Latest news of the domain name industry

Recent Posts

Donuts took down 11 domains for Hollywood last year

Kevin Murphy, February 28, 2017, Domain Policy

Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.
The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.
The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.
Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.
For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.
“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.
Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:

Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.

Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.
The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”
It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.
Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.
The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.

Now the DNA backpedals on “Copyright UDRP”

Kevin Murphy, February 27, 2017, Domain Policy

The Domain Name Association has distanced itself from the Copyright ADRP, a key component of its Healthy Domains Initiative, after controversy.
The anti-piracy measure would have given copyright owners a process to seize or suspend domain names being used for massive-scale piracy, but it appears now to have been indefinitely shelved.
The DNA said late Friday that it has “elected to take additional time to consider the details” of the process, which many of us have been describing as “UDRP for Copyright”.
The statement came a day after .org’s Public Interest Registry announced that it was “pausing” its plan for a Systemic Copyright Infringement Alternative Dispute Resolution Policy modeled on UDRP.
PIR was the primary pen-holder on the DNA’s Copyright ADRP and the only registry to publicly state that it intended to implement it.
It’s my view that the system was largely created as a way to get rid of the thepiratebay.org, an unwelcome presence in the .org zone for years, without PIR having to take unilateral action.
The DNA’s latest statement does not state outright that the Copyright ADRP is off the table, but the organization has deleted references to it on its HDI web page page.
The HDI “healthy practices” recommendations continue to include advice to registries and registrars on handling malware, child abuse material and fake pharmaceuticals sites.
In the statement, the DNA says:

some have characterized [Copyright ADRP] as a needless concession to ill-intentioned corporate interests, represents “shadow regulation” or is a slippery slope toward greater third party control of content on the Internet.
While the ADR of course is none of these, the DNA’s concern is that worries over these seven recommendations have overshadowed the value of the remaining 30. While addressing this and other illegalities is a priority for HDI, we heard and listened to various feedback, and have elected to take additional time to consider the details of the ADR recommendations.

Thus, the DNA will take keen interest in any registrar’s or registry’s design and implementation of a copyright ADR, and will monitor its implementation and efficacy before refining its recommendations further.

The copyright proposal had been opposed by the Electronic Frontier Foundation, the Internet Commerce Association and other members of ICANN’s Non-Contracted Parties House.
In a blog post over the weekend, ICA counsel Phil Corwin wrote that he believed the proposal pretty much dead and the issue of using domains to enforce copyright politically untouchable:

While the PRI and DNA statements both leave open the possibility that they might revive development of the Copyright UDRP at some future time, our understanding is that there are no plans to do so. Further, notwithstanding the last sentence of the DNA’s statement, we believe that it is highly unlikely that any individual registrar or registry would advance such a DRP on its own without the protective endorsement of an umbrella trade association, or a multistakeholder organization like ICANN. Ever since the U.S. Congress abandoned the Stop Online Privacy Act (SOPA) in January 2012 after millions of protesting calls and emails flooded Capitol Hill, it has been clear that copyright enforcement is the third rail of Internet policy.

PIR slams brakes on “UDRP for copyright”

Kevin Murphy, February 24, 2017, Domain Policy

Public Interest Registry has “paused” its plan to allow copyright owners to seize .org domains used for piracy.
In a statement last night, PIR said the plans were being shelved in response to publicly expressed concerns.
The Systemic Copyright Infringement Alternative Dispute Resolution Policy was an in-house development, but had made its way into the Domain Name Association’s recently revealed “healthy practices” document, where it known as Copyright ADRP.
The process was to be modeled on UDRP and similarly priced, with Forum providing arbitration services. The key difference was that instead of trademark infringement in the domain, it dealt with copyright infringement on the associated web site.
PIR general counsel Liz Finberg had told us the standard for losing a domain would be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.
Losers would either have their domain suspended or, like UDRP, seized by the complainant.
The system seemed to be tailor-made to give PIR a way to get thepiratebay.org taken down without violating the owner’s due process rights.
But the the announcement of Copyright ADRP drew an angry response from groups representing domain investors and free speech rights.
The Electronic Frontier Foundation said the system would be captured by the music and movie industries, and compared it to the failed Stop Online Piracy Act (SOPA) in the US.
The Internet Commerce Association warned that privatized take-down policies at registries opened the door for ICANN to be circumvented when IP interests don’t get what they want from the multi-stakeholder process.
I understand that members of ICANN’s Non-Contracted Parties House was on the verge of formally requesting PIR pause the program pending a wider consultation.
Some or all of these concerns appear to have hit home, with PIR issuing the following brief statement last night:

Over the past year, Public Interest Registry has been developing a highly focused policy that addresses systemic, large scale copyright infringement – the ”Systemic Copyright Infringement Alternative Dispute Resolution Policy” or SCDRP.
Given certain concerns that have been recently raised in the public domain, Public Interest Registry is pausing its SCDRP development process to reflect on those concerns and consider forward steps. We will hold any further development of the SCDRP until further notice.

SCDRP was described in general terms in the DNA’s latest Healthy Domains Initiative proposals, but PIR is the only registry to so far publicly express an interest in implementing such a measure.
Copyright ADRP may not be dead yet, but its future does not look bright.

UPDATE: This post was updated 2/26 to clarify that it was only “some members” of the NCPH that were intending to protest the Copyright ADRP.

Angry reactions to “UDRP for copyright”

Kevin Murphy, February 10, 2017, Domain Policy

The Electronic Frontier Foundation and Internet Commerce Association are among those expressing initial concern about the introduction of a new “UDRP for copyright” mechanism by the Domain Name Association.
The EFF said the DNA’s new proposals want registries to become “private arbiters of online speech”, while the ICA expressed concern that the proposals could circumvent the usual ICANN policy-making process.
As we reported earlier in the week, the DNA has set out a set of four “healthy practices” (the term “best practices” was deliberately avoided, I’m told) for registries and registrars, under the banner of its Healthy Domains Initiative.
The first three sets of recommendations cover malware, child abuse material and fake pharmacies and are relatively non-controversial.
However, the surprising fourth proposal seeks to give copyright holders a means to suspend or seize control of domain names where they have “clear and convincing evidence” of “pervasive and systemic copyright infringement”.
While the details have yet to be finalized, it appears to be targeted at sites such as The Pirate Bay, which are used for pretty much nothing but copyright infringement.
“This is a terrible proposal,” the EFF’s Jeremy Malcolm and Mitch Stoltz wrote yesterday:

The content that happens to be posted within [a] website or service has nothing to do with the domain name registrar, and frankly, is none of its business. If a website is hosting unlawful content, then it is the website host, not the domain registrar, who needs to take responsibility for that

They added:

it seems too likely that any voluntary, private dispute resolution system paid for by the complaining parties will be captured by copyright holders and become a privatized version of the failed Internet censorship bills SOPA and PIPA

Those are references to two proposed US laws, the Stop Online Piracy Act and Protect IP Act, that attracted lots of criticism and never saw the light of day.
The ICA, in a separate post on its own site, expressed concerns that private initiatives such as the HDI could give trademark holders another way to route around ICANN policies they do not like.
Noting that trademark protection mechanisms are already under review in a ICANN working group, ICA counsel Phil Corwin wrote:

What if the final consensus decision of that WG is that the URS remedy should remain domain suspension and not transfer, or that the UDRP standard of “bad faith registration and use” should remain as is? Are TM owners then free to develop their own “best practices” that include domain transfer via URS, or a bad faith registration or use standard? What’s the point of going through a multi-year exercise if those dissatisfied with the result can seek stiffer private policies? Just how many bites at the apple should trademark holders get

Both ICA and EFF expressed concern that the new DNA proposals seemed to have been developed without the broad input of members.
Stoltz and Malcolm wrote:

In any purported effort to develop a set of community-based principles, a failure to proactively reach out to affected stakeholders, especially if they have already expressed interest, exposes the effort as a sham.

Corwin wrote:

ICA had no advance knowledge of the details of HDI and no opportunity to provide substantive input. So our fingerprints are nowhere on it.

The Copyright ADRP proposal appears to be the brainchild of Public Interest Registry, the .org registry.
PIR general counsel Liz Finberg told DI earlier this week that PIR is working with arbitration provider Forum to finalize the rules of the process and hopes to implement it in .org before the end of the first quarter.
No other registry has publicly stated similar plans to my knowledge.
The HDI recommendations are completely voluntary and registries/ars are free to adopt them wholly, partially or not at all. They are not ICANN policies.

The Pirate Bay likely to be sunk as .org adopts “UDRP for copyright”

Kevin Murphy, February 8, 2017, Domain Registries

Controversial piracy site The Pirate Bay is likely to be the first victim of a new industry initiative being described as “UDRP for copyright”.
The Domain Name Association today published a set of voluntary “healthy practices” that domain registries can adopt to help keep their TLDs clean of malware, child abuse material, fake pharmacies and mass piracy.
And Public Interest Registry, the company behind .org, tells DI that it hopes to adopt the UDRP-style anti-piracy measure by the end of the first quarter.
This is likely to lead to thepiratebay.org, the domain where The Pirate Bay has resided for some time, getting seized or deleted not longer after.
Under its Healthy Domains Initiative, the DNA is proposing a Copyright Alternative Dispute Resolution Policy that would enable copyright holders to get piracy web sites shut down.
The version of the policy published (pdf) by the DNA today is worryingly light on details. It does not explain exactly what criteria would have to be met before a registrant could lose their domain name.
But PIR general counsel Liz Finberg, the main architect of the policy, said that these details are currently being finalized in coordination with UDRP arbitration firm Forum (formerly the National Arbitration Forum).
The standard, she said, will be “clear and convincing evidence” of “pervasive and systemic copyright infringement”.
It’s designed to capture sites like The Pirate Bay and major torrent sites than do little but link to pirate content, and is not supposed to extend to sites that may inadvertently infringe or can claim “fair use”.
That said, it’s bound to be controversial. If 17 years of UDRP has taught us anything it’s that panelists, often at Forum, can take a liberal interpretation of policies, usually in favor of rights holders.
But Finberg said that because the system is voluntary for registries — it’s NOT an ICANN policy — registries could simply stop using it if it stops working as intended.
Filing a Copyright ADRP complaint will cost roughly about the same as filing a UDRP, typically under $1,500 in fees, she said.
Penalties could include the suspension or transfer of the domain name, but monetary damages would not be available.
Finberg said PIR chose to create the policy because she wasn’t comfortable with the lack of due process for registrants in alternative methods such as Trusted Notifier.
Trusted Notifier, in place at Donuts and Radix, gives the Motion Picture Association of America a special pass to notify registries about blatant piracy and, if the registry agrees, to have the domains suspended.
While stating that .org is a fairly clean namespace, Finberg acknowledged that there is one big exception.
“The Pirate Bay is on a .org, we’re not happy about that,” she said. “If I were to say what’s the one .org that is the prime candidate for being the very first one out of the gate, I would say it’s The Pirate Bay.”
Other registries have yet to publicly state whether they plan to adopt this leg of the DNA HDI recommendations.

Go Daddy’s Merdinger named DNA chair

Kevin Murphy, December 16, 2016, Domain Services

Go Daddy VP of domains Rich Merdinger has been appointed interim chair of the Domain Name Association, replacing Neustar’s Adrian Kinderis.
In a blog post, Merdinger said the DNA will become more “vocal” under its new leadership and outlined three priorities for 2017 — awareness, adoption and access.
He said the DNA will share ways businesses can pursue a strategy of “blending” TLD types in their online activities, promote domains as search engine optimization tools, and make it easier for DNA members to participate.
There will be a new series of DNA Virtual Town Hall meetings to facilliate communication. Merdinger wrote:

Expect to see a more vocal DNA – whether it is at the next virtual town hall or learning about new research on domain name strategies and their business impact. As Interim Chair, I will be working with our leadership team on ways to spotlight how domain names are being used strategically and tactically to support business objectives in 2017 and beyond.

He replaces Kinderis, formerly CEO of AusRegistry/ARI/Bombora, who is now, post-acquisition, VP of corporate development at Neustar.
Kinderis, DNA’s founding chair in April 2013, will remain on the DNA’s board of directors, representing Neustar.
It’s interesting that Merdinger’s appointment to chair is being linked with the DNA becoming more “vocal”.
While Merdinger certainly isn’t a shrinking violet, Kinderis, I’m sure he wouldn’t mind me saying, is one of the bluntest, mouthiest guys in the industry.
That said, GoDaddy has name recognition and has proven to be a bit of a headline magnet over the last decade or so.
It surely has a higher profile among would-be registrants — a big part of the DNA’s audience — than Neustar, which isn’t primarily a domain name company or even necessarily primarily an internet company.
The DNA will continue to operate without an in-house staff, having dumped its second executive director earlier this year in favor of outsourcing to a trade group management company, to cut costs.

“Shadow content policing” fears at ICANN 57

Kevin Murphy, November 7, 2016, Domain Policy

Fears that the domain name industry is becoming a stooge for “shadow regulation” of web content were raised, and greeted very skeptically, over the weekend at ICANN 57.
Attendees yesterday heard concerns from non-commercial stakeholders, notably the Electronic Frontier Foundation, that deals such as Donuts’ content-policing agreement with the US movie industry amount to regulation “by the back door”.
But the EFF, conspicuously absent from substantial participation in the ICANN community for many years, found itself walking into the lion’s den. Its worries were largely pooh-poohed by most of the rest of the community.
During a couple of sessions yesterday, EFF senior attorney Mitch Stoltz argued that the domain industry is being used by third parties bent on limiting internet freedoms.
He was not alone. The ICANN board and later the community at large heard support for the EFF’s views from other Non-Commercial User Constituency members, one of whom compared what’s going on to aborted US legislation SOPA, the Stop Online Piracy Act.
“Regulation of content through the DNS system, through ICANN institutions and through contracted parties is of great concern and I think should be of great concern to all of us here,” Stoltz said.
He talked about a “bright line” between making policies related to domain names and policies related to content.
“I hope that the bright line between names and content is maintained because I think once we get past it, there may be no other bright line,” he said.
“If we allow in copyright enforcement, if we allow in enforcement of professional or business licensing as a criterion for owning a domain name, it’s going to be very hard to hold that line,” he said.
ICANN has long maintained, though with varying degrees of vigor over the years, that it does not regulate content.
Chair Steve Crocker said yesterday: “It’s always been the case, from the inception. It’s now baked in deeply into the mission statement. We don’t police content. That’s not our job.”
That kind of statement became more fervent last year, as concerns started to be raised about ICANN’s powers over the internet in light of the US government’s decision to give up its unique ICANN oversight powers.
Now, a month after the IANA transition was finalized, ICANN has new bylaws that for the first time state prominently that ICANN is not the content cops.
Page one of the massive new ICANN bylaws says:

ICANN shall not regulate (i.e., impose rules and restrictions on) services that use the Internet’s unique identifiers or the content that such services carry or provide

It’s pretty explicit, but there’s a catch.
A “grandfather” clause immediately follows, which states that registries and registrars are not allowed to start challenging the terms of their existing contracts on the basis that they dabble too much with content regulation.
That’s mainly because new gTLD Registry Agreements all include Public Interest Commitments, which in many cases do actually give ICANN contractual authority over the content of web sites.
Content-related PICs are most prominent in “Community” gTLDs.
In the PICs for Japanese city gTLD .osaka, for example, the registry promises that “pornographic, vulgar and highly objectionable content” will be “adequately monitored and removed from the namespace”.
While ICANN does not actively go out looking for .osaka porn, if porn did start showing up in .osaka and the registry does not suspend the domains, it would be in breach of its RA and could lose its contract.
That PIC was voluntarily adopted by the .osaka registry and does not apply to other gTLDs, but it is binding.
So in a roundabout kind of way, ICANN does regulate content, in certain narrow circumstances.
Some NCUC members think this is a “loophole”.
Another back door they think could be abused are the bilateral “trusted notifier” relationships between registries and third parties such as the movie, music and pharmaceutical industries.
Donuts and Radix this year have announced that the Motion Picture Association of America is allowed to notify it about domains that it believes are being used for large-scale, egregious movie piracy.
Donuts said it has suspended a dozen domains — sites that were TLD-hopping to evade suspension — since the policy came into force.
EFF’s Stoltz calls this kind of thing “shadow regulation”.
“Shadow regulation to us is the regulation of content… through private agreements or through unaccountable means that were not developed through the bottom-up process or through a democratic process,” he told the ICANN board yesterday.
While the EFF and NCUC thinks this is a cause for concern, they picked up little support from elsewhere in the community.
Speakers from registries, registrars, senior ICANN staff, intellectual property and business interests all seemed to think it was no big deal.
In a different session on the same topic later in the day, outgoing ICANN head of compliance Allen Grogan addressed these kinds of deals. He said:

From ICANN’s point of view, if there are agreements that are entered into between two private parties, one of whom happens to be a registry or a registrar, I don’t see that ICANN has any role to play in deciding what kinds of agreements those parties can enter into. That clearly is outside the scope of our mission and remit.
We can’t compel a registrar or a registry to even tell us what those agreements are. They’re free to enter into whatever contracts they want to enter into.
To the extent that they become embodied in the contracts as PICs, that may be a different question, or to the extent that the agreements violate those contracts or violate consensus policies, that may be a different question.
But if a registrar or registry decides to enter into an agreement to trust the MPAA or law enforcement or anyone else in deciding what actions to take, I think they’re free to do that and it would be far beyond the scope of ICANN’s power or authority to do anything about that.

In the same session, Donuts VP Jon Nevett cast doubt on the idea that there is an uncrossable “bright line” between domains and content by pointing out that the MPAA deal is not dissimilar to registries’ relationships with the bodies that monitor online child abuse material.
“We have someone that’s an expert in this industry that we have a relationship with saying there is child imagery abuse going on in a name, we’re not going to make that victim go get a court order,” he said.
Steve DelBianco of the NetChoice Coalition, a member of the Business Constituency, had similar doubts.
“Mitch [Stoltz] cited as an example that UK internet service providers were blocking child porn and since that might be cited as an example for trademark and copyright that we should, therefore, not block child porn at all,” he said. “I can’t conceive that’s really what EFF is thinking.”
Nevett gave a “real-life example” of a rape.[tld] domain that was registered in a Donuts gTLD.
“[The site] was a how-to guide. Talk about horrific,” he said. “We got a complaint. I’m not going to wait till someone goes and gets a court order. We’re a private company and we agreed to suspend that name immediately and that’s fine. There was no due process. And I’m cool with that because that was the right thing to do.”
“Just like a restaurant could determine that they don’t want people with shorts and flip-flops in the restaurant, we don’t want illegal behavior and if they want to move somewhere else, let them move somewhere else,” he said.
In alleged copyright infringement cases, registrants get the chance to respond before their names are suspended, he said.
Stoltz argued that the Donuts-MPAA deal had been immediately held up, when it was announced back in February, as a model that the entire industry should be following, which was dangerous.
“If everyone is subject to the same policies, then they are effectively laws and that’s effectively law-making by other means,” he said.
He and other NCUC members are also worried about the Domain Name Association’s Healthy Domains Initiative, which is working on voluntary best practices governing when registries and registrars should suspend domain names.
Lawyer Kathy Kleiman of the NCUC said the HDI was basically “SOPA behind closed doors”.
SOPA was the hugely controversial proposed US federal legislation that would have expanded law enforcement powers to suspend domains in cases of alleged copyright infringement.
Stoltz and others said that the HDI appeared to be operating under ICANN’s “umbrella”, giving it an air of having multistakeholder legitimacy, pointing out that the DNA has sessions scheduled on the official ICANN 57 agenda and “on ICANN’s dime”.
DNA members disagreed with that characterization.
It seems to me that the EFF’s arguments are very much of the “slippery slope” variety. While that may be considered a logical fallacy, it does not mean that its concerns are not valid.
But if there was a ever a “bright line” between domain policy and content regulation, it was traversed many years ago.
The EFF and supporters perhaps should just acknowledge that what they’re really concerned about is copyright owners abusing their powers, and target that problem instead.
The line has moved.

The DNA loses second exec director in a year

Kevin Murphy, October 11, 2016, Domain Registries

The Domain Name Association has lost its second executive director in less than a year.
The trade group has let go industry newcomer Roy Arbeit, who was hired just six months ago following the November 2015 departure of Kurt Pritz.
It does not plan to replace Arbeit, according to an email circulated to DNA members by chair Adrian Kinderis on Friday.
Instead, the day-to-day operations will be outsourced to Virtual, a trade association management company that has been working for the DNA for some time, Kinderis wrote.
The executive director was basically the only full-time DNA employee. The group is steered by a board of directors comprising representatives of major registries and registrars.
The decision to lose the position seems to be a cost-cutting measure, designed to allow the DNA to spend more on public relations campaigns promoting TLD acceptance and diversity, according to the email.

New DNA boss named

The Domain Name Association has appointed industry newcomer Roy Arbeit as its new executive director.
Arbeit was most recently managing director of sales and marketing at the American Society of Mechanical Engineers. He’s also worked for the American Arbitration Association, Ernst & Young, and Citibank.
He will take the DNA top job effective March 15.
He’s stepping into an empty office. The last DNA executive director Kurt Pritz, who quit in October after two years in the job.
DNA chair Adrian Kinderis said: “He is a strategic thinker and experienced team builder who will help us to accelerate our mission of making the importance, value, and utility of domain names more widely understood.”

What split? TLD webinar series folded into the DNA

Kevin Murphy, July 21, 2015, Domain Services

A TLD operators’ webinar series initially cast as a community group has been folded in to the Domain Name Association.
The DNA has announced the creation of the DNA University, which promises to pick up where the TLD Operators Webinar left off.
Tony Kirsch of ARI Registry Services has been appointed inaugural “Dean” of the University.
The first webinar will be entitled “Premium Domain Name Planning” and will be held July 28 at 1500 UTC.
Future webinars, which are open to all registries, registrars and new gTLD applicants, will address subjects including IDNs, rights protection, contractual compliance, and many more.
The TLD Operators Webinar was originally called the TLD Operators Community and characterized as a new industry group, which led to gossip about a split within the DNA.
The program was hurriedly re-branded and re-domained to clarify that it was more, as ARI CEO Adrian Kinderis put it, “a one off effort by our consultancy team to get everyone together for a chat.”
Now it’s just a service under the DNA umbrella.