Lawyer ban coming to ICANN
Tell us who you’re working for, or get out.
That’s the message, mainly targeting lawyers in private practice, underpinning a proposed change to the rules governing participating in ICANN policy-making proceedings.
The Org has published a new “discussion draft” of a Community Participant Code of Conduct Concerning Statements of Interest, which proposes closing a loophole that currently allows lawyers to keep their clients’ identities secret.
Today, everyone who participates in policy-making has to file a Statement of Interest, disclosing among other things their employers and/or clients, so their fellow volunteers know who they’re dealing with.
But there’s an exemption where “professional ethical obligations prevent you from disclosing this information”.
The new proposals would remove this exemption. The text (pdf) reads:
withholding relevant information about the interests involved in the deliberations could impair the legitimacy of ICANN’s processes. When disclosure cannot be made, the participant must not participate in ICANN processes on that issue.
This rule would also apply, for example, to participants from companies that are secretly working on technology patents relevant to the area of policy work, ICANN said.
Imagine an employee of a Big Domains firm pushing hard for a change to Whois policy while their employer is covertly intending to patent elements of the technology that would be needed to implement that policy.
The other example I’ve been given is of a lawyer in private practice who’s representing a company that intends to apply to ICANN for a new gTLD in the Next Round, where disclosing the desired string might be unwise.
If Pepsi is planning to apply for .pepsi, thinking it will give it a competitive advantage over Coca-Cola, having its outside counsel essentially announce that fact to the world could tip off its rival to start working on its .coke application.
In both those situations, the proposed new SOI policy would ask the would-be volunteer to either disclose or recuse. If discovered to have lied about their interests, they could be banned from all future ICANN policy-making work.
The proposals also target those working for trade groups who keep their member lists private. The document states:
If participants are participating on behalf of a trade association, consortium, or similar organization, those participants are urged to identify where other participants within ICANN can locate pertinent information about the membership or funding of that organization.
The proposals appear to have originated with ICANN Org after community efforts to reach consensus on SOIs failed.
A GNSO working group called CCOICI, for Council Committee for Overseeing and Implementing Continuous Improvement, after internal disagreements last year recommended keeping the lawyer loophole.
But when it came to a GNSO Council vote almost exactly a year ago, the Contracted Parties House (registries and registrars) unanimously rejected the CCOICI recommendations, precisely because of the loophole.
The Non-Contracted Parties House gave the changes their unanimous approval.
CPH members’ interests are of course generally known by virtue of the fact that they’re CPH members, representing their employers.
As I reported back in March, the CPH continues to think the SOI rules need strengthening, and that position is shared by members of the influential Governmental Advisory Committee.
The proposals are open for public comment until December 2.
Identity Digital to take over .ai
Identity Digital is to take over the running of .ai, following a deal with the Government of Anguilla announced today.
The two parties said they “plan to build a world-class registry management program that prioritizes quality domains and instills trust in .AI domain names for years to come”.
It looks like a back-end deal. There’s no suggestion of any kind of redelegation.
Currently, .ai is run by a small local outfit called DataHaven.Net, on a fairly basic web site that gives off all the vibes of being a one-man show and perhaps a little bit slapdash.
Identity Digital, by contrast, runs its huge portfolio of TLDs on the Amazon cloud and has pretty much blanket coverage of ICANN-accredited registrars. Only 40 registrars are listed on the current .ai registry site.
The ccTLD has grown to be a significant player in the last two years, growing from about 150,000 domains mid-2022, prior to generative AI entering the popular imagination, to 533,068 at the start of this month.
Identity Digital said that .ai already accounts for 20% of Anguilla’s revenue, and that this new deal should help increase that amount.
ICA teams up with WIPO on UDRP reform
The Internet Commerce Association and WIPO are jointly chairing an off-the-books review of the UDRP, ahead of a likely ICANN review of the anti-cybersquatting policy next year.
WIPO said today that the review is being coordinated by Brian Beckham of WIPO and Zak Muscovitch of the ICA, and comprises another 16 participants, mostly UDRP lawyers, panelists, and WIPO itself.
ICANN is being represented by director Sarah Deutsch. Domainers are represented by Telepathy’s Nat Cohen. The brand owner representative is Mette Andersen of regular UDRP complainant Lego.
The team is also drawing on the expertise of a couple dozen experts, a who’s who drawn from all sectors of the industry from registrars to domainers to IP interests to the UDRP providers themselves.
The composition looks very much like what an ICANN policy working group on this topic would look like, but the talks are being held outside of the usual policy development process.
WIPO says: “The core aim of this project is to maintain the UDRP as an efficient and predictable out-of-court dispute resolution mechanism for clear trademark-based disputes.”
But the organization seems to be engaging in some expectation management aimed at those who believe UDRP needs to be gutted. WIPO said:
Any recommendations should be borne out by a demonstrated compelling need for a change, and must be considered against this background, as any perceived case-specific or anecdotal faults of the UDRP do not warrant a wholesale revision of this industry best practice.
The group is expected to produce a report early next year for public input, and share a final report with ICANN thereafter, when the GNSO community is expected to kick off its owner formal Policy Development Process looking at UDRP.
UDRP review has been on the back-burner for the last couple of years since an initial public comment period, mainly due to workload issues faced by ICANN staff and community volunteers.
The GNSO was expected to open its PDP preparations more or less now, but the GNSO Council is expected to vote this Thursday to delay the start of the project for another six months, due to delays implementing other rights protection mechanism reviews.
Given how long PDPs typically take, by my estimate you’re looking at at least three years before any changes to UDRP are approved.
Response to sex harassment lawsuit “inadequate”, say ICANN vets
ICANN’s response to a sexual harassment lawsuit filed by a former long-serving employee was “inadequate” and failed to address “pervasive and obvious problems” women experience in the community, some veteran community members have said.
In a letter to chair Tripti Sinha, 15 people, not exclusively female, also say that previous responses to reports of harassment have focused more on protecting ICANN’s reputation rather than protecting the affected party.
Tanzanica King, a former senior member of ICANN’s meetings team and the Org’s second-longest-serving employee, sued ICANN in August, complaining about specific instances of harassment and a broader “frat boy culture”.
In response, ICANN said many of King’s claims were “untrue”, saying it “strives to create a positive, safe, and inclusive work and community environment” and has “a zero-tolerance policy toward harassment”.
Sinha later announced a forthcoming “strengthening” of the Org’s anti-harassment policy and named its new Ombuds as Liz Field, a woman with experience overseeing anti-harassment policies in governmental and quasi-governmental settings.
Now, the 15 veteran community members, drawn from contracted and non-contracted parties but all writing in their personal capacity, have called ICANN’s initial response “profoundly disappointing”. They wrote (pdf).
It is time to acknowledge that ICANN Org and the Community must make the necessary changes to create a welcoming and professional Community and to protect and defend both Org staff and Community members against harassment and sexual abuse. Denial of this issue has gone on for too long, protecting ICANN’s reputation rather than protecting victims.
The September 24 letter goes on to specifically criticize the Office of the Ombuds, until about a year ago led exclusively by men and then on an interim basis by a woman who was also an Org staffer, for not having the power or willingness to act on harassment reports. They wrote:
An ombuds must have independence and the ability to act; ICANN’s Office of the Ombuds has neither. Typically when harassment has been raised with the Ombuds, the Office did not have the ability to protect the reporter and the impacted person. The Office has illustrated over and over that their function is to protect ICANN Org’s interests—reputation, financial interest, or damage to organizational integrity.
Sinha has since responded (pdf), saying the ICANN board takes the issue “very seriously” and asking permission to publish the letter as “a positive way to encourage dialogue”.
She added that the new Ombuds reports directly to the board and that she “is fully empowered to act as an independent, impartial dispute resolution provider, with autonomy and authority.”
ICANN has not retracted its statement in response to the King lawsuit as the letter-writers requested.
Unstoppable tops four million names
Unstoppable Domains says it has now registered over four million names on its collection of blockchain-based alternative naming systems.
The volume appears to spread across multiple extensions. Unstoppable runs names such as .crypto, .x, .wallet and .nft, as well as dozens of more obscure branded strings, such as .pudgy and .bald, with its partners.
If we were to treat the whole Unstoppable portfolio as a single TLD, it would be about as large as India’s .in or France’s .fr, and hundreds of thousands of names larger than XYZ.com’s .xyz.
It would be more than twice as big as RealNames was at its peak, and many times larger than AOL Keywords. Just saying.
Amazon readying fashion and book gTLDs
Amazon appears to be dusting off two of its long-dormant gTLDs, targeting the books and fashion industries ahead of launch next year.
But it’s probably not worth getting too excited about if you only speak English. The TLDs are .ファッション (.xn--bck1b9a5dre4c), which is Japanese for “fashion” and .書籍 (.xn--rovu88b), which is Chinese for “books”.
Updated dates filed with ICANN show Amazon Registry is planning to take both to general availability in early November 2025. That’s not a typo, the dates really are over a year away.
No pricing or registration policy information is available.
The two TLD have both already carried out their mandatory sunrise periods — eight years ago — and currently have 50-odd names in their zone files, which all appear to be internal or sunrise registrations.
Amazon has 54 gTLDs, a mixture of dot-brands and generic terms, according to my database, but only nine generics have launched and only two have registrations measured in the thousands.
The company applied for its dictionary-word, product-category TLDs at a time when it thought it would be able to keep them a closed shop where it could keep all the domains to itself.
Five times ICANN deleted a ccTLD, and what it means for .io
With the future of .io coming into question this week, with the news that the UK will return sovereignty of the British Indian Ocean Territory to Mauritius, I thought it would be a good time to see how ICANN has treated disappearing countries and territories in the past.
As far as I can tell, ccTLDs have been removed from the DNS root on only five occasions since ICANN came into existence in 1998.
While the circumstances differ, in all but one case the trigger for the deletion was a change to the International Standards Organization’s ISO 3166-1 alpha-2 list, which ICANN uses to decide who gets a ccTLD and what ccTLD they get.
.yu — Yugoslavia
The Socialist Federal Republic of Yugoslavia broke up in 1992 due to a bloody civil war, but it wasn’t until 2010 that ICANN finally removed .yu from the root.
Splinter nations Slovenia, Croatia, North Macedonia, and Bosnia and Herzegovina were all assigned their own new country codes — .si, .hr, .mk and .ba — in the 1990s, but the now independent and separate states of Serbia and Montenegro, initially known as the Federal Republic of Yugoslavia, carried on using .yu.
When the country renamed itself the State Union of Serbia and Montenegro in 2003, the ISO list was updated to assign it the new code .cs, but the corresponding ccTLD was never actually delegated before the country broke up again in 2006, getting the ccTLDs .rs and .me the following year.
RNIDS, the .rs registry, carried on running .yu for a few years while it transitioned registrants to the new ccTLD. The process was not entirely painless, and ICANN had to keep .yu live longer than planned, before eventually deleting it April 1, 2010.
.tp — Portuguese Timor
The country we now know as East Timor or Timor Leste started the 21st century as Portuguese Timor, under Indonesian occupation. Its ccTLD was .tp.
After the country gained its independence in 2002, it renamed itself Timor Leste and the ISO assigned it the new code TL, deleting TP from its list.
IANA delegated .tl to the local government in 2005 and encouraged .tp registrants to migrate, but it took a full decade before it followed through and removed .tp from the root, in February 2015.
.zr — Zaire
The first ccTLD to get deleted by IANA under ICANN’s watch was .zr, which was no longer needed after Zaire changed its name to Democratic Republic of the Congo, receiving the code CD from ISO, in 1997.
The pre-ICANN IANA delegated .cd to the newly named country in 1997 and the registry operator set about moving .zr names to .cd. By 2001, that process was completed and .zr was deleted from the root.
.an — Netherlands Antilles
The Netherlands Antilles was a collection of former Dutch colonies in the Caribbean, until the territory split, with its component islands receiving new statuses under Dutch law, in 2010. The ccTLD was .an.
Curaçao got .cw, Sint Maarten (Dutch part) got the sexy-sounding .sx, and Bonaire, Saint Eustatius and Saba got to share .bq. ISO removed AN from its list.
The transition was a bit more complicated than usual, as .an registrants had to transfer to a new ccTLD based on what island they were on, but the local authorities managed it and within five years .an went poof.
.um — United States Minor Outlying Islands
This one’s unique in that it was deleted apparently simply because the registry operator couldn’t be bothered with it any more.
The United States Minor Outlying Islands are pretty much unpopulated, but strategically well-located, islands belonging to the US. There’s eight in the Pacific and one in the Caribbean.
Its ccTLD was operated by the University of Southern California until 2006, when somebody at ICANN noticed it appeared to be broken. When it approached USC for an explanation, it was told “they were no longer interested in managing the .UM domain”.
It had no registered domains, so there was no need for a transition plan and IANA deleted it from the root the following year.
The islands and their code are still on the ISO list and are still eligible for their ccTLD. Presumably it’s only the fact that the US government has asserted its authority over .um that has prevented an opportunist Just Some Guy registry from snapping it up to market .um domains as the leading destination for indecisive people or something.
What does this mean for .io?
ICANN’s policy on ccTLDs is pretty straightforward — your territory has to be on the ISO 3166 list and the ccTLD has to match the code ISO gives you. If your code drops off the list, you have five years, extensible to 10, to conduct an orderly transition before the TLD is retired.
Much like Portuguese Timor changing its name to Timor Leste to shuck off its enforced colonial branding, it seems inconceivable that the Chagos Archipelago will continue to be known as the British Indian Ocean Territory.
The key questions for .io registrants are: will the renamed BIOT keep the IO assignment on the ISO list, and will the archipelago continue to qualify as a distinct territory eligible for ccTLD status?
If BIOT simply becomes part of Mauritius, no longer recognized by the UN as a distinct territory, .io gains an existential threat. It would drop off ISO’s list and ICANN could issue it a retirement notice.
If BIOT remains a distinct territory and remains eligible for a ccTLD, the possibilities become a whole lot more interesting.
If Mauritius decides to change the territory’s name, there’s no problem. But if it asks ISO for a corresponding change of two-letter code to better reflect its new name, .io’s future is in doubt.
If the name is changed to something like “Chagos” and Mauritius wants a “C” code, only CB, CE and CJ are still available.
Theoretically, the government of Mauritius could unilaterally force an undesirable string change on Identity Digital, the American company that runs the .io registry, forcing a years-long migration to the newly chosen ccTLD.
I can’t imagine many of .io’s hundreds of thousands of registrants, particularly those using .io as a domain hack or to hitch themselves to a cool tech-startup bandwagon, being happy with a forced migration to, say, .cj.
The power to decoolify an entire TLD would be a compelling weapon in a redelegation fight. I’m deep into speculative territory here, but I can’t help but feel that Identity Digital is going to have to give Mauritius some money at some point.
Another possibility is that the registry, one of ICANN’s biggest funders, could lobby ICANN to change its policies and somehow grandfather .io in as a stateless ccTLD.
The fact that ICANN hasn’t acted to remove .su from the root, thirty years after the Soviet Union collapsed, could be seen as precedent.
The answers to .io’s future might be found in the proposed UK-Mauritius treaty, but that has yet to be published. As it has to be ratified by the UK Parliament we can expect it to enter the public domain before long.
Future of .io domains uncertain as UK hands over Chagos islands
The future of the .io ccTLD is up in the air today with the announcement that the UK is to hand over the British Indian Ocean Territory, also known as the Chagos Archipelago, to Mauritius.
The two governments announced today that they will sign a treaty agreeing “that Mauritius is sovereign over the Chagos Archipelago”. It’s being called the end of British colonialism in Africa.
Under the broad-ranging 99-year deal, native Chagossians, forcibly exiled since the late 1960s, will be free to return to the islands, apart from Diego Garcia, which is home to a strategically important UK-US military base.
There’s no talk yet of the future the ccTLD, of course — the governments have bigger fish to fry — but the change of sovereignty could have interesting implications for the .io registry and its registrants.
The positive spin is that owning a .io domain could now be seen as a less dubious ethical choice.
For almost a decade, largely unsuccessful boycotts of .io have been organized by tech bros upset with the treatment of the Chagossians. Now that they’re getting their land back, the queasiness of supporting “digital colonialism” might go away.
The bad news is that a change of sovereignty could ultimately lead to a change of registry, or the ccTLD disappearing entirely.
ICANN takes its lead from the International Standards Organization, specifically the ISO 3166-1 alpha-2 list, when it comes to deciding whether a ccTLD deserves to exist and what two-letter code it gets.
If BIOT ceases to exist and is removed from the ISO list, as seems likely, there’s a strong case to be made that .io should cease to exist too.
Whether ICANN would actually remove .io from the DNS root is another matter, of course. While it has removed ccTLDs before when the associated country disappears, it has done so in a measured, managed fashion.
The Org also seems quite happy for .su to stay in the root, thirty-odd years after the Soviet Union fell apart.
But what of redelegation? There’s already a campaign to get .io redelegated to the Chagossians, and now that the UK is relinquishing its control of BIOT to Mauritius, the redelegation claim could be strengthened by the weight of a national government.
However, while .io is assigned to BIOT, the UK government says it has no formal relationship with the registry, so a change of ownership of the territory doesn’t necessarily mean the ccTLD changes owners.
The registry is run by a private UK company, Internet Computer Bureau, which nowadays is basically a shell owned by an Irish company that is in turn owned by US-based Identity Digital and its parent Beignet.
And ICANN typically doesn’t redelegate ccTLDs without the consent of the losing registry, which in many cases is Just Some Guy who spotted a business opportunity in the 1990s.
Niue, the Pacific island nation, has been fighting fruitlessly for control of .nu for two decades, for example, but the extant registry doesn’t want to hand it over so ICANN has not acted.
As I reported earlier this week, .io had turnover of almost $40 million last year, so it seems unlikely that Identity Digital would follow the UK’s lead and just hand it over.
While the registry does not disclose its registration numbers, the revenue suggests it’s possible over a million .io domains have been registered.
.ai now has over half a million names
Anguilla’s .ai ccTLD added 54,372 domain names in the last quarter, according to the registry’s web site.
The total today is 533,068 domains, compared to 478,696 on July 1, according to an update posted this afternoon. The .ai domains under management number was 306,861 about a year ago.
.ai now has about as many registered domains as Finland’s .fi or Identity Digital’s .live.
The impressive growth is of course due to the string matching the abbreviation for Artificial Intelligence.
UK and Israel cut ICANN funding
The ccTLD registries for UK and Israel cut their funding to ICANN by the largest amounts in the Org’s last financial year, according to the latest numbers.
ICANN received mostly voluntary ccTLD contributions totaling $2,135,937 in its fiscal 2024, which ended June 30, according to its report, which was published (pdf) a couple weeks ago. That’s down $80,302 from the $2,216,240 it received in FY23.
The biggest single reason for the decline is that Nominet, the .uk registry, slashed its contribution from its usual $225,000 tribute by $75,000 to $150,000 in FY24.
Under ICANN guidelines (pdf) for ccTLDs, registries with over five million domains under management should contribute the maximum $225,000 a year. While .uk has been in decline for a while, it still has well over 10 million DUM.
But Nominet was the only ccTLD still paying the $225,000. All the other ccTLDs with over five million domains were already paying substantially less.
The Netherlands reduced its contribution from $225,000 to $180,000 in FY23. Germany has not given ICANN more than $130,000 a year in the last five years. China always pays $45,000. Brazil pays $100,000.
Nick Wenban-Smith, Nominet’s general counsel told us: “Our relationship with ICANN has not changed. We are a long-standing supporter of the organisation in many ways, lending our resources to policy work and other community efforts alongside our annual financial contribution.”
Israel is the second big funding-cutter in the latest report. It had been giving the recommended $15,000 for its 250,000+ domains, but reduced that to just $5,000 in FY24, despite its DUM being up slightly over the period.
Registries from nine territories that contributed $1,000 or less every year from FY20 to FY23 did not contribute at all in FY24. These include Nigeria, Antigua and Barbuda, Malawi, Guernsey, Jersey, Saint Lucia, Tokelau, and the US Virgin Islands.
The lack of any money from Tokelau’s .tk is expected given the death of the registry. Jersey and Guernsey are perhaps more surprising, given the registries are run by a former ICANN director.
A handful of other ccTLDs from small territories that have only sporadically given in the past did not contribute in FY24.
Fourteen registries contributed more in FY24 than they did in FY23, but the difference amounted to just $13,000 extra cash in ICANN’s coffers. South Africa, Slovenia, Vietnam, Tanzania, and Mongolia all paid $1,000 or more over FY23.
Russia, which stopped providing funding in FY23 despite its almost six million DUM, also did not give any money in FY24.
Recent Comments