Domain registrars pressured into huge shakeup

Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.
While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.
The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.
It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.
So, what’s going to change?
The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.
They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.
Here’s a list of all 12, taken from a recent ICANN summary report (pdf).
[table id=1 /]
The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.
There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.
As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.
“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.
She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.
He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.
“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.
“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.
An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.
The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.
Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.
It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.
The ideas in the motion nevertheless stirred some passionate debate.
Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.
“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.
Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.
A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.
Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.
I’m not sure it’s going to be enough to fully satisfy the GAC.
Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.
She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.
UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.
Rather, he said, “there will be consideration of a broader range of issues.”
This appears to be consistent with the registrars’ original statement, which was linked to in the above post:

The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.

Google loses Goggle.com cybersquatting complaint

File this one under: “Good for UDRP, terrible for internet users.”
Google has managed to lose a cybersquatting complaint over the domain name goggle.com, after a National Arbitration Forum panel declined to consider the case.
Goggle.com, like so many other typos of the world’s most-popular sites, is currently being used to get people to sign up to expensive text messaging services via bogus surveys and competitions.
As Domain Name Wire reported when the complaint was filed, up until recently the site was using a confusingly similar style to Google’s familiar look and feel.
It’s got bad faith written all over it.
But “goggle” it is also a genuine English word.
And it turns out that the previous owner of goggle.com, Knowledge Associates, had entered into a “co-existence relationship” with Google that enabled it to operate the domain without fear of litigation.
The current owner was able to present NAF with documentation showing that this right may have been transferred when he bought the domain.
So the three-person NAF panel decided not to consider the complaint, concluding: “this case is foremost a business and/or contractual dispute between two companies that falls outside the scope of the Policy.”
The panel wrote:

Does the Co-existence Agreement apply to the disputed domain names? Does Respondent stand in the shoes of the original registrant? Does the consent of Complainant extend in time to the current actions of Respondent and in person to the Respondent? Has the Respondent complied with the obligations of the original registrant? Does the “no public statements” provision in the Co-existence Agreement prohibit its disclosure or use as a defense by Respondent?
These are factual and legal issues that go far beyond the scope of the Policy.
These are factual and legal issues that must be resolved before any consideration of confusing similarity, legitimate rights and interest, and bad faith under the Policy can be made.

This means that the current registrant gets to keep the domain, and to keep making cash from what in the vast majority of cases are likely to be clumsy typists.
Google now of course can either decide to pay off the registrant, or take him to court.
The registrant, David Csumrik, was represented by Zak Muscovitch.

Full UDRP reform unlikely until 2017

The often-criticized Uniform Dispute Resolution Policy is unlikely to see fundamental changes for at least five years, following an ICANN review published yesterday.
ICANN has recommended, after talking to the community, that full UDRP reform should be put on the back-burner until at least a year and a half after the first new gTLDs go live.
Since that isn’t likely to happen until early 2013, ICANN is unlikely to address the subject until mid-2014. The chances of a revamped UDRP going live before 2017 are therefore slim.
The new Final Issue Report (pdf), prepared by ICANN staff and sent to the GNSO Council yesterday, says:

Staff recommends that a [Policy Development Process] on the UDRP not be initiated at this time. Staff recommends that a PDP be delayed until after the New gTLD Uniform Rapid Suspension System (URS) has been in operation for at least eighteen months. Doing so would allow the policy process to be informed by data regarding the effectiveness of the URS, which was modelled on the UDRP, to address the problem of cybersquatting.

The report was informed by a number of stakeholder webinars and questionnaires sent to UDRP providers earlier this year, as well as a round of public comments.
It notes that UDRP has remained the same since October 1999, but that it still has proved flexible enough to react to changes in the domain industry and cybersquatting tactics.
The report states:

After carefully evaluating the issues and concerns expressed by the ICANN community regarding the UDRP, Staff has concluded that many relate to process issues associated with the implementation of the UDRP, rather than the language of the policy itself.

In the absence of root-and-branch reform, ICANN has suggested the formation of an “expert panel” to investigate whether smaller changes could be made to the periphery of the UDRP.
It could, for example, look at amendments to the Supplemental Rules that UDRP providers use to handle complaints and responses. ICANN wrote:

To the extent that these expert recommendations result in modifications to certain of the UDRP Rules or suggested changes for provider Supplemental Rules to align with the UDRP Rules, these may be adopted by the ICANN Board without the necessity of undertaking a complete PDP.

Consultations have shown that there’s little appetite for massive reform from either side of the debate; it’s probably not too cynical to say that the status quo will be maintained largely by paranoia.
Trademark holders would ideally prefer a cheaper, faster system that is more accommodating to their own interests, whereas domain investors would like to see an end to forum-shopping and panelists who give too much deference to big business.
But both sides are terrified that the actual process of reforming UDRP would be captured by their opponents, ultimately tilting the balance of power against their own interests.
The trademark lobby is convinced that ICANN policy-development is the plaything of the domain name industry, and vice versa.
What we’re left with is a system where cybersquatting still pays and in which reverse domain hijacking can sometimes be a cheap way to get your hands on a domain you want.
And it looks like it could stay that way for some time to come.
The Final Issue Report now needs to be considered by the GNSO Council, presumably at its public meeting in Dakar, Senegal later this month.
I think the Council will almost certainly accept the report’s recommendations against a PDP with little argument – everybody has far too much other stuff to be worrying about at the moment.
It’s less clear to me whether the idea of an “expert panel” will find favor, however. That may be one of Dakar’s more interesting open questions.

Will URS really be as cheap as ICANN says?

I’m having a hard time believing that trademark holders will be able to enforce their rights in new top-level domains for just $300.
The Uniform Rapid Suspension policy (pdf) is one of the new systems ICANN is putting in place to deter cybersquatters from abusing trademarks in new gTLDs.
It’s very similar to the existing UDRP, but it’s quicker and it only deals with the suspension – not transfer – of infringing domain names.
No URS arbitration provider has yet been appointed, but ICANN’s Applicant Guidebook, which spells out the policy, currently estimates a price of $300 per single-domain filing.
At least twice during the newdomains.org conference in Munich this week I heard ICANN representatives quote a price between $300 and $500.
I’m wondering how realistic this is.
Typically, domain arbitration fees are split between the provider, which receives a third, and the panelist, who receives the remaining two thirds.
With a $300 fee, that’s $100 to the provider and $200 to the sole panelist – who must be an experienced trademark lawyer or similar – compared to a $500/$1,000 split with the UDRP.
My question is: how many trademark lawyers will get out of bed for $200?
The URS gives panelists between three and five days to come up with a decision, but I’m guessing that you’d be lucky, for $200, to buy three to five hours of a panelist’s time.
Even I charge more than $200 for half a day’s work.
The Rapid Evaluation Service recently introduced by ICM Registry, which serves essentially the same purpose as URS but for the .xxx gTLD, costs $1,300 in National Arbitration Forum fees.
Like URS, the RES is designed for a speedy turnaround – just three days for a preliminary evaluation – of clear-cut cybersquatting cases.
Like URS, complaints submitted using RES have a tight word-count limit, to minimize the amount of work panelists have to do.
With that in mind, it seems to me that a $300 fee for URS may be unrealistic. Even the $500 upper-end ICANN estimate may be optimistic.
It will be interesting to see if ICANN’s negotiating clout with likely URS providers is better than ICM’s and, more importantly, to see whether $200 is enough to buy consistent, reliable decisions from panelists.

How much money will ICM make from .xxx blocks?

There’s a pretty ludicrous report in the Australian media today, claiming that Aussie businesses are being forced to pay AUD $400 million to ICM Registry to protect their brands in .xxx.
The laughable number ($411 million) appears to have been fabricated from whole cloth. The report in the Murdoch-owned Herald Sun does not even bother trying to source or justify it.
But it’s becoming increasingly clear that ICM is going to make some money out of its .xxx sunrise, including from Sunrise B – the one-time defensive “blocks” that do not result in a domain registration.
The company priced Sunrise B at $162 per domain based on an assumption that it would see 10,000 of them. Any fewer and it would lose money, any more and it would profit.
According to official registry reports, no TLD launched in the last five years – .asia, .co, .jobs, .mobi – saw more than about 10,000 domains defensively registered during its sunrise period.
But my hunch is that .xxx will blow those out of the water. I would not be at all surprised if the final number tops 20,000 names.
It’s just a hunch at this point, based on a comparison to the .co launch – which had a reported 11,000 sunrise applications last year – and four main assumptions:
First, that 10,000 was a conservative estimate. I don’t think ICM would have risked making a big loss.
Second, based on a very small number of conversations, I think that some companies are not taking any chances. They’re applying for blocks in more second-tier brands that maybe they strictly need to.
Third, ICM has a much larger registrar channel than .co enjoyed, and much more aggressively FUDdy registrar marketing tactics.
ICM has approved about 70 registrars, compared to the 10 that .CO Internet had at launch, and a lot of registrar promotion has focused on the “Protect Your Brand!” angle, which was discouraged by .co.
Fourth, the vast amount of mainstream media attention the .xxx sunrise has been receiving, most which has doggedly followed the same line as the registrar FUD.
While the value of defending against typosquatting during the .co sunrise last year was probably more important to trademark holders from a security and traffic loss perspective, the brand protection angle did not receive nearly the same amount of press as .xxx has.
ICM president Stuart Lawley has done dozens of media interviews since the sunrise kicked off last week. I even heard him on a UK radio news show aimed at teenagers.
And this press has been going on for over six years, remember. ICANN first approved .xxx in 2005, and the story has been in and out of the media ever since.
It’s worth noting that a Sunrise B block, with its one-time fee, basically denies ICM Registry a bunch of recurring revenue events forever.
Nike is going to be paying $20 to .CO Internet for its defensively registered nike.co domain name every year until the end of time, in addition to the up-front sunrise fee.
If it blocks nike.xxx, it will pay $162 to ICM now but it will also deny the registry its $60 fee for every year it could have been a renewing domain. In three years, ICM’s losing revenue.
But Sunrise B is very probably going to be profitable for ICM. At 20,000 applications, its top line would be $3.24 million, with profit probably pushing seven figures.
Nowhere near $411 million, obviously, but not a bad payday for selling domain names that will never resolve.

Fifth ad group opposes new gTLDs

The World Federation of Advertisers has become the fifth major coalition of advertising big-spenders to ask ICANN to rethink its new gTLD program.
Stephan Loerke, managing director of the Brussels-based organization, wrote to Rod Beckstrom, to “strongly urge ICANN to abandon the program in its current form”.
The letter (pdf) explicitly echoes statements first made by Bob Liodice of the US Association of National Advertisers, which is a WFA member.
To recap, these organizations are worried about consumer confusion, leading to phishing and cybersquatting and an increase in the cost of defending trademarks online.
Loerke said in a press release:

ICANN’s decision flies in the face of their own impact assessments, which highlight the potential dangers and massive costs that unlimited domain names could incur. Worse, it could lead to significant confusion among consumers and expose them to abuse by fraudulent operators.

The WFA is an umbrella trade group that comprises the national advertising trade groups of 50-odd countries. It also has 50-odd brand names as members.
Its members collectively spend $700 billion a year on advertising.
As well as the ANA, the Interactive Advertising Bureau, the Association of American Advertising Agencies and the UK Direct Marketing Association have recently opposed the new gTLD program.

Want Beyonce.xxx? JustinBieber.xxx? Forget it

ICM Registry has banned a whole bunch of celebrity names from the new .xxx top-level domain, in order to scupper cybersquatters and opportunistic porn webmasters.
Want to register Beyonce.xxx, AngelinaJolie.xxx, OlsenTwins.xxx, Madonna.xxx, BritneySpears.xxx, KimKardashian.xxx, HalleBerry.xxx or WinonaRyder.xxx?
How about JustinBieber.xxx, BradPitt.xxx, CharlieSheen.xxx, SimonCowell.xxx, GeorgeMichael.xxx, EltonJohn.xxx, VerneTroyer.xxx, DonaldTrump.xxx or OsamaBinLaden.xxx?
Forget it. According to Whois records, you’re out of luck on all counts. They’ve all been reserved by the registry.
These are all among what I’m guessing is at least hundreds – maybe more – of celebrity names that ICM has blocked from ever being registered.
The company won’t say how many celebrities have been afforded this privilege, or how it came up with the list, but it has said in the past that a total of about 15,000 domains have been registry-reserved.
That also includes the names of the world’s capital cities, culturally sensitive strings put forward by a handful of governments, and the “premium” names that ICM plans to auction.
I’m wondering what the cut-off point is for celebrities. How famous do you have to be to get your .xxx blocked by default by the registry? B-List minimum? D-List? What database is ICM using?
American Pie actor Tara Reid just entered Celebrity Big Brother here in the UK, which pretty much means her career is over, and she’s managed to make it to ICM’s reserved list.
While ICM has always said it would help protect personal names from abuse, it’s never been entirely clear about how it would go about it.
Its registry agreement with ICANN has for some time said that “unauthorized registration of personal names” would be forbidden, but there were no real details to speak of.
As I reported last week, its souped-up cybersquatting policy, Rapid Evaluation Service, has a special provision for personal names.
But presumptively blocking a subset of the world’s famous people from .xxx is bound to raise questions in the wider context of the ICANN new gTLD program, however.
As far as I can tell, no corporate trademarks have been given the same rights in .xxx as, say, David Cameron or Barack Obama.
If ICM can protect Piers Morgan’s “brand”, why can it not also protect CNN? Or Microsoft or Coke or Google? None of these brands are registry-reserved, according to Whois.
The trademark lobby will raise this question, no doubt. ICM has its own celebrity Globally Protected Marks List for .xxx, which only applies to individuals, they could argue.
There are some differences, of course.
Celebrities sometimes find they have a harder time winning cybersquatting complaints using UDRP if they have not registered their names as trademarks, which can be quite hard to come by, for example.
(UPDATE: And, of course, they may not qualify for ICM’s sunrise period if they don’t have trademarks, as EnCirca’s Tom Barrett points out in the comments below).
In addition, celebrity skin is a popular search topic on the web, which may give cybersquatters a greater impetus to register their names as domains, despite the high price of .xxx.
Also, if a registry were to reserve the brand names of, say, the Fortune 1000, it would wind up blocking many dictionary or otherwise multi-purpose strings, which is obviously not usually the case with personal names.

FSC steps up anti-.xxx campaign

The Free Speech Coalition is trying to rally its supporters into a legal nastygram campaign against ICM Registry ahead of the launch of .xxx next month.
The California-based porn trade group wants webmasters to inform ICM that if it sells their trademarks as .xxx domains, they may sue.
It’s released a template letter (pdf) for members to use. It reads, in part:

ICM is now on notice that the registration of any domain name using the .XXX extension that is identical or confusingly similar to one of the trademarks or domains listed on Exhibit A will violate (COMPANY NAME)’s intellectual property rights and constitute an unfair business practice. ICM must take steps to prevent such activity before it can occur. Failure to take affirmative steps to prevent this conduct will establish ICM’s substantial liability.

The FSC believes that because .xxx is squarely aimed at porn webmasters, it smells like a shakedown a lot more than a more generic-sounding string would.
Its tactics are interesting – encouraging others to issue legal threats instead of doing it itself.
As I’ve previously noted, top-level domain registries based in the US have a pretty good legal defense against cybersquatting suits under the Anticybersquatting Consumer Protection Act.
Whether those defenses extend to claims of trademark infringement is a different matter. As far as I know, a sponsored gTLD manager has never been sued on these grounds.
The .xxx gTLD is of course one of the most cybersquatting-unfriendly namespaces ever, in terms of the number and strength of its trademark protection mechanisms.

Beckstrom strikes back at ANA threat

ICANN president Rod Beckstrom has come out swinging against the latest attack on its new top-levels domains program, promising to “vigorously defend” it.
In his response to a harshly critical missive from the Association of National Advertisers, Beckstrom calls ANA’s claims “either incorrect or problematic in several respects”.
I think “firmly worded” would be an appropriate way to characterize his letter (pdf).
In it, he notes that the new gTLD program has been on the cards since 1998, and has been developed over several years using input from the entire ICANN community, including ANA itself.
He further states that some of the complaints outlined by ANA president Bob Liodice show a lack of research.
As I noted in my interview with Liodice yesterday, ANA seems to think cybersquatting at the top-level will be enabled unless companies defensively apply for their “.brand” gTLDs.
Beckstrom said that these statements “demonstrate a lack of understanding of Program details”.

The letter suggests that companies have no choice but to apply for their own gTLDs. Operating a gTLD means assuming a number of significant responsibilities; this is clearly not for everyone. Indeed, it is hoped that those without an interest in making a contribution to expanded choice or innovation in the DNS will not apply. One clear directive of the consensus policy advice on which the program is built is that TLDs should not infringe the existing legal rights of others. The objection process and other safeguards eliminate the need for “defensive” gTLD applications, because where an infringement of legal rights can be established using these processes, an application will not be approved.

The response goes on to outline some of the mandatory second-level trademark protection mechanisms that have been included in the program’s Applicant Guidebook.
ICANN is arguably on shakier ground here – making use of these mechanisms is still going to cost brand owners time and money, which is the basis of ANA’s objections.
The question now is whether Beckstrom’s responses will be enough to get ANA to call off the dogs.
He has offered to talk to ANA to “to discuss how the ANA might participate more actively in the policy development activities and other ICANN processes going forward”.
That’s specifically not an offer to get into negotiations with ANA about the contents of the Guidebook or to delay the launch of the program.
That was never going to happen, particularly not in response to a thirteenth-hour complaint from an organization that hasn’t commented on the program for the last two years.
Liodice said yesterday that unless ICANN agrees to suspend the program, ANA plans to lobby the US Congress, its Department of Commerce, and may sue.
Reaction from the domain name industry to Beckstrom’s letter has so far been predictably positive.

Advertisers threaten to sue over new gTLDs

The Association of National Advertisers is threatening legal action unless ICANN “abandons” its recently approved new generic top-level domains program.
Its CEO, Robert Liodice, has written to his ICANN counterpart Rod Beckstrom outlining its litany of concerns about new gTLDs.
ANA’s strongly worded arguments will be familiar territory for anyone who has been following development of the program for the last few years.
It’s worried about cybersquatting, typosquatting, phishing, as well as the cost of defensive registrations and post-launch trademark enforcement.
The organization represents 400 companies that collectively spend $250 billion every year on their brands, according to the letter.
It also claims that ICANN shirked its duties by failing to adequately consider the economic impact of the program, and that it failed to develop it in a transparent, bottom-up manner.
Liodice wrote (pdf), with my emphasis:

ICANN must not ignore the legitimate concerns of brand owners and the debilitating effect on consumer protection and healthy markets its unsupervised actions will cause. Should ICANN refuse to reconsider and adopt a program that takes into account the ANA’s concerns expressed in this letter, ICANN and the Program present the ANA and its members no choice but to do whatever is necessary to prevent implementation of the Program and raise the issues in appropriate forums that can consider the wisdom, propriety and legality of the program.

The letter ends with a bunch of legal blah about ANA’s rights and remedies, a pretty obvious indication that it’s considering its legal position.
ICANN should “abandon” the program until ANA’s concerns have been addressed, Liodice wrote.
That’s not going to happen, of course.
There’s no way ICANN can put a halt to the program without basically admitting ANA’s analysis of it has merit.
If ANA wants to stop new gTLDs from going ahead, it’s going to need to do more than send a letter.
The letter is CC’d to the US Department of Commerce and several Congressmen, which suggests that we may see another Congressional hearing into the program before too long.
But will we see a lawsuit as well?
ICANN, at least, has anticipated the likelihood of having to defend itself in court for some time.
About 30% of the the $185,000 application fee – $30 million in a 500-application round – is allocated to various “risks”, of which a legal defense fund is one component.
I’d be surprised if ICANN’s legal team hasn’t war-gamed potential claims and defenses every time the Applicant Guidebook has been updated.
The next five months are going to be very interesting times.