Now .org critics actually want to take over the registry, blocking billion-dollar sale

A group of ICANN alumni and non-profits want to block the $1.135 billion sale of .org manager Public Interest Registry and for ICANN to hand over the reins to a new not-for-profit entity.
The Cooperative Corporation of .ORG Registrants was reportedly formed in California this week, supported by a long list of opponents of the .org deal, which would see the Internet Society sell PIR to a new private equity company called Ethos Capital.
Currently not-for-profit .org would become commercial again, answerable to shareholders who want to see a return on their investment. PIR recently had its 10%-a-year price caps lifted by ICANN, enabling it to increase its annual registry fees by as much as it wants.
Founding directors of the new co-op reportedly include ICANN founding chair Esther Dyson and founding CEO Mike Roberts, neither of whom have been heavily involved in ICANN or the domain name industry for the better part of two decades.
According to Reuters, Also on the board are Wikimedia Foundation CEO Katherine Maher, Jeff Ubois of the MacArthur Foundation, and Bill Woodcock, executive director of Packet Clearing House, which provides .org, via back-end Afilias, with DNS resolution services.
Dyson told the New York Times: “If you’re owned by private equity, your incentive is to make a profit. Our incentive is to serve and protect nonprofits and the public.”
The new registry would not have a profit motive, and excess funds would be returned to the non-profit community.
While the new group has yet to make a formal, public proposal, the idea is reportedly to persuade ICANN to block the sale of PIR to Ethos — something nobody can seem to agree is even within its powers — and instead transfer stewardship to this new co-op.
It’s a crazily ambitious goal.
The group would be basically asking ICANN to cut off ISOC’s primary funding source. PIR currently gives tens of millions of dollars a year to its owner, and after the Ethos deal ISOC intends to live off the interest of its billion-dollar windfall.
If ICANN canceled the PIR contract and handed .org to a third party, ISOC would get nothing, potentially crippling it and subsidiaries such as the IETF.
I can’t imagine such a decision, on the outside chance ICANN actually went down this path, not resulting in litigation.
The Cooperative Corporation of .ORG Registrants is reportedly also being backed by other supporters of the #SaveDotOrg campaign (which now has over 20,000 supporters), including the free speech advocates at the Electronic Frontier Foundation and NTEN, a conference/community hub for non-profits.
This campaign last month managed to persuade a group of four Democrat members of Congress — Ron Wyden, Richard Blumenthal, Elizabeth Warren and Anna Eshoo — to express their concerns about the Ethos deal and ask ISOC/Ethos/PIR a series of pointed questions about its potential ramifications.
In its response this week (pdf), the leaders of the three entities avoided directly answering the bulleted questions, but did make some commitments that I believe are new.
Notably, they said that the registry would reincorporate as a Public Benefit LLC before the acquisition closes. This is a relatively new form of legal entity, which has been described like this:

A Public Benefit LLC is a for-profit entity; however, in operating a Public Benefit LLC, the LLC’s management can take into account social, economic and political considerations without violating its fiduciary duty to act in the best interests of the company.

In other words, PIR would be free to place the needs of .org’s non-profit registrants ahead of the needs of its own shareholders without opening itself up to legal action.
A “statement of public benefit” would be in its certificate of formation, and would include a commitment “to limit any potential increase in the price of a .ORG domain registration to no more than 10% per year on average”.
I’ve noted before that this is worded vaguely enough to give Ethos some flexibility to raise prices by over 10%, but the fact that it’s offering to bake a commitment on pricing into its corporate DNA may be seen as a step in the right direction by critics.
It’s also proposing a “Stewardship Council”, which would be “an independent and transparent body” tasked with providing policy guidance to PIR and overseeing a new “Community Investment Fund” that would be used for initiatives such as the annual .org awards program.

DI Leaders Roundtable #4 — Big predictions for 2020

Hindsight is 2020, right? Not this time!
We’re rolling up to the end of the year, so for the fourth DI Leaders Roundtable I thought I’d task my panel of industry experts with the wholly original and unpredictable question:

What do you think will be the major trends or developments in the domain name industry in 2020?

I’m wonderfully happy to report that the panel grasped the opportunity with both hands and delivered an absolute smorgasbord (selection of open sandwiches) of informed opinion about how they reckon 2020 will play out.
From potential changes to security practices to ongoing consolidation to increased government regulation to the death of new gTLDs to the growth of new gTLDs, 2020 is certainly going to be a fun year to report on.
In no particular order, this is what they said:
Rick Schwartz, domain investor

2020 is going to be just a fabulous year.
It comes down to two words: re-branding and upgrading.
Businesses that have gotten domains that may have not been prime to begin with want prime domains now to help them grow and be taken more seriously.
Businesses, especially global businesses that made the mistake of using non-dotcom domains, have realized their mistake and want to upgrade to a dotcom domain because of their own self-interest. They don’t care what domainers think! They only care about what they think and their bottom line, and in that regard they only have one choice and they all know it.
It’s mandatory if they want to grow and become part of the largest franchise ever known to mankind. The dotcom franchise.
If you add up all the net worth of every company on earth using the dotcom brand, the number is unfathomable.
As we go into the seventh year of the new gTLD experiment, they are meaningless. They haven’t been adopted by almost anybody. Circulation is poor. So many registrations are questionable or penny-promotional. The majority are parked and not in use nor will they ever be. And 99.9% of the people on this planet could not name a single one of them! Not a one!
The poor roll-out, poor marketing, poor circulation, questionable tactics and rolling out hundreds of extensions at one time was a death wish. A demolition derby as I have described and look at the HUNDREDS that are truly dying on the vine. They are not viable!
The registries themselves wanted the same result as dotcom but they smothered their own product by holding back anything they deemed to have any value whatsoever. They wanted the same result as dotcom but they certainly didn’t use the same playbook. There was no such thing as premium domains with Network Solutions. That was what gave life to the aftermarket.
They changed the recipe and it is what it is. Instead of replacing dotcom domains they should have marketed them as an on-ramp to their main dotcom website. That was a fatal choice.
Country-code extensions with dual purposes have outperformed all the new gTLDs put together.
.org has legs. Even .net domains seem to be in better shape than any of the new extensions.
According to NTLDStats.com there are 400 extensions with less than 20,000 registrations. Not viable! Over 300 of them have less than 10,000 and more than 200 have less than 5,000 and most of those have 2,000 or less.
On the other hand, there have been a lot of gimmicks used by the top 10 to gain HOLLOW registrations. Those 10 control 63% of all new gTLD registrations. Leaving the other 37% to be divided by over 500 other extensions. It’s laughable.
And when it comes to aftermarket sales, 2019 was worse than 2018 and 2017. Wrong direction for something that is supposed to be “emerging.”
According to TheDomains.com reported sales, of new gTLD’s are in a nosedive for 2019 vs 2018 and 2017. And most were done by registries themselves and not individual domain investors. Wrong direction!
2017
1,007 Total Sales
$5.2m Dollar Volume
$5,118 Average Price
$500.3k High Price
2018
1,490 Total Sales
$5.7m Dollar Volume
$3,847 Average Price
$510k High Price
2019
865 Total Sales
$3.4m Dollar Volume
$3,940 Average Price
$335k High Price
To me, 2020 is a year of total clarity. The experiment is over.
Get on board or get run over.

Sandeep Ramchamdani, CEO, Radix Registry

Within the new domains space, we will see a clear separation between the top 10 most popular extensions, and everything else. Many new TLDs have been able to jump volumes by operating at ultra-low prices. As the reality of renewals hit next year, the top TLDs by DUMs will more closely represent the most popular strings overall. Registrars will naturally tend towards focusing on these strings at the cost of everything else.
We will continue to see the normalization of new strings, as its visibility driven by legitimate end-user usage, rises. Our hope is that more registries play an active role in driving adoption by highly visible end-users and accelerate this evolution.

Jeff Neuman, Senior VP, Com Laude

Looking into my domain name industry crystal ball for 2020, I can see the continuation of some of the same activities, the start of some new debates, and even more maturation of the industry. Here are my views on three of the policy issues likely to be center-stage in 2020 (in no particular order).
Transitioning to a new Steady State of New TLDs.
OK, so the next round of new gTLDs will not open in 2020. However, there will be some real progress made towards the next round. The Subsequent Procedures PDP will complete its policy work on its review of the 2012 round and deliver it to the Council, who in turn will approve (hopefully) the policy work and submit to the Board.
The ICANN Board will put out the report for public comment and we will see those that oppose any new more new TLDs come back out of the woodwork to file the same type of comments reminiscent of 2009/2010. They will claim that more TLDs are not needed, we should not be moving too fast (despite nearly a decade between rounds), and that we should not be adding new TLDs until we solve DNS Abuse, Name Collision, WHOIS/SSAD/GDPR/RDAP/UAM, (insert your own issue), etc.
Despite the likely negativity from some, the community will realize that there is value to additional new gTLDs and maintaining a competitive landscape. There is still value in innovation, encouraging consumer choice and competition. The community will rise above the negativity to realize that many of the issues we experience in the industry are in fact related to the artificial scarcity of TLDs and that we need to continue to push forward towards completing one of the original missions of ICANN.
Rights Protection Mechanisms move to Phase 2.
Admittedly most of the community has not been paying attention to the Rights Protection Mechanisms (RPMs) Policy Development Process PDP. Currently it is working on Phase 1: Reviewing the RPMs introduced for the 2012 Round of New gTLDs. This work includes looking at the Trademark Clearinghouse, Sunrise Processes, the URS and the Trademark Claims process.
2020 may likely see the beginning of its second phase, the first ever review of the Uniform Dispute Resolution Policy (UDRP).
The UDRP was the first of ICANN’s Consensus Policies, and one that has been in place for more than to decades. Great care must be taken in the review of this policy which most will argue has been ICANN’s most successful policy in its relatively young history. The UDRP not only protects the intellectual property community by going after the bad faith registration and use of gTLD domains, but it also has been instrumental for registries and registrars to stay out of the middle of domain name disputes.
Prior to the UDRP, the one domain name registry/registrar was constantly in court defending itself against claims of contributory infringement and hoping that courts would not impose liability on it for allowing the registration of domain names by cybersquatters and not taking back names when notified about the abuse that was occurring on those names.
The passage of the UDRP drastically changed all of that. Registries and Registrars could extricate themselves from domain name disputes by referring the parties to the UDRP and agreeing to following/implementing the decisions. Courts agreed that following the UDRP served as a shield of liability for those registries and registrars that faithfully followed the policy. The bottom line in my view is that domain name registries and registrars need the UDRP as much as the IP Community.
The DNS Abuse Debate continues.
Although some progress has been made in defining and mitigating DNS Abuse with a number of registries and registrars signing a Framework to Address DNS Abuse, more discussions by the ICANN community will continue to take place both within and outside of ICANN. In my opinion, those registries and registrars that are serious of addressing true DNS abuse, will continue to educate the community on the already positive steps that they have been taking to combat phishing, pharming, malware, botnets, etc. as well a number of other non-DNS abuse issues (illegal pharmaceuticals, child exploitation, etc.).
Other groups will continue to press registries and registrars to do more to combat all sorts of other non-DNS forms of abuse, while others will strenuously argue that the more that is done, the more we threaten the civil liberties of domain name registrants. The community will realize that there is no right side or wrong side in this debate. Each side of those complicated debate is right.
Hopefully, a true sense of “multi-stakeholderism” will arise where domain name registries and registrars continue to mitigate abuse while disassociating themselves from those that are not as serious about combating abuse, ICANN will develop tools that will constructively assist with mitigating abuse (as opposed to focusing on contractual regulations), and the rest of the community will work on how to combat the growing problem without trampling on the rights of registrants. At the end of the day, all of us have a role in protecting end users on the Internet.
Note: I know the ePDP work on Universal Access will of course be ongoing, but I am sure others will give their thoughts on that. From a non-policy perspective, the domain name industry will continue to consolidate. We may very well see more registry/registrar combinations, registries purchasing other registries and private equity investment. We will see some more innovative uses of brand TLDs and others following suit.

Christa Taylor, CMO, MMX

1. The predicted 2020 recession will reward agile organizations who embrace machine learning to enhance operational efficiencies, customer experiences and protect corporate profit margins. Naturally, organizations with high operating costs will be the hardest hit with impacts being felt in the second half of 2020.
2. The potential recession combined with mounting pressures to increase efficiency will lead to a renewed focus on reaching niche markets to expand business.
3. Protection and representation movement of identities will continue to gain strength and momentum in 2020 as more and more people recognize the importance of controlling their own personal data.
4. Horizontal and vertical consolidation along with increased synergies will continue throughout the industry.
5. The 4th industrial revolution (IoT, VR, AI, BC) will gather momentum and provide additional opportunities for the use of domain names.
6. The next round of new gTLD applications will encounter unanticipated challenges causing delays.
7. New gTLDs registrations will continue to grow in 2020.

Michele Neylon, CEO, Blacknight

I suspect we’ll see more consolidation across the domain and hosting space. Afilias will probably acquire a few more under-performing registry operators. Some will already be on their platform, while others will be using their competitors. CentralNic will continue to acquire companies that fit with their portfolio of services.
There’ll be more mergers and acquisitions across the hosting and domain registrar space with a small number of companies dominating most developed markets.
The PIR acquisition by Ethos Capital will close and the sky won’t fall. PIR will increase their wholesale price by a few percentage points which will upset domain investors. There’ll be increased calls on ICANN to take action, but these will be rebutted.
More country code operators will start using AI to combat abusive registrations. In some cases I suspect we’ll see more stringent registrant validation and verification policies being introduced, though many ccTLD operators will find it hard to balance maintaining new registration volumes while also increasing the overall “quality” of the registration base.
There’ll be an increase in internet shutdowns in less-developed democracies, while governments in Europe and elsewhere will increase pressure on social media companies to stop the spread of propaganda. Internet infrastructure companies will come under more pressure to deal with content issues.
As we enter a new decade the role of the internet in our daily lives, both business and personal will continue to grow.
The big challenges that lie ahead are going to be complex. Without increasing security there’s a tangible risk that consumers will lose trust in the system as a whole and governments will want to impose more regulations to ensure that. One of the challenges is going to be balancing those increased levels of security and consumer confidence while not stifling innovation.
It’s going to be a fun future!

Dave Piscitello, Partner, Interisle Consulting Group

Expect increased scrutiny of the domain registration business. Our study and others to follow will continue to expose enormous concentrations of abuse and criminal domain registrations at a small number of registrars.
Domains registered using bulk registration services will attract the most attention. We call these “burner domains”, because cybercriminals use these in a “register, use, and abandon” fashion that’s similar to how drug dealers use disposable or burner mobile phones.
Governments will become more insistent that ICANN does more than acknowledge their recommendations and then defer adoption. They will increase pressure to validate domain registration data and legitimate businesses will happily comply with the additional validation overhead because of the abuse mitigation benefits they’ll receive.
There’s a possibility that a government other than the EU will adopt a data protection regulation that exposes the flawed logic in the ill-conceived Temp Spec “one redaction fits all”. Having decided to “run with GDPR”, what will ICANN do when faced with a government that insists that email addresses be made public?
The governance model will also fall under scrutiny, as the “multi” in multi-stakeholder appears to be increasingly dominated by two stakeholder interests and public interest barely receives lip service.

Ben Crawford, CEO, CentralNic

• There will be more creative ways to bake identity, cyber security, crime prevention and policing, and IP protection measures into domains and registration services
• More registries will be auctioning their own deleting domains
• Large tech firms, finance players and telcos will play and increasing role in the domain industry
• Further consolidation of gTLDs as the bigger registry operators continue to acquire some of the smaller ones
• More regulations impacting the domain name industry
• Smart independents like .XYZ, Radix and .ICU (which went from zero to 4+ million DUMs in 18 months) will continue to dominate the nTLD space (without blowing $100m on the rights to their TLDs)

Jothan Frakes, Executive Director, Domain Name Association

Consolidation will continue — look for a lot of M&A activity and corporate development. Lots of moves and role changes with people changing companies as the consolidation occurs. With change comes great opportunity, and there will be a lot of change.
The industry is kicking off the year with oomph — the new location and format for NamesCon, billed as as the Domain Economic Forum in Austin. The event looks promising, as it begins refreshed and demonstrates the strengths of the team who produce Cloudfest. Austin, like Las Vegas, is a mecca for tech startups, but larger, so hopefully the convenience of the venue to the local tech companies, along with with GoDaddy demonstrating a heavier presence at the event this year will be a big lure to attract more new faces to this great industry (and event).
There will be more focus on making things easier for new customers to use and activate services on domain names. Cool technologies such as DomainConnect or other methods that enable “app store” type activation of domain names will continue to make it simpler for a domain name owner to activate, build and use their domains. This is a crucial evolutionary step in the business, as it plays a significant role in renewal rates and overall customer growth.
We’ll see further innovation in the use of domain names become more mainstream. IoT, GPS/Geo, AI, Bots, voice, AR/VR and other technologies will drive expanded use of domain names. Even Blockchain, which seems to have gotten more pragmatic about purpose, has a lot of promise with how it can interact with DNS now that the hype has scaled back and the designated drivers that remain are plowing forth with their efforts to deliver on the core purpose/benefits they set out to deliver.
Domains, as well as the cool things that you can do with them, will continue to be a growing business that enables people and organizations to build and do great things.

A very happy new year to all DI readers and supporters!

Amazon beats South America! Dot-brand contracts now signed

Amazon has prevailed in its seven-year battle to obtain the right to run .amazon as a branded top-level domain.
The company signed contracts for .amazon and the Chinese and Japanese translations on Thursday, despite years-long protests from the eight South American governments that comprise the Amazon Cooperation Treaty Organization.
This means the three gTLDs are likely to be entered into the DNS root system within a matter of weeks, after ICANN has conducted pre-delegation testing to make sure the registry’s technical systems are up to standard. The back-end is being provided by Neustar, so this is pretty much a formality.
.amazon is pretty much a done deal, in other words, and there’s pretty much nothing ACTO can do within the ICANN system to get the contract unsigned.
ACTO was of course angry about .amazon because it thinks the people of the Amazonia region have greater rights to the string than the American e-commerce giant.
It had managed to muster broad support against the gTLD applications from its Governmental Advisory Committee colleagues until the United States, represented on the GAC by the National Telecommunications Administration did a U-turn this November and withdrew its backing for the consensus.
This coincided with Amazon hiring David Redl, the most-recent former head of the NTIA, as a consultant.
The applications were originally rejected by ICANN due to a GAC objection in 2013.
But Amazon invoked ICANN’s Independent Review Process to challenge the decision and won in 2017, with the IRP panel ruling that ICANN had paid too much deference to unjustified GAC demands.
More recently, ACTO had been demanding shared control of .amazon, while Amazon had offered instead to protect cultural interests through a series of Public Interest Commitments in its registry agreements that would be enforceable by governments via the PIC Dispute Resolution Procedure.
This wasn’t enough for ACTO, and the GAC demanded that ICANN facilitate bilateral talks with Amazon to come to a mutually acceptable solution.
But these talks never really got underway, largely due to ACTO internal disputes during the political crisis in Venezuela this year, and eventually ICANN drew a line in the sand and approved the applications.
After rejecting an appeal from Colombia in September, ICANN quietly published Amazon’s proposed PICs (pdf) for public comment.
Only four comments were received during the month-long consultation.
As a personal aside, I’d been assured by ICANN several months ago that there would be a public announcement when the PICs were published, which I even promised you I would blog about.
There was no such announcement, so I feel like a bit of a gullible prick right now. It’s my own stupid fault for taking this on trust and not manually checking the .amazon application periodically for updates — I fucked up, so I apologize.
PICs commenters, including a former GAC vice-chair, also noticed this lack of transparency.
ACTO itself commented:

The proposed PIC does not attend to the Amazon Countries public policy interests and concerns. Besides not being the result of a mutually acceptable solution dully endorsed by our countries, it fails to adequately safeguard the Amazon cultural and natural heritage against the the risks of monopolization of a TLD inextricably associated with a geographic region and its populations.

Its comments were backed up, in pretty much identical language, by the Brazilian government and the Federal University of Rio de Janeiro.
Under the Amazon PICs, ACTO and its eight members each get a .amazon domain that they can use for their own web sites.
But these domains must either match the local ccTLD or “the names of indigenous peoples’ groups, and national symbols of the countries in the Amazonia region, and the specific terms OTCA, culture, heritage, forest, river, and rainforest, in English, Dutch, Portuguese, and Spanish”.
The ACTO nations also get to permanently block 1,500 domains that have the aforementioned cultural significance to the region.
The ACTO and Brazilian commenters don’t think this goes far enough.
But it’s what they’ve been given, so they’re stuck with it.

Ethos promises to keep .org for many many many many years

Ethos Capital doesn’t plan to flip .org manager Public Interest Registry any time soon, according to its CEO.
Erik Brooks said that private equity firm Ethos, which intends to buy PIR from the Internet Society for over a billion dollars, plans to keep hold of the company for “many, many, many, many years”.
He was talking last night during a public conference call organized by NTEN, which also included the CEOs of ISOC and PIR, as well as critics from the Electronic Frontier Foundation, the the National Council of Nonprofits and the Irish chapter of ISOC.
The call was set up because many believe .org’s transition back into for-profit hands, coupled with its recently gained ability to raise prices arbitrarily, means .org’s non-profit registrants are in for a hard time as Ethos profit-takes.
While Brooks and chief purpose officer Nora Abusitta made all the right noises to settle such concerns, promising to not unreasonably raise prices and to stick with PIR’s commitment to non-profits, some participants remained skeptical.
Brooks said that his vision for Ethos, which he founded earlier this year, is “fundamentally broader and more expansive than traditional investing” where “success is defined as success for all participants, success for customers, employees, vendors, the community impacted by the company”.
PIR CEO Jon Nevett said he was initially concerned about the deal — which was negotiated between ISOC and Ethos without PIR’s participation — he is now “convinced that they’re here to do the right thing”.
He said that rather than funneling all of PIR’s spare .org reg cash to ISOC as happens currently, it will now be able to invest some of it in improving .org instead.
Brooks said he understand the community concerns about price increase.
“We are absolutely committed to staying within the spirit of how PIR has operated with the price system they have operated with before,” he said. That means 10% a year on average, as Ethos has stated before.
He added that “working on some mechanisms and some ideas that will give registrants more assurance” that this is just not PR spin, and that these will be communicated publicly over the coming weeks.
The fact that ICANN lifted the previous 10% contractual price cap just a few months before the deal was sealed did not factor into Ethos’ thinking, he said.
While what Ethos is describing is all well and good, there’s no telling what a future owner of PIR would do, should Ethos sell it or float it on the public markets.
That looked like a possibility, especially given that some say that Ethos is under-paying by a considerable margin for the registry.
But Brooks, asked what Ethos’ exit runway for PIR looked like, said that the company was committed to owning the registry “for an extraordinarily long period of time… dramatically outside the normal window of somebody owning a business… many, many, many, many years”.
Ethos’ own backers — which apparently include investment vehicles linked to Mitt Romney and the late Ross Perot — are on board with this long-term plan, he said.
So, assuming Brooks is a man of his word, .org registrants only have to look forward to price increases of no more than 10% a year for some time to come, which is kinda the situation they were in at the start of the year.
But not everyone is as trusting/gullible as me.
The EFF’s Mitch Stoltz, who was on the call, later published a blog post that seemed to shift gears somewhat away from pricing concerns towards the potential for future censorship of .org domains.
“Ethos Capital has a financial incentive to engage in censorship—and, of course, in price increases,” he wrote.
He alluded to that PIR had briefly toyed with the idea of a “UDRP for copyright” a few years ago, but had backed down under community pressure, something that he doesn’t believe Ethos would necessarily do.
Asked about the censorship issue by Stotlz during the call, Brooks said he had not given the issue a great deal of consideration but that he expected PIR’s practices on this kind of thing to continue on as they are today.

Four big developments in the .org pricing scandal

The renewal of Public Interest Registry’s .org contract and its subsequent acquisition by Ethos Capital is the gift that keeps on giving in terms of newsworthy developments, so I thought I’d bundle up the most important into a single article.
First, ICANN has thrown out the appeal filed by Namecheap and provided a (kinda) explanation of how the recent contract renewal came about.
The board of directors voted to reject Namecheap’s Request for Reconsideration on Thursday, as I reported last week, but the decision was not published until last night.
Namecheap had demanded ICANN reverse its decision to remove the 10%-a-year cap on price increases previously in the .org contract, enabling PIR to unilaterally raise its prices by however much it wants.
It said that ICANN had “ignored” the more then 3,000 people and organizations that had submitted comments opposing the lifting of caps.
But the board said:

ICANN org’s Core Values do not require it to accede to each request or demand made in public comments or otherwise asserted through ICANN’s various communication channels. ICANN org ultimately determined that ICANN’s Mission was best served by replacing price caps in the .ORG/.INFO Renewed RAs with other pricing protections to promote competition in the registration of domain names, afford the same “protections to existing registrants” that are afforded to registrants of other TLDs, and treat registry operators equitably.

The board also decided to describe, in a roundabout kinda way, how it conducts renewal talks with pre-2012 legacy gTLDs, explaining that ICANN “prefers” to move these registries to the 2012 contract, but that it cannot force them over. The resolution states:

All registry agreements include a presumptive right of renewal clause. This clause provides a registry operator the right to renew the agreement at its expiration provided the registry operator is in good standing (e.g., the registry operator does not have any uncured breaches), and subject to the terms of their presumptive renewal clauses.
In the course of engaging with a legacy registry operator on renewing its agreement, ICANN org prefers to and proposes that the registry operator adopts the new form of registry agreement that is used by new gTLDs as the starting point for the negotiations. This new form includes several enhancements that benefit the domain name ecosystem such as better safeguards in dealing with domain name infrastructure abuse, emergency backend support, as well as adoption of new bilaterally negotiated provisions that ICANN org and the gTLD Registries Stakeholder Group conduct from time to time for updates to the form agreement, and adoption of new services (e.g., RDAP) and procedures.
Although ICANN org proposes the new form of registry agreement as a starting place for the renewal, because of the registry operator’s presumptive right of renewal ICANN org is not in a position to mandate the new form as a condition of renewal. If a registry operator states a strong preference for maintaining its existing legacy agreement form, ICANN org would accommodate such a position, and has done so in at least one such instance.

I believe the gTLD referred to in the last sentence is Verisign’s .net, which renewed in 2017 without substantially transitioning to the 2012-round contract.
On the acquisition, the board notes:

the Board acknowledges (and the Requestor points out in its Rebuttal) the recently announced acquisition of PIR, the current .ORG registry operator, and the results of that transaction is something that ICANN organization will be evaluating as part of its normal process in such circumstances.

That appears to be a nod to the fact that ICANN has the power to reject changes of control under exceptional circumstances, per the .org contract.
Despite the wholly predictable rejection of Namecheap’s RfR, appeals against the contract’s new terms may not be over.
For some reason I have yet to ascertain, the very similar RfR filed around the same time by the Electronic Frontier Foundation was not considered, despite being on the agenda for last Thursday’s board meeting.
Additionally, I hear Namecheap has applied for Cooperative Engagement Process status, meaning it is contemplating filing an Independent Review Process appeal.
Second, Ethos Capital, PIR’s new owner, launched a web site in which it attempts to calm many of the concerns, criticisms and conspiracy theories leveled its way since the acquisition was announced.
Found at keypointsabout.org, the site tries to clarify the timing and motivation of the deal.
On timing, Ethos says:

Ethos Capital first approached the Internet Society in September 2019, well after PIR’s contract renewal with ICANN had finished… PIR was not for sale at the time the price caps were lifted on .ORG. The removal of .ORG’s price restrictions earlier this year was not unique to .ORG and was in no way motivated by a desire to sell PIR.

The .org contract was signed at the end of July, so while Ethos may well have been lusting after PIR before the renewal, it apparently did not run towards it with its trousers around its ankles until at least a month later.
On its pricing intentions, Ethos says:

The current price of a .ORG domain name is approximately $10 per year. Our plan is to live within the spirit of historic practice when it comes to pricing, which means, potentially, annual price increases of up to 10 percent on average — which today would equate to approximately $1 per year.

This sounds rather specific, but it’s vague enough to give PIR leeway to, say, introduce a 100% increase immediately and then freeze prices until it averages out at 10% per year. I don’t think the company will do something so extreme, but it would technically be possible the way it’s described here.
On the connections to Abry Partners and former ICANN CEO Fadi Chehade, Ethos says that while founder and CEO Erik Brooks is a 20-year veteran of Abry (which also owns Donuts) “Abry Partners is not involved in this transaction.”
It adds, however, that Chehade’s company, Chehade & Company, where Ethos chief purpose officer Nora Abusitta-Ouri has worked “is an adviser to Ethos”.
What this means, at the very least, is that the new owner of .org allowed an outside contractor to register the domain matching its name in the very gTLD it runs, which most domain veterans will recognize as a rookie mistake.
Ethos goes on to list VidMob Inc, Whistle Sports Inc, Adhark Inc and LiquidX Inc as other companies Ethos has invested in, perhaps rubbishing the hypothesis (which I, admittedly, have publicly floated) that Ethos was a vehicle created by Abry purely to buy up PIR.
Third, Ethos may be funded by “billionaire Republicans”.
.eco registry founder Jacob Malthouse, who’s trying to rouse up support for the #SaveDotOrg campaign, dug up an email apparently sent by ISOC CEO Andrew Sullivan to a members mailing list in the wake of the acquisition announcement, which names some of the backers of the deal.
They are: Perot Holdings, FMR LLC and Solamere Capital.
What they have in common is that they’re all — at least according to Malthouse’s since-amended original post — founded/owned/affiliated with prominent billionaire US Republicans. I’m not sure I’d fully agree with that characterization.
Perot was founded by Ross Perot, who stood for US president as an independent a few times but spent the last couple of decades of his life (which ended in July) as a Republican. I’d say his political affiliation died with him.
FMR, or Fidelity Investments, is run by Abigail Johnson, who inherited the role from her father and grandfather. While she’s made donations to Republicans including local senator, Mitt Romney, she also gave Hillary Clinton a tonne of cash to support her 2016 presidential election run, so I’m not sure I’d necessarily characterize her as die-hard GOP.
Romney himself was involved in the founding of Solamere Capital, the third apparent Ethos investor, but according to its web site he stepped down at the start of this year, long before Ethos was even founded, in order to re-join the US Senate.
I’m not sure what the big deal about these connections is anyway, unless you’re of the (often not unreasonable) belief that you don’t get to be a billionaire Republican without being just a little bit Evil.
Fourth, a bunch of non-profits are campaigning to get the deal scrapped.
The #SaveDotOrg campaign now has its matching .org address and web site, savedotorg.org.
It appears to have been set up by the EFF, but its supporters also include the non-profits American Alliance of Museums, American Society of Association Executives, Aspiration, Association of Junior Leagues International, Inc., Creative Commons, Crisis Text Line, Demand Progress Education Fund, DoSomething.org, European Climate Foundation, Free Software Foundation, Girl Scouts of the USA, Independent Sector, Internet Archive, Meals on Wheels America, National Council of Nonprofits, National Human Services Assembly, NTEN, Palante Technology Cooperative, Public Knowledge, R Street Institute, TechSoup, VolunteerMatch, Volunteers of America, Wikimedia Foundation, YMCA of the USA and YWCA USA.
The letter (pdf) states:

Non-governmental organizations all over the world rely on the .ORG top-level domain. Decisions affecting .ORG must be made with the consultation of the NGO community, overseen by a trusted community leader. If the Internet Society (ISOC) can no longer be that leader, it should work with the NGO community and the Internet Corporation for Assigned Names and Numbers (ICANN) to find an appropriate replacement.

It claims that the new .org contract gives PIR powers to “do significant harm” to non-profits, should they be abused.
The campaign has had a little traction on social media and so far has over 8,000 signatures.

Former NTIA chief Redl now working for Amazon

David Redl, the former head of the US National Telecommunications and Information Administration has joined Amazon as an internet governance advisor, I’ve learned.
I don’t know whether he’s taken a full-time job or is a contractor, but he’s been spotted palling around with Amazon folk at ICANN 66 in Montreal and knowledgeable sources tell me he’s definitely on the payroll.
Redl was assistant secretary at the NTIA until May, when he was reportedly asked to resign over a wireless spectrum issue unrelated to the domain names after just 18 months on the job.
His private sector career prior to NTIA was in the wireless space. I don’t believe he’s ever been employed in the domain industry before.
NTIA is of course the US agency responsible for participating in all matters ICANN, including the ongoing fight over Amazon’s application for the .amazon brand gTLD.
The proposed dot-brand has been in limbo for many years due to the objections of the eight nations of the Amazon Cooperation Treaty Organization, which claims cultural rights to the string.
ACTO nations on ICANN’s Governmental Advisory Committee want ICANN to force Amazon back to the negotiating table, to give them more power over the TLD after it launches.
But the NTIA rep on the GAC indicated at the weekend that the US would block any GAC calls for .amazon to be delayed any longer.
As I type these words, the GAC is debating precisely what it should say to ICANN regarding .amazon in its Montreal communique, using competing draft texts submitted by the US and European Commission, and it’s not looking great for ACTO.
As I blogged earlier in the week, another NTIA official, former GAC rep Ashley Heineman, has accepted a job at GoDaddy.
UPDATE: As a commenter points out, Redl last year criticized the revolving door between ICANN and the domain name industry, shortly after Akram Atallah joined Donuts.

America has Amazon’s back in gTLD fight at ICANN 66

The United States looks set to stand in the way of government attempts to further delay Amazon’s application for .amazon.
The US Governmental Advisory Committee representative, Vernita Harris, said today that the US “does not support further GAC advice on the .amazon issue” and that ICANN is well within its rights to move forward with Amazon’s controversial gTLD applications.
She spoke after a lengthy intervention from Brazilian rep Ambassador Achilles Zaluar Neto, who said South American nations view the contested string as their “birthright” and said ICANN is allowing Amazon “to run roughshod over the concerns and the cultural heritage of eight nations and tens of millions of people”.
It was the opening exchange in would could prove to be a fractious war of words at ICANN 66 in Montreal, which formally opens tomorrow.
The .amazon applications have been controversial because the eight countries in the Amazon Cooperation Treaty Organization believe their unwritten cultural rights to the word outweigh Amazon’s trademark rights.
Forced to the negotiating table by ICANN last year, the two sides each posed their own sets of ideas about how the gTLD could be managed in such a way as to protect culturally sensitive terms at the second-level, and taking ACTO’s views into account.
But an ICANN-imposed deadline for talks to conclude in April was missed, largely as a result of the ongoing Venezuela crisis, which caused friction between the ACTO governments.
But today, Brazil said that ACTO is ready and willing to get back to the negotiating table asked that ICANN reopen these talks with an impartial mediator at the helm.
As things stand, Amazon is poised to get .amazon approved with a bunch of Public Interest Commitments in its registry contract that were written by Amazon without ACTO’s input.
Neto said that he believed a “win-win” deal could be found, which “would provide a positive impetus for internet governance instead of discrediting it”. He threatened to raise the issue at the Internet Governance Forum next month.
ICANN’s failure to reopen talks “would set a bad precedent and reflect badly on the current state of internet governance, including its ability to establish a balance between private interests and public policy concerns”, he said
But the US rallied to Amazon’s defense. Harris said:

The United States does not support further GAC advice on the .amazon issue. Any further questions from the GAC to the Board on this matter we believe is unwarranted… We are unaware of any international consensus that recognizes inherent governmental rights and geographic names. Discussions regarding protections of geographic names is the responsibility of other forums and therefore should be discussed and those relevant and appropriate forums. Contrary to statements made by others, it is the position of the United States that the Board’s various decisions authorizing ICANN to move forward with processing the.application are consistent with all relevant GAC advice. The United States therefore does not support further intervention that effectively works to prevent or delay the delegation of .amazon and we believe we are not supportive and we do not believe that it’s required.

This is a bit of a reversal from the US position in 2013.
Back then, the GAC wanted to issue consensus advice that ICANN should reject .amazon, but the US, protecting one of its largest companies, stood in the way of full consensus until, in the wake of the Snowden revelations, the US decided instead to abstain, apparently to appease an increasingly angry Brazil.
It was that decision that opened the door to the six more years of legal wrangling and delay that .amazon has been subject to.
With the US statement today, it seems that the GAC will be unlikely to be able to issue strong, full-consensus advice that will delay .amazon further, when it drafts its Montreal communique later in the week.
The only other GAC member speaking today to support the US position was Israel, whose rep said “since it is an ongoing issue for seven years, we don’t believe that there is a need for further delay”.
Several government reps — from China, Switzerland, Portugal, Belgium and the European Commission — spoke in favor of Brazil’s view that ICANN should allow ACTO and Amazon back to the negotiating table.
The GAC is almost certain to say something about .amazon in its communique, due to drop Wednesday, but the ICANN board of directors does not currently have an Amazon-related item on its Montreal agenda.
UPDATE: The originally published version of this story incorrectly identified the US GAC representative as Ashley Heineman, who is listed on the GAC’s web site as the US representative. In fact, the speaker was Vernita Harris, acting associate administrator at the US National Telecommunications and Information Administration. Had I been watching the meeting, rather that just listening to it, this would have been readily apparent to me. My apologies to Ms Heineman and Ms Harris for the error.

DI Leaders Roundtable #1 — How many new gTLDs will be applied for next time around?

How many new gTLDs will be applied for in the next application round?
This is the first question I put to the DI Leaders Roundtable, which you may recall I announced a couple weeks back.
As a reminder, the panel is comprised of leading thinkers in the domain name industry or ICANN community, covering as broad a cross-section of expertise as I could muster.
The question I posed each panelist this time was:

There were 1,930 applications for new gTLDs in 2012. Given everything we’ve learned over the last seven years, how many applications do you think there will be in the next round?

There seemed to be a rough consensus that it’s a little early to put any concrete predictions out there, and that perhaps I should have eased the panel in with something a little less challenging, but some very interesting — and divergent — opinions were nevertheless expressed.
Some of the participants asked me to note that they were speaking in a personal capacity rather than with them wearing a specific one of their various professional/volunteer hats. To save time, readers should just assume that every opinion being expressed below is personal to the expert concerned.
In no particular order…
Jeff Neuman, Senior VP, Com Laude

Without wanting to sound like I’m trying to avoid answering the question or hedge my bets, we have to consider this question in the context of the current landscape. The number of applications in the next round will be dependent on the outcomes of the current Subsequent Procedures PDP Working Group, alongside macroeconomic business factors. So therefore I’ll put a range on the possible answer — at the low end (if the application fee remains as is and world economies are facing significant troubles) around 1,000; at the top end (with application fee reduced to a level that operates as far less of a barrier, a fair economic wind behind us and some targeted promotion of the opportunities) there could be up to 10,000.
One thing that is clear is that many of the applications will come from brands that would like to actively use their domains. Those who were forward-thinking and have taken bold steps in the first round are the ones who are benefiting most from the new gTLD program. That’s not to say that there have not also been issues with brands. In 2012 many brands were pressured to apply for TLDs by third parties who advised them to apply for purely defensive reasons. Others gave up after the many fits and starts of the program as well as the overly lengthy period it took ICANN to evaluate the TLDs, approve Specification 13, respond to name collision, and the change of rules to temporarily disallow “closed generic” TLDs. Not surprisingly, we have seen a number of these brands drop out of the program.
However, many of the ones that have stuck it out are doing well. Some have even made transitions from their “.com” or their ccTLDs to their brand TLDs. Others have used their TLDs for marketing campaigns, corporate social responsibility programs, internal corporate intranets, job sites, geolocation tools, social media programs, events and customer service. And this is just the beginning.
What we need to ensure for the future is that application fees represent the true costs of the program and that the process is predictable, reliable and flexible enough to allow brands and others to innovate. Over-regulation due to the fear of unlikely edge cases or paranoia due to how potential applicants for purely generic open TLDs cannot be allowed to happen. All TLDs should not be painted with the same regulatory brush and the community needs to understand that we should be encouraging different business models for TLDs that do not necessarily include the unfettered ability for the public to register domain names in all TLDs. Ultimately, we need to do what is best for end users on the Internet.
Incentives should be provided for TLDs like .bank and .pharmacy to validate their registrants and ensure the safety of their end users by curbing abusive behavior. This could come in the form of reduced fees to ICANN or even ensuring that other similarly sensitive strings have similar verification requirements before allowing them to be delegated.
Finally, in order for the program to succeed, we need to stimulate growth of registries and registrars in the developing world. Support for these organizations should not only be in the form of monetary contributions, but also training programs, consulting services, legal support, and even operational support (eg., the free or low-cost use of third party DNS servers globally, security monitoring and other critical services).

Rick Schwartz, domain investor

Who cares?? Nobody in the real world. Totally meaningless except to the 1,930 applicants and a totally corrupt and out of control ICANN that needs oversight! SHAMEFUL!

Christa Taylor, CMO, MMX

“Will you walk into my parlour and tell me how many applications there will be for the next round, said a Spider to a Fly”
Oh, poor fly, good luck getting out of this one. There have been some exceptionally large volumes thrown around — 10k, 20k, but this fly would prefer to utilize data gathered from statistical surveys. Unfortunately, my workload didn’t allow me to conduct a survey this week so instead, I’ll utilize a less scientific approach and seek the same leniency ICANN received in their volume prediction used in the 2012 round.
A multitude of variables may impact the volume of applications including: notice period, application fees, auctions and delegation rates with each factor being additive to the prior factor.

• Base volume: 2,000 applications is utilized as the initial value. While the type of applications may change, the overall volume is a logical starting point especially when considering the last round was in 2012.
• Notice period: A longer notice period on when the application period will begin will allow for more applicants to apply. Assuming a notice period of four months with a 10% increase in application volume for each additional four-month period. i.e. if there is a six month notice until application window opens, volume will increase by 100 (2,000 x 10% x (6-4/4)). Our total volume of applications is now 2,100.
• Application fee: The new gTLD program is expected to operate on a ‘revenue neutral’ basis. As such, the application fee should decrease from the 2012 fee of $185k. Since the volume of applications is inversely related to the fee, increasing the volume by say, 15% for every $10k less than $150k. For example, if the actual application fee is $125k, the volume of applications will increase by approximately ~800 (15% x 2,100 x ($150k – $125k/$10k) for a total of 2,900 applications.
• Auctions: One of the most significant items that could drive the volume of applications if auctions and other related resolution mechanisms. The windfalls from ‘losing’ in auctions are well-known and while other options have been discussed – Vickrey auctions, draws, etc. some applications will be submitted for financial gains. Additionally, the potential to gain from ‘losing’ in contention sets combined with reduced application fees and delegation rates (detailed below) will again impact the volume of applications. As such, the number of applications will increase similar to application fees but would suggest that for every $5k less than $150k application fee, the volume of applications will increase by 10%. If the application fee is $125k, the volume will increase by 1,250 (10% x 2,888 x ($150k-$125k/$5k) for a combined volume of 4,150 applications.
• Delegation rate: The final factor in this unscientific, simplistic volume projection is the delegation rate. In 2010, a rate of 1,000 per year was provided to minimize security and stability risks. If the delegation rate remains relatively the same, the processing of applications could take years and thereby, encourage potential applicants to apply knowing it will take years before their application is delegated. Additionally, a reduced application fee minimizes an applicant’s risk if they decide to withdraw at a later date. Applying another broad brushstroke of 5% per year for the length of time it will take for all applications to be delegated, excluding objections. If it is expected to take three years to process the subsequent round of applications, add in another ~750 applications (5% x 3 years X 4,150) for a total volume of 4,900, rounding to 5,000 applications.

“And take a lesson from this tale of the Spider and the Fly” — gather real data to project application volumes and escape these impossible questions.
Ref: Howitt, Mary. The Spider and the Fly. (1829)

Michele Neylon, CEO, Blacknight

It’s not one that’s easy to answer — I think we all got it terribly wrong the last time round.
I suspect, though I could be completely wrong, that there will be at least 1,000 applications if there is a new round. Of course, that number is not based on anything other than just a gut instinct. I don’t think there will be as many distributed retail TLDs in a next round. Apart from a couple of outliers the bulk of new TLDs haven’t been as big of a success as their backers expected.
I can imagine that some cities would pitch for a TLD in the next round but it’d be more of a play in terms of tourism rather than commercial gain.
Some would have us believe that a “lot” of brands want to apply for a TLD in a next round, but I do wonder how much of that demand is “real” and comes from brands and how much of it is being pushed by those who stand to gain from applications. Of course, there could be a lot of brands out there that feel a desire to get their own TLD, but it’s also very clear that many of the brands that got one the last time round haven’t done a lot with them (with a few notable exceptions)
It’s a very good question to ask, but until there’s more clarity about the rules and the costs we’re all going to be guessing.

Jon Nevett, CEO, Public Interest Registry

Check back with me in 2022 when we may know the application fee; how contention resolution would work (i.e. will there be speculative applications); and the role of the GAC in reviewing applications.

Dave Piscitello, Partner, Interisle Consulting Group

While I can’t speculate how many, I truly hope that we have fewer “generics” that only serve to create a larger set of TLDs that will be offered in bulk at fees as low as 1 yen to organized spam gangs or botnet operators. ICANN hasn’t provided a scientifically valid economic study that demonstrates a need for more of these; in fact, ICANN’s own DAAR data shows that nearly half of the abused or criminally-used domain names have migrated to the piddling 10-12% share of the total gTLD delegated (and resolving) domain names that the new TLDs represent.
Having said this, I do believe that there are some success stories that point would-be applicants to modestly profitable ventures. City TLDs for the most part have remained free of abuse or criminal misuse. A portfolio of these might be interesting. I think that brands still don’t really know how to use their TLD or migrate to these in a way that alters the threat landscape.

Ben Crawford, CEO, CentralNic

Our focus today at CentralNic is supporting the growth of existing ccTLD and gTLD registries. However there is no company more prepared for the next round than us, and based on our discussions with potential applicants, we expect more applications in this nTLD round that the last.
Generic TLD applicants obviously gravitate towards CentralNic Registry Solutions as the natural home of TLDs seeking meaningful growth. We are not only the market leaders with more registrars actively selling our nTLD domains than any other backend, but we have as many domains under management as the number 2, 3 and 4 players combined.
Brand owners are also very keen to sign up with BrandShelter as a low cost and flexible one-stop shop that can handle application, backend, registrar and domain management services under a single contract with a money back guarantee. They particularly like that we have the best value support for dot-brands that do want to actively use their TLDs (like .DVAG, .ALLFINANZ and .MINI) while we don’t employ pushy sales people to hassle our clients happy with a defensive strategy to “activate” their TLDs.

Milton Mueller, Professor, Georgia Tech

Is a negative number an acceptable answer? Will some of the past 1,930 be allowed to bring their TLDs back to the store for a refund? What exactly is ICANN’s return policy, is it as good as TJ Maxx’s? More seriously, I would expect quite a few less applications this time around. I’d be surprised if it exceeded 500. We don’t see any smashing successes from the first round.

Spam is not our problem, major domain firms say ahead of ICANN 66

Eleven of the largest domain name registries and registrars have denied that spam is something they should have to deal with, unless it’s used to proliferate other types of abuse such as phishing or malware.
In a newly published “Framework to Address Abuse” (pdf), the companies attempt to define the term “DNS abuse” narrowly to capture only five (arguably only four and a half) specific types of online threat.
That abuse comprises malware, phishing, botnets, pharming and spam.
The companies agree that these are activities which registrars and registries “must” act upon.
But the document notes that not all spam is its responsibility, stating:

While Spam alone is not DNS Abuse, we include it in the five key forms of DNS Abuse when it is used as a delivery mechanism for the other four forms of DNS Abuse. In other words, generic unsolicited e-mail alone does not constitute DNS Abuse, but it would constitute DNS Abuse if that e-mail is part of a phishing scheme.

In other words, registrars and registries should not feel responsible for the billions of spams sent every day using their domains, unless the spam runs further malware, phishing, pharming or botnet abuse.
The signatories of the framework are Public Interest Registry, GoDaddy, Donuts, Tucows, Amazon Registry Services, Blacknight, Afilias, Name.com, Amazon Registrar, Neustar, and Nominet UK.
It may seem like they’ve presented a surprisingly narrow definition, but it’s in line with what current ICANN contracts dictate.
Neither the standard Registry Agreement nor Registrar Accreditation Agreement mention spam at all. Six years ago, ICANN specifically said that spam is “outside of ICANN’s scope and authority”.
Under the RA, registries have to oblige their registrars to ban registrants from “distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law”.
They also have to maintain statistical reports on the amount of “pharming, phishing, malware, and botnets” in their zones, and provide those reports to ICANN upon demand. A recent audit found that 5% of registries, mainly dot-brands, were not doing this.
However, ICANN’s Domain Abuse Activity Reporting system, an effort to provide some transparency into how gTLDs are being abused, does in fact track spam. It does not track pharming, which is a fairly obscure and little-used form of DNS attack.
The DAAR report for September shows that spam constituted 73% of all tracked abuse.
The ICANN board of directors today identified DAAR as one of a few dozen priorities for the coming year.
Similarly, the cross-community working group known as the CCT Review Team, which was tasked with looking into how the new gTLD program has impacted competition and consumer trust, had harsh words for spam-friendly registries, and provided a definition of “DNS Security Abuse” that specifically included “high volume spam”.
The review recommended that ICANN introduce more measures to force contracted parties to deal with this type of abuse. This could include incentives for registries to clean up their zones and abuse volume thresholds that would automatically trigger compliance actions.
The new framework document comes in the context of an ongoing debate within the ICANN community about what “DNS abuse” is.
Two partners at Interisle, a security consultancy that often works for ICANN, recently guest-posted on DI to say that this term has become meaningless and should be abandoned in favor of “security threat”.
They argued that the definition should include not only spam, but also stuff like IP infringement, election interference, and terrorism.
But the main threat to contracted parties probably comes from the Governmental Advisory Committee, backed by law enforcement, which is pushing for stronger rules covering abusive content.
During a webinar last week, the US Federal Trade Commission, the FBI, and Europol argued that registries and registrars should be obliged to do more to combat abuse, specifically including spam.
“Whether or not you call it phishing or spam or whether it has a malware payload or not, ultimately it’s all email, and email remains the most common tool of cybercriminals to ensnare their victims, and that’s why we in law enforcement care about the domains used to send emails,” said Gabriel Andrews of the FBI’s Cyber Initiative Resource Fusion Unit, on the call.
Registries and registrars countered, using the same language found in the new framework, that generic spam is a content issue, and outside of their remit.
The two sides are set to clash again at ICANN’s annual general meeting in Montreal next month, in a November 6 face-to-face session.
While 11 entities signed the new framework, it’s arguably only nine companies. Name.com is owned by Donuts and both Amazon firms obviously have the same parent.
But it does include the two largest registrars, and registries responsible for running several hundred commercial gTLDs, dot-brands and ccTLDs.
While none of the signatories of the framework have a particular reputation for being spam-friendly, other companies in the industry — particularly some of the newest and cheapest new gTLDs — tend to attract spammers like flies to a turd.
Some of the signatories are perhaps surprising, given their past or ongoing behavior to tackle content-based abuse in their own zones.
Nominet, notably, takes down tens of thousands of domains ever year based on little more than police assurances that the domains are being used to sell counterfeit merchandise or infringe copyright.
The .uk registry also preemptively suspends domains based on algorithms that guess whether they’re likely to be seen as encouraging sexual violence or could be used in phishing attacks.
Donuts also has a trusted notifier relationship with the movie and music industries that has seen it take down dozens of names being used for mass copyright infringement.
PIR has previous endorsed, then unendorsed, the principal of a “UDRP for copyright”, a method of giving Big Content a way of going through due process to have domains taken or suspended.
Outside the spam issue, while the new registry-registrar framework says that registries and registrars should not get involved in matters related to web site content, it also says they nevertheless “should” (as opposed, one assumes based on the jargon usually found in internet standards, to “must”) suspend domains when they’re being used to distribute:

(1) child sexual abuse materials (“CSAM”); (2) illegal distribution of opioids online; (3) human trafficking; and (4) specific and credible incitements to violence.

These are exceptions because they constitute “the physical and often irreversible threat to human life”, the framework says.
Ultimately, this all boils down to a religious debate about where the line is drawn between “DNS” and “content”, it seems to me.
The contracted parties draw the line at threats to human life, whereas others want action on other forms of abuse largely because registries and registrars are in the best position to help.

Another victory for Amazon as ICANN rejects Colombian appeal

Amazon’s application for .amazon has moved another step closer to reality, after ICANN yesterday voted to reject an appeal from the Colombian government.
The ICANN board of directors voted unanimously, with two conflict-related abstentions, to adopt the recommendation of its Board Accountability Mechanisms Committee, which apparently states that ICANN did nothing wrong when it decided back in May to move .amazon towards delegation.
Neither the board resolution nor the BAMC recommendation has been published yet, but the audio recording of the board’s brief vote on Colombia’s Request for Reconsideration yesterday can be found here.
As you will recall, Colombia and the seven other governmental members of the Amazon Cooperation Treaty Organization have been trying to stymie Amazon’s application for .amazon on what you might call cultural appropriation grounds.
ACTO governments think they have the better right to the string, and they’ve been trying to get veto power over .amazon’s registry policies, something Amazon has been strongly resisting.
Amazon has instead offered a set of contractual Public Interest Commitments, such as giving ACTO the ability to block culturally sensitive strings, in the hope of calming the governments’ concerns.
These PICs, along with Amazon’s request for Spec 13 dot-brand status, will likely be published for 30 days of public comment this week, Global Domains Division head Cyrus Namazi told the board.
Expect fireworks.
After comments are closed, ICANN will then make any tweaks to the PICs that are necessary, before moving forward to contract-signing with Amazon, Namazi .said.