Karklins beats LaHatte to chair ICANN’s Whois privacy team

Latvian diplomat and former senior WIPO member Janis Karklins has been appointed chair of the ICANN working group that will decide whether to start making private Whois records available to trademark owners.
Karklins’ appointment was approved by the GNSO Council last week. He beat a single rival applicant, New Zealand’s Chris LaHatte, the former ICANN Ombudsman.
He replaces Kurt Pritz, the former ICANN Org number two, who quit the chair after it finished its “phase one” work earlier this year.
Karklins has a varied resume, including a four-year stint as chair of ICANN’s Governmental Advisory Committee.
He’s currently Latvia’s ambassador to the United Nations in Geneva, as well as president of the Arms Trade Treaty.
Apparently fighting for Latvia’s interests at the UN and overseeing the international conventional weapons trade still gives him enough free time to now also chair the notoriously intense and tiring Expedited Policy Development Process on Whois, which has suffered significant burnout-related volunteer churn.
But it was Karklins’ one-year term as chair of the general assembly of WIPO, the World Intellectual Property Organization, that gave some GNSO Council members pause.
The EPDP is basically a big bloodless ruck between intellectual property lawyers and privacy advocates, so having a former WIPO bigwig in the neutral hot seat could be seen as a conflict.
This issue was raised by the pro-privacy Non-Commercial Stakeholders Group during GNSO Council discussions last week, who asked whether LaHatte could not also be brought on as a co-chair.
But it was pointed out that it would be difficult to find a qualified chair without some connection to some interested party, and that Karklins is replacing Pritz, who at the time worked for a new gTLD registry and could have had similar perception-of-conflict issues.
In the end, the vote to confirm Karklins was unanimous, NCSG and all.
The EPDP, having decided how to bring ICANN’s Whois policy into compliance with the General Data Protection Regulation, is now turning its attention to the far trickier issue of a “unified access model” for private Whois data.
It will basically decide who should be able to request access to this data and how such a system should be administered.
It will not be smooth sailing. If Karklins thinks international arms dealers are tricky customers, he ain’t seen nothing yet.

4 Comments Tagged: arms trade treaty, epdp, gnso council, ICANN, privacy, trademarks, un, whois, wipo

ICANN to approve new UDRP provider

ICANN is set to approve a new UDRP provider at a board of directors meeting next week.
May 3, the board will approve the Canadian International Internet Dispute Resolution Centre as its sixth approved provider and the second based in North America.
The resolution to approve its now year-old application is on the consent agenda for next week’s meeting, meaning the decision to approve has basically already been made.
CIIDRC is a division of the British Columbia International Commercial Arbitration Centre, a non-profit set up by the BC government in the 1980s.
It’s been exclusively handling cybersquatting disputes over .ca domain names since 2002, under a deal with local registry CIRA.
The organization reckons it will be ready to start accepting complaints within a few months of approval, and could handle up to 200 cases per month.
It had a roster of 26 panelists in rotation at the time it applied to ICANN for UDRP approval, many of whom also provide their expertise to other UDRP providers such as WIPO and NAF.

Comment Tagged: bcicac, ciidrc, cybersquatting, ICANN, udpr

Amazon tells power-hungry governments to get stuffed

Amazon has rejected attempts by South American governments to make the would-be gTLD .amazon “jointly owned”.
In a letter to ICANN last week, Amazon VP of public policy Brian Huseman finally publicly revealed the price Amazon is willing to pay for its dot-brand, but said members of the Amazon Cooperation Treaty Organization are asking for way too much power.
It turns out three of ACTO’s eight national government members have proposed solutions to the current impasse, but Amazon has had to reject them all for commercial and security reasons. Huseman wrote (pdf):

Some member states require that we jointly own and manage the .AMAZON TLDs. Some require that we give the member states advance notice and veto authority over all domain names that we want to register and use—for both trademarked terms as well as generic words. Some suggest a Governance Committee can work only if it has governance that outweighs Amazon’s voice (i.e. the Governance Committee has a representative from one of each of the eight member states, while Amazon has one); and some want to use .AMAZON for their own commercial purposes.

From Huseman’s description, it sounds like the ACTO nations basically want majority control (at least in terms of policy) of .amazon and the Chinese and Japanese translations, applications for which have been essentially frozen by ICANN for years.
Huseman told ICANN that Amazon cannot comply.
If the company were to give eight South American governments advanced notice and veto power over .amazon domains it planned to register, it would make it virtually impossible to contain its business secrets prior to the launch of new services, he said.
The governments also want the right to block certain unspecified generic strings, unrelated to the Amazon region, he wrote. Amazon can’t allow that, because its range of businesses is broad and it may want to use those domains for its own commercial purposes.
Amazon has offered to block up to 1,500 strings per TLD that “represent the culture and heritage of the Amazonia region”.
Nine .amazon domains would be set aside for actual usage, one for ACTO and one each for its members, “that have primary and well-recognized significance to the culture and heritage of the region”, but they’d have to use those domains non-commercially.
The proposal seems to envisage that the countries would select their two-letter country code as their freebie domain. Brazil could get br.amazon, for example.
They could also select the names of Amazonian indigenous peoples’ groups or “the specific terms OTCA, culture, heritage, forest, river, and rainforest, in English, Dutch, Portuguese, and Spanish.”
They would not to be allowed to use third-level domains, other than “www”.
The governments would have up to two years to populate the list of 1,500 banned terms. The strings would have to have the same “culture and heritage” nexus, and Amazon would get veto power over whether the proposed strings actually meet that test.
As the whole policy would be enshrined as a Public Interest Commitment in the .amazon registry contract with ICANN, ACTO members would be able to protest such rejections using the PIC Dispute Resolution Policy.
Amazon would also get veto power over the content of the web sites at the domains used by the governments. They’d have to be basically static sites, and all user-generated content would be strictly verboten.
It’s a power struggle, with little evident common ground once you get down into the details, and it’s likely going to be up to ICANN to decide whether Amazon’s proposal is sufficient to overrule the ACTO and Governmental Advisory Committee concerns.
ICANN had set a deadline of April 21 to receive the proposal. The timetable it has previously set out would see its board of directors make a decision (or punt it back to Amazon) at the Marrakech public meeting in late June.
However, board chair Cherine Chalaby has told ACTO that if it wants to negotiate a joint proposal with Amazon, it can still do so. ICANN would need to receive this revised proposal by June 7, he said.

8 Comments Tagged: .amazon, acto, amazon, dot-brands, gac, ICANN, montreal

Oh, the irony! Banned anti-Islam activist shows up on “Turkish” new gTLD domain

Tommy Robinson, who has been banned from most major social media platforms due to his anti-Islam “hate speech”, is now conducting business via a domain name that some believe rightfully belongs to the Muslim-majority nation of Turkey.
The registration could add fuel to the fight between ICANN and its governmental advisers over whether certain domains should be blocked or restricted.
Robinson, the nom de guerre of the man born Stephen Yaxley-Lennon, is the founder and former leader of the far-right English Defence League and known primarily for stirring up anti-Muslim sentiment in the UK for the last decade.
He’s currently, controversially, an adviser to the UK Independence Party. Former UKIP leader Nigel Farage, also a thoroughly unpleasant bloke, considers Robinson so far to the right he quit the party in response to the appointment.
Over the last year, Robinson has been banned from Twitter, Facebook and Instagram, and had his YouTube account placed under serious restrictions. This month, he was also banned from SnapChat, and the EDL he used to lead was among a handful of far-right groups banned from Facebook.
Since his personal Facebook page went dark in February, he’s been promoting his new web site as the primary destination for his supporters.
It features news about his activities — mainly his ongoing fights against social media platforms and an overturned contempt of court conviction in the UK — as well as summaries of basically any sufficiently divisive anti-Islam, anti-immigration, or pro-Brexit stories his writers come across.
The domain he’s using is tr.news, a new gTLD domain in a Donuts-owned registry. It was registered in December via GoDaddy.
Given it’s a two-character domain, it will have been registry-reserved and would have commanded a premium price. Other two-character .news domains are currently available on GoDaddy for between $200 and $10,000 for the first year.
It will come as no surprise at all for you to learn that the domain was transferred out of GoDaddy, which occasionally kicks out customers with distasteful views, to Epik, now de facto home of those with far-right views, a couple of weeks after the web site launched.
The irony of the choice of domain is that many governments would claim that tr.news — indeed any two-character domain, in any gTLD, which matches any country-code — rightfully belongs to Turkey, a nation of about 80 million nominal Muslims.
TR is the ISO 3166-1 two-character code for Turkey, and until a couple of years ago new gTLD registries were banned from selling any of these ccTLD-match two-letter domains, due to complaints from ICANN’s Governmental Advisory Committee.
Many governments, including the UK and US, couldn’t care less who registers their matching domain. Others, such as France, Italy and Israel, want bans on specific domains such as it.pizza and il.army. Other countries have asked for blanket bans on their ccTLD-match being used at all, in any gTLD.
When new gTLDs initially launched in 2012, all ccTLD matches were banned by ICANN contract. In 2014, ICANN introduced a cumbersome government-approval system under which governments had to be consulted before their matches were released for registration.
Since December 2016, the policy (pdf) has been that registries can release any two-letter domains, subject to a provision that they not be used by registrants to falsely imply an affiliation with the country or registry with the matching ccTLD.
Robinson is certainly not making such an implication. I imagine he’d be as surprised as his readers to learn that his new domain has a Turkish connection. It’s likely the only people who noticed are ICANN nerds and the Turkish themselves.
Would the Turkish people look at tr.news and assume, from the domain alone, that it had some connection to Turkey? I think many would, though I have no idea whether they would assume it was endorsed by the government or the ccTLD registry.
Would Turkey — a government whose censorship regime makes Robinson’s social media plight look like unbounded liberalism — be happy to learn the domain matching its country code is being used primarily to deliver divisive content about the coreligionists of the vast majority of its citizens? Probably not.
But under current ICANN policy it does not appear there’s much that can be done about it. If Robinson is not attempting to pass himself of as an affiliate of the Turkish government or ccTLD registry, there’s no avenue for complaint.
However, after taking the cuffs off registries with its December 2016 pronouncement, allowing them to sell two-letter domains with barely any restrictions, ICANN has faced continued complaints from the GAC — complaints that have yet to be resolved.
The GAC has been telling ICANN for the last two years that some of its members believe the decision to release two-character names went against previous GAC advice, and ICANN has been patiently explaining the process it went through to arrive at the current policy, which included taking GAC advice and government comments into account.
In what appears to be a kind of peace offering, ICANN recently told the GAC (pdf) that it is developing an online tool that “will provide awareness of the registration of two-character domains and allow for governments to report concerns”.
The GAC, in its most-recent communique, told ICANN its members would test the tool and report back at the public meeting in Montreal this November.
The tool was not available in December, when tr.news was registered, so it’s not clear whether Turkey will have received a formal notification that its ccTLD-match domain is now registered, live, and being used to whip up mistrust of Muslims.
Update April 30: ICANN informs me that the tool has been available since February, but that it does not push notifications to governments. Rather, governments can search to see if their two-letter codes have been registered in which gTLDs.

Comment Tagged: .islam, .news, .tr, censorship, donuts, epik, geographic, godaddy, ICANN, new gTLDs, tommy robinson, turkey, two-character

ICANN got hacked by crypto bots

ICANN had to take down its community wiki for several hours last week after it got hacked by crypto-currency miners.
The bad guys got in via one of two “critical” vulnerabilities in Confluence, the wiki software that ICANN licences from Atlassian Systems, which ICANN had not yet patched.
ICANN’s techies noticed the wiki, which is used by many of its policy-making bodies to coordinate their work, was running slowly April 11.
They quickly discovered that Atlassian had issued a vulnerability warning on March 20, but ICANN was not on its mailing list (doh!) so hadn’t been directly notified.
They also determined that a malicious “Crypto-Miner” — software that uses spare CPU cycles to attempt to create new cryptocurrency coins — had been installed and was responsible for the poor performance.
ICANN said it took the wiki down, restored it to a recent backup, patched Confluence, and brought the system back online. It seems to have taken a matter of hours from discovery to resolution.
The organization said it has now subscribed to Atlassian’s mailing list, so it will be notified of future vulnerabilities directly.

Comment Tagged: .wiki, atlassian, bitcoin, confuence, cryptocurrency, glitch, hacked, ICANN, miner, security

Revenue dips as Brexit whacks .eu in 2018

.eu saw its registrations sink substantially in 2018, largely due to Brexit, which affected its revenue and profit.
Registry EURid said yesterday that it was managing 3,684,750 .eu domains at the end of the year, down by 130,305 over the year.
It’s .eu’s lowest end-of-year domain count since 2012.
The UK, which voted to leave the EU in 2016 but has yet to follow through, sank from the fourth-largest .eu country to the sixth, now behind less populous countries Poland and Italy.
EURid and the UK government have warned UK-based registrants that they stand to lose their domains after Brexit is actually executed (if it ever is)
As Brits abandoned their .eu names by the tens of thousands, EURid also suspended over 36,000 domains for abuse, which affected its annual total.
The decline hit EURid’s revenue, which was down to €12.7 million, from €13.3 million in 2017. Profit was down from €1.7 million, from €2 million.
The data was published in the registry’s annual report (pdf), published yesterday.

Comment Tagged: .eu, brexit, earnings, eurid, financials

auDA rejects domaining ban but approves second-level domains

Australian ccTLD registry auDA has rejected a proposal that would have essentially banned domainers from the .au space.
In response to recommendations of its Policy Review Panel, auDA management said that the PRP “has not provided any evidentiary material” that so-called “warehousing” is harmful.
It further concluded that the policies proposed for monitoring and rooting out suspected domainers would disproportionately increase compliance costs for both registrants and auDA itself.
In management’s response (pdf) to the PRP, auDA wrote that the ban would make investors second-class citizens when compared to powerful trademark owners:

The warehousing prohibition appears to disproportionately target domain investors as the licence portfolios or holdings of trademark and brand owners will be excluded under the PRP proposal. This proposal elevates the rights of trademark and other intellectual property owners over other licence holders in the .au domain, which may give rise to issues of market power and anti-competitive practices. Management believes that further information is required to assess whether the net benefit to the community of prohibiting warehousing in respect of a class of registrants outweighs the competition issues. For these reasons Management believes that there should be no change to the existing policy position.

It added:

Management does not support the PRP recommendation for a resale and warehousing prohibition for the reasons set out earlier. The proposed test for determining whether a registrant has contravened the resale and warehousing prohibition will increase compliance costs for registrants and administration, monitoring and enforcement costs for auDA. These costs may be disproportionate to the risk or severity of the harm to the community from warehousing and the cost of a licence in the .au domain.

Not only did it decide not to crack down on domainers, but auDA also plans to make their lives a little easier by updating current eligibility policy to explicitly state that parking, or “monetization”, is permitted.

To ensure there is no ambiguity or reliance on interpreting ‘content’, auDA management has recommended an additional allocation criteria can be applied to com.au and net.au which would include that a domain name could be used for the purpose of pay-per-click or affiliate web advertising/ lead generation, or electronic information services including email, file transfer protocol, cloud storage or managing Internet of Things (IoT) devices.

It’s a comprehensive win for domainers, such as those represented by the Internet Commerce Association, which had been outraged by the PRP’s findings.
It’s less good news when it comes to the perhaps more controversial plans to allow direct, second-level registrations under .au.
auDA has decided to go ahead with these longstanding plans, which domainers worry will promote confusion and dilute the value of their third-level .com.au portfolios.
The new draft plans (pdf) for the launch of 2LDs would see existing 3LD registrants given “priority status” to register the exact-match 2LD.
There would be a six-month application window for registrants to lodge their claims, beginning October 1 this year.
If the .com.au version and .org.au version, for example, were owned by different parties, the registrant with the earliest registration date would have priority.
After the application window closed, any unclaimed domains would be made available on a first-come, first-served basis.
These rules, and all the results of auDA’s response to the PRP, are open for public comment until May 10.

5 Comments Tagged: .au, auda, direct, domaining, second-level, warehousing

KPMG dumps .com for dot-brand gTLD

KPMG has become the latest company to dump its .com domain in favor of its dot-brand gTLD.
The company recently announced that it is now using home.kpmg as its primary web site domain, replacing kpmg.com.
The migration appears to be complete already. URLs on the old .com address now bounce users to the equivalent page on .kpmg. Web searches for KPMG return the .kpmg domain as the top hit.
KPMG said in a press release:

The move enhances the KPMG brand through a strong, simplified name, and provides end users with a level of assurance that any site that ends with .kpmg is owned and operated by KPMG.
Since the top level domain can only be used by KPMG, visitors to sites that use the new top level domain can easily confirm its authenticity and be assured that the information they contain is reliable and secure.

The company said that it is the first of the “Big Four” professional services firms to make the switch.
This is technically correct. Rival Deloitte uses several .deloitte domains, but it has not bit the bullet and migrated from its .com.
Of the other two, Ernst & Young does not have a dot-brand, and PricewaterhouseCoopers does not use its .pwc extension beyond a single experimental domain that redirects to pwc.com.
KPMG had revenue just shy of $29 billion last year and is one of the most recognizable brands in the corporate world.

33 Comments Tagged: .com, dot-brands, kpmg, new gTLDs, pwc

David and Goliath? DotMusic confirms .music win

Cyprus-based registry upstart DotMusic Ltd has confirmed that it has secured the rights to the .music gTLD.
Founder and CEO Constantinos Roussos tweeted the news overnight.

Excited to announce that after more than a decade, DotMusic has prevailed and will be the .MUSIC registry 🙂 https://t.co/XSnCkQVn28 #ICANN #DotMusic #DavidandGoliath #Music #Domains pic.twitter.com/tQX14eYyKu

— Constantine Roussos (@mus) April 11, 2019

It is not known how much DotMusic paid for the string, which I believe was auctioned in late March.
DotMusic fought off competition from seven other applicants, including some heavy-hitters: Google, Amazon, Donuts, Radix, Far Further, Domain Venture Partners and MMX.
MMX’s application was the last to be withdrawn, last night.
It’s not impossible that .music could launch before the end of the year, after DotMusic has completed the remaining pre-delegation steps such as signing its ICANN registry contract.
There will also be a couple of launch phases that give priority to members of the music industry.
Even when it goes to general availability, it won’t be a free-for-all, however.
DotMusic, in its efforts to secure support from the piracy-fearful music industry, proposed relatively strict “enhanced safeguards” for .music.
Registrants will have to verify their identity by phone as well as email in order to register a domain. They’ll also be restricted to strings matching their “their own name, acronym or Doing Business As”.
I don’t think the policies as outlined will be enough to prevent speculation, but they will add friction, possibly throttling sales volume.
In other news, it turns out Dewey did in fact defeat Truman.

2 Comments Tagged: .music, dotmusic, ICANN, new gTLDs, piracy

Neustar loses most of its Amazon back-end biz to Nominet

Amazon has switched two thirds of its large portfolio of new gTLDs over to Nominet’s back-end registry services, replacing Neustar.
Judging by changes to IANA records this week, Amazon has moved 35 gTLDs to Nominet, leaving 17 at Neustar.
A Neustar spokesperson confirmed the changes, telling DI:

in an effort to diversify their back-end support, Amazon has chosen to move some, but not all, of their TLDs to another provider. Neustar will still manage multiple Amazon TLDs after the transition and we look forward to our continued partnership.

The switch more than doubles Nominet’s number of TLDs under management. Its biggest customer to date was MMX, which pushed 20 of its TLDs to the .uk registry in a restructuring a few years ago.
The Amazon loss, and a few others recently, also mean that Neustar is by my back-of-the-envelope calculation no longer the largest back-end when measured by the number of TLDs under management.
Those bragging rights would go to Donuts, which self-manages its own rather large portfolio of 241 TLDs. Neustar would remain the largest provider in terms of service provided to third-party clients.
The Neustar-to-Nominet technical migration appears to have kicked off a couple of weeks ago and emerged Wednesday when Nominet’s Technical Contact information replaced Neustar’s in most of Amazon’s IANA records.
Customers will not have noticed, because the TLDs in question barely have any customers.
The only one of the 35 affected TLDs with any registrations at all is .moi, which has just a couple hundred domains in its zone.
The other affected TLDs, none of which have launched, are: .moi, .yamaxun, .author, .book, .buy, .call, .circle, .fast, .got, .jot, .joy, .like, .pin, .read, .room, .safe, .smile, .tushu, .wanggou, .spot, .tunes, .you, .talk, .audible, .deal, .fire, .now, .kindle, .silk, .save, .hot, .pay, .secure, .wow and .free.
The TLDs remaining with Neustar are: .bot, .zero, .ポイント, .書籍, .クラウド, .ストア, .セール, .coupon, .zappos, .ファッション, .食品, .song, .家電, .aws, .imdb, .prime, and .通販.
Six of the TLDs staying with Neustar have launched, but only one, .bot, has more than 100 registrations.
.bot is a tightly restricted, experimental space currently in a long-term “limited registration period” which is not due to end until next January. It has around 1,500 names in its zone file.
Four of Amazon’s dot-brands are staying with Neustar, which is probably the most enthusiastic cheerleader for dot-brands out there, and four are going to Nominet.
Neustar appears to be keeping all of Amazon’s internationalized domain names. Nominet currently manages no IDNs.
How important the adjustment is from a dollar perspective would rather depend on what the per-domain component of the deals were, and whether Amazon ever plans to actually make its gTLDs commercially available.
In recent weeks, XYZ.com also moved its recently acquired .baby gTLD from Neustar, where it had been an unused dot-brand, to preferred provider CentralNic, while .kred and .ceo, both under the same ownership, also switched to CentralNic.

Comment Tagged: amazon, dot-brands, idns, neustar, new gTLDs, nominet