes of ICANN board meetings.
If the board has indeed changed its mind, it has done so with the near-unanimous blessing of the rest of the ICANN community (although I doubt the GAC was/will be happy).
The public comment period on the proposal attracted dozens of responses from community members, all quite vigorously opposed to the changes.
The ICANN report on the public comments was due October 2, so it’s currently well over four months late.
UPDATE 1: An ICANN spokesperson just got in touch to say that the board decided to ditch its plan in response to the negative public comments.
UPDATE 2: Another ICANN spokesperson has found a reference to the board’s U-turn in the transcript of a meeting between the ICANN board and GAC at the Los Angeles public meeting last October. A brief exchange between ICANN chair Steve Crocker and Heather Dryden, then chair of the GAC, reads:
DRYDEN: On the issue of the proposed bylaw changes to amend them to a third — two-thirds majority to reject or take a decision not consistent with the GAC’s advice, are there any updates there that the Board would like to — the Board or NGPC? I think it’s a Board matter? Yes?
CROCKER: Yes.
Well, you’ve seen the substantial reaction to the proposal.
The reaction embodies, to some extent, misunderstanding of what the purpose and the context was, but it also is very instructive to all of us that the timing of all this comes in the middle of the broader accountability question.
So it’s — I think it’s in everyone’s interest, GAC’s interest, Board’s interest, and the entire community’s interest, to put this on hold and come back and revisit this in a larger context, and that’s our plan.
So it seems that the ICANN board did tip its hand a few months ago, but not many people, myself included, noticed.
Chehade to face Congressional grilling this week
ICANN CEO Fadi Chehade is heading to Washington DC this week to defend plans to decouple the organization from formal US oversight in front of a potentially hostile committee of Congresspeople.
The Senate Committee on Commerce, Science, and Transportation will meet this Wednesday at 1000 local time to grill Chehade and others on the plan to remove the US government from the current triumvirate responsible for managing changes to the DNS root zone under the IANA arrangements.
He will be joined by Larry Strickling, who as head of the National Telecommunications and Information Administration is the US government’s point person on the transition, and Ambassador David Gross, a top DC lawyer formerly with the Department of State.
All three men are pro-transition, while the Republican-tilted committee is likely to be much more skeptical.
The blurb for the Wednesday hearing reads:
As the U.S. government considers relinquishing control over certain aspects of Internet governance to the private sector, concerns remain that the loss of U.S. involvement over the Internet Assigned Numbers Authority (IANA) could empower foreign powers — acting through intergovernmental institutions or other surrogates — to gain increased control over critical Internet functions.
Republicans and right-leaning media commentators have warned that handing over IANA oversight to a multistakeholder body risks giving too much power to governments the US doesn’t like, such as Russia and China.
Several bills introduced in the House and Senate over the last year would have given Congress much more power to delay or deny the transition.
An amendment to an appropriations bill approved in December prevents the NTIA from spending any taxpayer money on relinquishing its DNS root oversight role until after September 30 this year, the same day that the current IANA contract expires.
This effectively prevents a transition during the current IANA contract’s run. Strickling recently said that the NTIA is complying with this legislation, but noted that it does not prevent the agency participating in the development of the transition proposal.
ICANN community working groups are currently working on plans for ICANN oversight post-NTIA and for addressing ICANN accountability.
These documents are hoped to be ready to sent to the NTIA by July, so the NTIA will have enough time to consider them before September 30.
Strickling recently addressed this date in a speech at the State of the Net conference in Washington, saying:
I want to reiterate again that there is no hard and fast deadline for this transition. September 2015 has been a target date because that is when the base period of our contract with ICANN expires. But this should not be seen as a deadline. If the community needs more time, we have the ability to extend the IANA functions contract for up to four years. It is up to the community to determine a timeline that works best for stakeholders as they develop a proposal that meets NTIA’s conditions, but also works.
Opponents of the transition say that because the NTIA is prevented from terminating the IANA contract before October 1, the NTIA will have no choice but to extend it until September 30, 2017.
Given that 2016 is a presidential election year in the US, Barack Obama would be a private citizen again by the time the next opportunity to transition comes around, they say.
Which presidential hopeful — from either party — would not buckle if asked whether he supports a plan to let Iran run the internet? That’s the political logic at work here.
Chehade himself told the AFP news agency earlier this month that the transition would have to happen before the 2016 elections, to avoid political distractions.
I’m not so sure I agree with the premise that, due to the restraints imposed by the appropriation bill, the transition now has to happen under the next president’s administration.
In my layman’s reading of the current IANA contract, the NTIA is able to terminate it for the “convenience of the government” pretty much whenever it wants.
There’s also an option to extend the contract by up to six months. The NTIA exercised this option in March 2012 when it did not approve of ICANN’s first renewal proposals.
Chehade declines to backtrack on domain “hogging” comments
ICANN CEO Fadi Chehade responded yesterday to anger from domain investors over recent comments in which he talked about “hogging” domain names and implied a link to cybersquatting.
But he did not, at least as far as I understood his explanation, backtrack on his original remarks.
Chehade was cheekily asked his current thoughts on domain “hoggers” by blogger David Goldstein during a press conference at the ICANN 52 meeting in Singapore yesterday.
This is the entirety of his reply:
I think the statement I made to a different media outlet about that was conflated to signify I was including in this all those who are in the domain name business. And that’s not true. There are those that do this as a business and do it very well and actually enhance the market and there are those that do it and make the business and the market less attractive and less desirable. So I think any insinuation that that statement engulfs everyone that is in this business is not true. As you know very well I’ve a very big supporter of the industry groups and was one of the people who was frankly very happy when the Domain Name Association was created and I attended their first formation meeting. This is where we stand and we continue to feel good about how this market is evolving and how these players are making this a good market that serves the public interest.
Having listened to it a few times, I wonder whether Chehade deliberately didn’t backtrack on his original remarks, or whether he doesn’t quite understand why they caused offense in the first place.
A couple of weeks back, Chehade was talking to the Huffington Post about new gTLDs during an interview at the World Economic Forum in Davos.
The interviewer asked about “concerns about a land-grab going on” among domain speculators.
It was a bit of a silly question, if you ask me. A speculative land-grab is pretty low down the list of concerns held by critics of the new gTLD program. Regardless, Chehade replied:
The reality is, the more there are names, the less people will actually be hogging names in order to charge a lot for them. Because if somebody took your name on dot X, you can go get another name on dot Y now.
I’d personally agree with that characterization of the program. It’s meant to make finding a good name at a cheap price easier. “Hogging” was probably a poor choice of words, but Chehade was talking off the cuff so I could give him a pass.
But later in the same reply, he used the term “cybersquatting” in such a way as to make it easy to infer he was conflating domain investing with cybersquatting. That’s a loaded term that is usually reserved for trademark infringement, at least when used inside the industry.
Obviously this was guaranteed to get investors’ hackles up.
First up with the hackles was Mike Berkens, who called Chehade out on The Domains, saying he “throws large domain investors under the bus and then backs up the bus and rolls over them again”.
Berkens pointed out, quite reasonably I thought, that ICANN is funded to a great extent by domain investors. He estimates that he alone pays ICANN about $15,000 a year in the fees that are collected at the point of registration and renewal.
By some estimates, which may even be conservative, about a third of new gTLD registrations to date have been made to speculators.
Berkens made the even better point that many of the people who have pumped hundreds of millions of dollars into the new gTLD program — Uniregistry’s Frank Schilling, XYZ.com’s Daniel Negari and multiple Donuts executives, for example — made their fortunes investing in second-level domains.
He concluded:
All and all some pretty ignorant statements in our opinion made by the CEO of ICANN and an insult to those domain investors that are some of the biggest buyer’s of new gTLD’s domain names who have paid ICANN a small fortune over the years allowing them to travel the world, pay millions a year in salary and other benefits.
Phil Corwin Jeremiah Johnston of the Internet Commerce Association followed up a few days ago with an open letter to Chehade which explained the outrage in slightly more formal and lawyerly way, with all the apostrophes in the right places. He wrote:
The ICA objects to your statement as it expresses a disdainful view towards the legitimate activity of domain investing, a hostile view of domain investors who are significant ICANN stakeholders who are deeply affected by its policies, a lack of awareness of the market realities of domains as an asset class, and an unwarranted promotion of new gTLD domains over those at legacy gTLDs.
…
Domain investors are not “hogs” and they most certainly are not deliberate trademark infringers, or “cybersquatters”. It is not clear what you intended by your reference to “cybersquatting”, though it is concerning that you used this pejorative term just after making disparaging remarks about domain investors.
With all these criticisms in mind, let’s go back and parse what Chehade said in Singapore yesterday.
First, he said his remarks had been wrongly “conflated to signify I was including in this all those who are in the domain name business”.
I’m not sure that’s what happened. I’m pretty certain Berkens and his commenters, and then Corwin Johnston, got the hump purely because Chehade dismissed domain investing as “hogging” and then implied a link between investing and trademark infringement.
Who is Chehade talking about when he draws a distinction between those who “enhance the market” and those who “make the business and the market less attractive”?
Is the line drawn between the trademark infringers and the legitimate investors, or its it drawn somewhere else?
Why did Chehade go on to express his support for the DNA, a sell-side trade group funded largely by registries and registrars? Was he drawing the line between regular second-level domainers (hogging) and those that in many cases are essentially just top-level domainers (enhancing)?
Chehade was given the opportunity to backtrack and he didn’t take it.
I’m not a domainer, but if I were I don’t think I’d be particularly satisfied about that.
Overworked ICANN community “at breaking point”, Chehade warns
The volunteers that do the bulk of the policy-development work at ICANN are are suffering from “burnout” and are at “breaking point”, CEO Fadi Chehade said during the opening ceremony of the ICANN 52 public meeting in Singapore today.
“This community — we’re hearing this from many of your leaders — is reaching a bit of burnout. And we in the staff are responsible to support you better so that we can manage the workload that you’re all feeling,” Chehade said.
A session later today will demonstrate some of the tools and processes ICANN plans to put in place to alleviate the load, he said.
Much of the work in ICANN’s supporting organizations is done on a volunteer basis.
ICANN’s tendency to spawn new working groups, roles and committees on an almost fractal basis, and the relative lack of people willing to shoulder the burden of endless teleconferences and sprawling mailing lists, has long been an issue for the community.
Not only does ICANN have to do the work of making DNS policies, it also undergoes a permanent process of self-analysis and review, which eats up time. That has been especially pronounced as ICANN prepares for its probable transition away from US government oversight.
Chehade gave an example of a key community member who showed up uncomplainingly to an important meeting despite suffering a personal tragedy just a day earlier.
“This community is a very unique community. The volunteers that make up ICANN are essentially the spirit of ICANN,” Chehade said. “This is who we are. But this is the beauty of ICANN. This is what makes us very special, and I know that our volunteers are at break-point, but let me tell you, there is no better community.”
Human glitch lets hackers into ICANN
It’s 2014. Does anyone in the domain name business still fall for phishing attacks?
Apparently, yes, ICANN staff do.
ICANN has revealed that “several” staff members fell prey to a spear-phishing attack last month, resulting in the theft of potentially hundreds of user credentials and unauthorized access to at least one Governmental Advisory Committee web page.
According to ICANN, the phishers were able to gather the email passwords of staff members, then used them to access the Centralized Zone Data Service.
CZDS is the clearinghouse for all zone files belonging to new gTLD registries. The data it stores isn’t especially sensitive — the files are archives, not live, functional copies — and the barrier to signing up for access legitimately is pretty low.
But CZDS users’ contact information and login credentials — including, as a matter of disclosure, mine — were also accessed.
While the stolen passwords were encrypted, ICANN is still forcing all CZDS users to reset their passwords as a precaution. The organization said in a statement:
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
As a victim, this doesn’t worry me a lot. My contact details are all in the public Whois and published on this very web site, but I can imagine other victims might not want their home address, phone number and the like in the hands of ne’er-do-wells.
It’s the second time CZDS has been compromised this year. Back in April, a coding error led to a privilege escalation vulnerability that was exploited to view requests by users to new gTLD registries.
Also accessed by the phishers this time around were several pages on the GAC wiki, which is about as interesting as it sounds (ie, not very). ICANN said the only non-public information that was viewed was a “members-only index page”.
User accounts on the ICANN blog and its Whois information portal were also accessed, but apparently no damage was caused.
In summary, the hackers seem to have stolen quite a lot of information they could have easily obtained legitimately, along with some passwords that may allow them to cause further mischief if they can be decrypted.
It’s embarrassing for ICANN, of course, especially for the staff members gullible enough to fall for the attack.
While the phishers made their emails appear to come from ICANN’s own domain, presumably their victims would have had to click through to a web page with a non-ICANN domain in the address bar order to hand over their passwords.
That’s not the kind of practice you’d expect from the people tasked with running the domain name industry.
Recent Comments