Afilias scraps plan to scrap Whois

Afilias has “temporarily suspended” its plan to migrate its TLDs to an essentially thin Whois model.
In what appears to be an effort to roll back some GDPR-related gun-jumping, the registry said it will instead wait and see how ICANN’s efforts to consult with European data protection authorities play out.
Afilias had told its registrars earlier this week that its public Whois output from May 25 will be devoid of any contact information for the registrant, as reported by DNW.
It had said that it would continue to work with law enforcement on access to Whois records, but said that others (such as trademark owners) would not have access until ICANN comes up with an accreditation program.
It was the first major gTLD registry to announce its GDPR plans, but it evidently received push-back.
The affected TLDs were to be: .info, .mobi, .pro, .poker, .pink, .black, .red, .blue, .kim, .shiksha, .promo, .lgbt, .ski, .bio, .green, .lotto, .pet, .bet, .vote, .voto, .archi, .organic and .llc.
Many more client gTLDs would have been able to opt-in to the same scaled-back system.
But the company told registrars today that it wanted to correct “mis-characterizations” of that message and wanted to “clarify that Afilias is not ‘going it alone'”.
Rather, it’s going to hang back until ICANN gets guidance from the EU’s DPAs.
“Importantly, we expect that ICANN’s request for guidance from the data protection authorities will yield helpful input that, in conjunction with the best thinking of the community, will enable a workable solution to emerge,” the Afilias message said.
The company said in a statement sent to DI tonight:

Afilias today announced that it is temporarily suspending plans to limit the display of WHOIS data to comply with the EU General Data Protection Regulation (GDPR) currently scheduled to take effect on 25MAY2018. Afilias has received a number of questions about its plans, and anticipates that they may be affected by guidance from data protection authorities that has been requested by ICANN. This guidance is expected to be materially helpful in the community’s efforts to resolve the various issues surrounding GDPR requirements.
Afilias is participating in a number of community groups that are considering these issues, including as a principal in ICANN’s pilot implementation of the Registration Data Access Protocol (RDAP), a potential technical solution for enabling differentiated access to registration data depending on the legitimate purpose of the requestor. For example, law enforcement may need access to certain types of Personally Identifiable Information (PII), trademark guardians to other types, etc. RDAP enables the management of this access in an efficient and effective manner.
As the deadline for GDPR implementation approaches, the community is working diligently in a number of areas to find solutions needed to balance a wide range of community interests. Afilias will continue working collaboratively within these groups in the expectation that appropriate solutions will be reached prior to the GDPR implementation date. Absent guidance from the data protection authorities, Afilias will reconsider its plans as appropriate to ensure compliance with GDPR.

It’s still very possible that Afilias, and other gTLD registries and registrars, could end up gutting Whois in much the same way come May 25 anyway, but for now at least it seems Afilias it willing to play wait-and-see.
As a reminder, there’s going to be an ICANN-supported conference call tomorrow on an Intellectual Property Constituency proposal for a post-GDPR Whois accreditation model.

Marby ponders emergency powers to avoid fragmented Whois

ICANN could invoke emergency powers in its contracts to prevent Whois becoming “fragmented” after EU privacy laws kick in next month.
That’s a possibility that emerged during a DI interview with ICANN CEO Goran Marby yesterday.
Marby told us that he’s “cautiously optimistic” that European data protection authorities will soon provide clear guidance that will help the domain industry become compliant with the General Data Protection Regulation, which becomes fully effective May 25.
But he said that a lack of such guidance will lead to a situation where different companies provide different levels of public Whois.
“It’s a a high probability that Whois goes fragmented or that Whois will be in a sort of ‘thin’ model in which very little information is collected and very little information is displayed,” he said. “That’s a sort of worst-case scenario.”
I should note that the interview was conducted yesterday before news broke that Afilias has become the first major gTLD registry to announce its Whois output will be essentially thin — eschewing all registrant contact data — from May 25.
Marby has asked European DPAs for two things.
First, guidance on whether its “Cookbook” proposal for a dramatically scaled-back, GDPR-compliant Whois is in fact GDPR-compliant.
Second, an enforcement moratorium while registries and registrars actually go about implementing the Cookbook.
“If we don’t get guidance that’s clear enough, we will see a fragmented Whois. If we get guidance that is clear enough we can work it out,” Marby said.
A moratorium could enable Whois to carry on in its current state, or something close to it, while ICANN goes about creating a new policy that fits with the DPA’s guidance.
If the DPAs refuse a moratorium, we’re looking at a black hole of indeterminate duration during which nobody — not even law enforcement or self-appointed trademark cops — can easily access full Whois records.
“It’s not something I can do anything about, it’s really in the hands of the DPAs,” Marby said. “Remember that it’s the law.”
While ICANN has expended most of its effort to date on creating a model for the public Whois, there’s a parallel effort to create an accreditation program that would enable organizations with “legitimate purposes” to access full, or at least more complete, Whois records.
It’s the IP lawyers that are driving this effort, primarily, terrified that their ability to hunt down cybersquatters and bootleggers will be diminished come May 25.
ICANN has so far resisted calls to endorse the so-called “Cannoli” draft accreditation model, with Marby publicly saying that it needs cross-community support.
But the organization has committed staff support resources to discussion of Cannoli. There’s a new mailing list and there will be a community conference call this coming Friday at 1400 UTC.
Marby said that he shares the worries of the IP community, adding: “If we get the proper guidance from the DPAs, we will know how to sort out the accreditation model.”
He met with the Article 29 Working Party, comprised of DPAs, last week; the group agreed to put Whois on its agenda for its meeting next week, April 10-11.
The fact that it’s up for discussion is what gives Marby his cautious optimism that he will get the guidance he needs.
Assuming the DPAs deliver, ICANN is then in the predicament of having to figure out a way to enforce, via its contracts, a Whois system that is compliant with the DPAs’ interpretation of GDPR.
Usually, this would require a GNSO Policy Development Process leading to a binding Consensus Policy.
But Marby said ICANN’s board of directors has other options, such as what he called an “emergency policy”.
This is a reference, I believe, to the “Temporary Policies” clauses, which can be found in the Registrar Accreditation Agreement and Registry Agreement.
Such policies can be mandated by a super-majority vote of the board, would have to be narrowly tailored to solve the specific problem at hand, and could be in effect no longer than one year.
A temporary policy could be replaced by a compatible, community-created Consensus Policy.
It’s possible that a temporary policy could, for example, force Afilias and others to reverse their plans to switch to thin Whois.
But that’s perhaps getting ahead of ourselves.
Fact is, the advice the DPAs provide following their Article 29 meeting next week is what’s going to define Whois for the foreseeable future.
If the guidance is clear, the ICANN organization and community will have their direction of travel mapped out for them.
If it’s vague, wishy-washy, and non-committal, then it’s likely that only the European Court of Justice will be able to provide clarity. And that would take many years.
And whatever the DPAs say, Marby says it is “highly improbable” that Whois will continue to exist in its current form.
“The GDPR will have an effect on the Whois system. Not everybody will get access to the Whois system. Not everybody will have as easy access as before,” he said.
“That’s not a bug, that’s a feature of the legislation,” he said. “That’s not ICANN’s fault, it’s what the legislator thought when it made this legislation. It is the legislators’ intention to make sure people’s data is handled in a different way going forward, so it will have an effect.”
The community awaits the DPAs’ guidance with baited breath.

auDA probably won’t pass on full Afilias savings to registrants

Switching .au’s back-end to Afilias will cut auDA’s per-domain costs by more than half, but registrants are not likely to benefit from the full impact of the savings.
auDA’s Bruce Tonkin, who led the committee that selected Afilias to replace incumbent Neustar, told DI this week that the organization is likely to take a bigger cut of .au registration fees in future, in order to invest in marketing.
That would include marketing the ability of Aussies to register .au domains at the second level for the first time — a controversial, yet-to-roll-out proposal.
Tonkin confirmed that the back-end fee auDA will be paying Afilias is less than half of what it is currently paying Neustar — the unconfirmed rumor is that it’s 40% of the current rate — but said that Afilias was not the cheapest of the nine bidders.
While .au names are sold for a minimum of two years, the current wholesale price charged to registrars works out to AUD 8.75 ($6.85) per year, of which Neustar gets AUD 6.33; auDA receives the other AUD 2.42.
A back-end fee of roughly $5 (US) per domain per year is well above market rates, so it’s pretty clear why auDA chose to open the contract to competition.
Tonkin explained the process by which Afilias was selected:

We first considered scoring without price, and Afilias received the highest score for non-financial criteria.
We then considered pricing information to form an assessment of value for money. The average pricing across the 9 [Request For Tender] responses was less than half of the present registry back-end fee ($6.33). Afilias was close to the average pricing, and while it was not the cheapest price — it was considered best value for money when taking into account the highest score in non-financial criteria.

I asked Afilias for comment on rumors that its price was 60% down on the current rate and received this statement:

Afilias believes auDA chose us based on the best overall value for the Australian internet community. The evaluation heavily weighted expertise, quality and breadth of service over price. While we don’t know what others bid, Afilias works to be competitive in today’s market. Attempts to price significantly higher than market without a value proposition are unrealistic and could even be considered price gouging.

It’s not known what price Neustar bid for the continuation of the contract, but I expect it will have also offered a deep discount to its current rate.
By switching, auDA is basically going to be saving itself over AUD 3 per domain per year, which works out to a total of AUD 9 million ($7 million) per year at least.
But the organization has yet to decide how much of that money, if any, to pass on to its registrars and ultimately registrants.
The auDA board of directors will meet in March to discuss this, Tonkin (who is in charge of the registry transition project but not on the board) said.
“We don’t want to set expectations that the wholesale price is going to change massively,” he said.
“I don’t expect it’s going to be any higher than the current wholesale price,” he said.
But he said he expects auDA to increase its slice of the pie in order to raise more money for marketing. The organization does “basically no marketing” now, he said.
“There’s certainly strong interest in doing more to market and grow the namespace,” he said. “One option is that more money is put into marketing the namespace and growing awareness of .au… That AUD 2.42, I expect that to change.”
This would include marketing direct second-level registrations, an incoming change to how .au names are sold that has domain investors worried about confusion and market dilution.
Outrage over the 2LD proposal — it appears to be a done deal, even if the details and timeline have yet to be finalized — has started attracting the attention of business media in Australia recently.
But auDA’s own research shows that opposition is not that substantial outside of these “special interests”.
A survey last year showed that 40% of .com.au registrants “support” or “strongly support” the direct registration proposal, with 18% “opposed” or “strongly opposed” Another 42% were completely unaware of the changes.
Support among .org.au registrants was lower, and it was higher among .net.au registrants.
But 36% of “special interests” — which appears to mean people who discovered the survey due to their close involvement in the domain industry — were opposed to the plan.
There’s no current timeline for the introduction of direct registrations, but the back-end handover from Neustar to Afilias is set to happen July 1 this year.
Neustar acquired AusRegistry, which has been running .au since 2002, for $87 million a couple of years ago.

Afilias takes over back-end for Puerto Rico

Afilias has won the back-end contract for Puerto Rico’s ccTLD, .pr.
The registry services provider took over DNS for the zone last month and the final handover of the registration system happened at the weekend.
.pr is a small TLD, under 10,000 names, run by local firm Gauss Research Laboratories. It also tries to market itself as a destination for public relations companies overseas.
It now lists about 30 registrars on its web site, most of which are either corporate-focused or reseller networks.
The deal brings the number of ccTLDs managed by Afilias well into double figures. Afilias also runs the back-end for the likes of .vc, .bz, .lc, and .ag, as well as larger zones including .me and .in.
It recently was selected to run .au for Australia, replacing long-time rival Neustar, from this coming July.
Puerto Rico is the destination of this March’s ICANN 61 public meeting, which may give Afilias some publicity opportunities.

Shocker! After 15 years, Afilias kicks Neustar out of Australia

Afilias has been awarded the contract to run .au, Australia’s ccTLD, kicking out incumbent Neustar after 15 years.
It’s currently a 3.1 million-domain contract, meaning it’s going to be the largest back-end transition in the history of the DNS.
It’s also very likely going to see the price of a .au domain come down.
Neustar, via its 2015 acquisition of AusRegistry, has been the back-end provider for .au since 2002. That deal is now set to end July 1, 2018.
auDA, the ccTLD manager, said today that Afilias was selected from a shortlist of three bidders, themselves whittled down from the initial pool of nine.
It’s not been disclosed by auDA who the other shortlisted bidders were, and Afilias execs said they do not know either. I suspect Neustar would have been one of them.
The contract was put up for bidding in May, after auDA and Neustar failed to come to terms on a renewal.
At 3.1 million domains under management, .au is currently bigger than .org was when Afilias took over the back-end from Verisign in 2003.
Back then, .org was at 2.7 million names. It’s now at over 10 million.
“It’s the biggest transition ever, but not by much,” Afilias chief marketing officer Roland LaPlante said.
CTO Ram Mohan said that it should actually be easily than the .org transition, which had the added wrinkle of switching registrars from Verisign’s legacy RPP protocol to the now-standard EPP.
auDA said that Afilias will start reaching out to the 40-odd current .au registrars about the transition “as early as this week”.
About half of registrars are already on Afilias’ back-end and about half are ICANN-accredited, LaPlante said.
“We don’t expect to have many changes for registrars, but we have plenty of time to prepare them for what is needed,” Mohan said. “It ought to be a fairly easy glide path.”
There will be a live test environment for registrars to integrate with prior to the formal handover, he said.
There are several local presence requirements to the contract, so Afilias will open up a 20-person office in Melbourne headed by current VP of corporate services John Kane, who will shortly move there.
The company will also have to open a data center there, as the contract requires all data to be stored in-country.
Mohan, LaPlante and Kane said they’re all jumping on planes to Melbourne tonight to begin transition talks with local interested parties.
Financial terms of the deal are not being disclosed right now, but LaPlante said that .au registrars should see prices come down. This could lead to lower prices for registrants.
They currently pay AUD 17.50 ($13.44) per domain for a two-year registration, and I believe Neustar’s cut is currently around the $5 (USD) per year mark.
Afilias is not known for being a budget-end back-end provider, but it seems its slice of the pie will be smaller than Neustar’s.
LaPlante said that fees charged to registrars will be set by auDA, but that it now has flexibility to reduce prices that it did not have under the incumbent.
“Some savings should flow down to registrars as part of this,” he said.
The term of the contract is “four or five years” with options to renew for additional years, he said.
The loss of .au has no doubt come as a blow to Neustar, which paid $87 million for AusRegistry parent Bombrra just two years ago.
While Bombora also had dozens of new gTLD clients, many dot-brands, .au was undoubtedly its key customer.

Verisign and Afilias testing Whois killer

Verisign and Afilias have become the first two gTLD registries to start publicly testing a replacement for Whois.
Both companies have this week started piloting implementations of RDAP, the Registration Data Access Protocol, which is expected to usurp the decades-old Whois protocol before long.
Both pilots are in their very early stages and designed for a technical audience, so don’t expect your socks to be blown off.
The Verisign pilot offers a web-based, URL-based or command-line interface for querying registration records.
The output, by design, is in JSON format. This makes it easier for software to parse but it’s not currently very easy on the human eye.
To make it slightly more legible, you can install a JSON formatter browser extension, which are freely available for Chrome.
Afilias’ pilot is similar but does not currently have a friendly web interface.
Both pilots have rudimentary support for searching using wildcards, albeit with truncated result sets.
The two new pilots only currently cover Verisign’s .com and .net registries and Afilias’ .info.
While two other companies have notified ICANN that they intend to run RDAP pilots, these are the first two to go live.
It’s pretty much inevitable at this point that RDAP is going to replace Whois relatively soon.
Not only has ICANN has been practically champing at the bit to get RDAP compliance into its registry/registrar contracts, but it seems like the protocol could simplify the process of complying with incoming European Union privacy legislation.
RDAP helps standardize access control, meaning certain data fields might be restricted to certain classes of user. Cops and IP enforcers could get access to more Whois data than the average blogger or domainer, in other words.
As it happens, it’s highly possible that this kind of stratified Whois is something that will be legally mandated by the EU General Data Protection Regulation, which comes into effect next May.

This is who won the .inc, .llc and .llp gTLD auctions

The winners of the auctions to run the gTLD registries for company identifiers .inc, .llc and .llp have emerged due to ICANN application withdrawals.
All three contested gTLDs had been held up for years by appeals to ICANN by Dot Registry — an applicant with the support of US states attorneys general — but went to private auction in September after the company gave up its protests for reasons its CEO doesn’t so far want to talk about.
The only auction won by Dot Registry was .llp. That stands for Limited Liability Partnership, a legal construct most often used by law firms in the US and probably the least frequently used company identifier of the three.
Google was the applicant with the most cash in all three auctions, but it declined to win any of them.
.inc seems to have been won by a Hong Kong company called GTLD Limited, run by DotAsia CEO Edmon Chong. DotAsia runs .asia, the gTLD granted by ICANN in the 2003 application round.
My understanding is that the winning bid for .inc was over $15 million.
If that’s correct, my guess is that the quickest, easiest way to make that kind of money back would be to build a business model around defensive registrations at high prices, along the lines of .sucks or .feedback.
My feedback would be that that business model would suck, so I hope I’m wrong.
There were 11 original applicants for .inc, but two companies withdrew their applications years ago.
Dot Registry, Uniregisty, Afilias, GMO, MMX, Nu Dot Co, Google and Donuts stuck around for the auction but have all now withdrawn their applications, meaning they all likely shared in the lovely big prize fund.
MMX gained $2.4 million by losing the .inc and .llc auctions, according to a recent disclosure.
.llc, a US company nomenclature with more potential customers of lower net worth, went to Afilias.
Dot Registry, MMX, Donuts, LLC Registry, Top Level Design, myLLC and Google were also in the .llc auction and have since withdrawn their applications.

Antitrust feds probing Verisign’s .web deal

US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.
The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:

On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.

He did not comment further, beyond describing it as “kind of like a subpoena”.
Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.
Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.
ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.
But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.
It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.
It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.
Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.
The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.
It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.

URS comes to .mobi as ICANN offers Afilias lower fees

Afilias’ .mobi is to become the latest of the pre-2012 gTLDs to agree to adopt the Uniform Rapid Suspension policy in exchange for lower ICANN fees.
Its Registry Agreement is up for renewal, and Afilias and ICANN have come to similar terms to .jobs, .travel, .cat, .pro and .xxx.
Afilias has agreed to take on many of the provisions of the standard new gTLD RA that originally did not apply to gTLDs approved in the 2000 and 2003 rounds, including the URS.
In exchange, its fixed registry fees will go down from $50,000 a year to $25,000 a year and the original price-linked variable fee of $0.15 to $0.75 per transaction will be replaced with the industry standard $0.25.
It’s peanuts really, given that .mobi still has about 690,000 domains, but Afilias is getting other concessions too.
Notably, the ludicrous mirage that .mobi was a “Sponsored” gTLD serving a specific restricted community (users of mobile telephones, really) rather than an obvious gaming of the 2003-round application rules, looks like it’s set to evaporate.
Appendix S to the current RA is not being carried over, ICANN said, so .mobi will not become a “Community” gTLD, with all the attendant restrictions that would have entailed.
Instead, Afilias has simply agreed to the absolute basic set of Public Interest Commitments that apply to all 2012 new gTLDs. Text that would have committed the registry to abide by the promises made in its gTLD application have been removed.
But the change likely to get the most hackles up is the inclusion of URS in the proposed new contract.
URS is an anti-cybserquatting measure that enables trademark owners to shut down infringing domains, without taking ownership, more quickly and cheaply than the UDRP.
It’s obligatory for all 2012-round gTLDs, and five of the pre-2012 registries have also agreed to adopt it during their contract renewal talks with ICANN.
Most recently, ICM Registry agreed to URS in exchange for much deeper cuts in its ICANN fees in .xxx.
In recent days, ICANN published its report into the public comments on the .xxx renewal, summarizing some predictably irate feedback.
Domainer group the Internet Commerce Association, which is concerned that URS will one day be forced upon .com and .net, had a .xxx comment that seems particularly pertinent to the .mobi news:

Given the history of flimsy and self-serving justifications by [Global Domains Division] staff and the ICANN Board for similar actions taken in 2015, we are under no illusion that this comment letter will likely be successful in effecting removal of the URS and other new gTLD RA provisions from the revised .XXX RA. Nonetheless, we strenuously object to this GDD action that intrudes upon and debases ICANN’s legitimate policymaking process, and urge the GDD and Board to reconsider their positions, and to ensure that GDD staff ceases and desists from taking similar action in the context of future RA renewals and revisions until the RPM Review WG renders the community’s judgment as to whether the URS and other new gTLD RPMs should become Consensus Policy and such recommendation is reviewed by GNSO Council and the ICANN Board.

The Intellectual Property Constituency of the GNSO, conversely, broadly welcomed the addition of more rights protection mechanisms to .xxx.
The Non-Commercial Stakeholder Group, meanwhile, expressed concern that whenever ICANN negotiates a non-consensus policy into a contract it negates and discourages all the work done by the volunteer community.
You can read the summary of the .xxx comments, along with ICANN staff’s reasons for ignoring them, here (pdf).
The .mobi proposed amendments are also now open for public comment.
Any lawyers wishing to rack up a few billable hours railing against a fait accompli can do so here.

Donuts loses $22.5m .web lawsuit as judge rules gTLD applicants cannot sue

The promise not to sue ICANN that all new gTLD applicants made when they applied is legally enforceable, a California judge has ruled.
Judge Percy Anderson on Monday threw out Donuts’ lawsuit against ICANN over the controversial $135 million .web auction, saying the “covenant not to sue bars Plaintiff’s entire action”.
He wrote that he “does not find persuasive” an earlier and contrary ruling in the case of DotConnectAfrica v ICANN, a case that is still ongoing.
Donuts sued ICANN at first to prevent the .web auction going ahead.
The registry, and other .web applicants, were concerned that ultimately successful bidder Nu Dot Co was being covertly bankrolled by Verisign, which turned out to be completely correct.
Donuts argued that ICANN failed to adequately vet NDC to uncover its secret sugar daddy. It wanted $22.5 million from ICANN — roughly what it would have received if the auction had been privately managed, rather than run by ICANN.
But the judge ruled that Donuts’ covenant not to sue is enforceable. Because of that, he made no judgement on the merits of Donuts’ arguments.
Under the relevant law, Donuts had to show that the applicant contract was “unconscionable” both “procedurally” and “substantively”.
Basically, the question for the judge was: was the contract unfairly one-sided?
The judge ruled (pdf) that it was not substantively unconscionable and “only minimally procedurally unconscionable”. In other words: a bit crap, but not illegal.
He put a lot of weight on the fact that the new gTLD program was designed largely by the ICANN community and on Donuts’ business “sophistication”. He wrote:

Without the covenant not to sue, any frustrated applicant could, through the filing of a lawsuit, derail the entire system developed by ICANN to process applications for gTLDs. ICANN and frustrated applicants do not bear this potential harm equally. This alone establishes the reasonableness of the covenant not to sue.

Donuts VP Jon Nevett said in a statement yesterday that the fight over .web is not over:

Donuts disagrees with the Court’s decision that ICANN’s required covenant not to sue, while being unconscionable, was not sufficiently unconscionable to be struck down as a matter of law. It is unfortunate that the auction process for .WEB was mired in a lack of transparency and anti-competitive behavior. ICANN, in its haste to proceed to auction, performed only a slapdash investigation and deprived the applicants of the right to fairly compete for .WEB in accordance with the very procedures ICANN demanded of applicants. Donuts will continue to utilize the tools at its disposal to address this procedural failure.

It looks rather like we could be looking at an Independent Review Process filing, possibly the first to be filed under ICANN’s new post-transition rules.
Donuts and ICANN are already in the Cooperative Engagement Process — the mediation phase that usually precedes an IRP — with regards .web.
Second-placed bidder Afilias is also putting pressure on ICANN to overturn the results of the auction, resulting in a bit of a public bunfight with Verisign.
TL;DR — don’t expect to be able to buy .web domains for quite a while to come.