Verisign and PIR join new DNS abuse group

The domain name industry has just got its fourth (by my count) DNS abuse initiative, with plans for work on “trusted notifier” programs and Public Interest Registry and Verisign as members.

topDNS, which announced itself this week, is a project out of eco, the German internet industry association. It said its goals are:

the exchange of best practices, the standardisation of abuse reports, the development of a trusted notifier framework, and awareness campaigns towards policy makers, decision-makers and expert groups

eco’s Thomas Rickert told DI that members inside and outside the industry had asked for such an initiative to combat “the narrative that industry is not doing enough against an ever-increasing problem”.

He said there’s a “worrying trend” of the domain industry being increasingly seen as an easy bottleneck to get unwelcome content taken down, rather than going after the content or hosting provider.

“There is not an agreed-upon definition of what constitutes DNS abuse,” he said.

“There are groups interested in defining DNS abuse very broadly, because it’s more convenient for them I guess to go to a registrar or registry and ask for a domain takedown rather than trying to get content taken down with a hosting company,” he said.

topDNS has no plans to change the definition of “DNS abuse” that has already been broadly agreed upon by the legit end of the industry.

The DNS Abuse Framework, which was signed by 11 major registries and registrars (now, it’s up to 48 companies) in 2019 defines it as “malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse)”.

This is pretty much in line with their ICANN contractual obligations; ICANN itself shudders away from being seen as a content regulator.

The big asterisk next to “spam” perhaps delineates “domains” from “content”, but the Framework also recommends that registries and registrars should act against content when it comprises child sexual abuse material, illegal opioid sales, human trafficking, and “specific and credible” incitements to violence.

Rickert said the plan with topDNS is to help “operationalize” these definitions, providing the domain industry with things like best practice documents.

Of particular interest, and perhaps a point of friction with other parties in the ecosystem in future, is the plan to work on “the development of a trusted notifier framework”.

Trusted notifier systems are in place at a handful of gTLD and ccTLD registries already. They allow organizations — typically law enforcement or Big Content — a streamlined, structured path to get domains taken down when the content they lead to appears to be illegal.

The notifiers get a more reliable outcome, while the registries get some assurances that the notifiers won’t take the piss with overly broad or spammy takedown requests.

topDNS will work on templates for such arrangements, not on the arrangements themselves, Rickert said. Don’t expect the project to start endorsing certain notifiers.

Critics such as the Electronic Frontier Foundation find such programs bordering on censorship and therefore dangerous to free speech.

While the topDNS initiative only has six named members right now, it does have Verisign (.com and .net) and PIR (.org), which together look after about half of all extant domains across all TLDs. It also has CentralNic, a major registrar group and provider of back-end services for some of the largest new gTLDs.

“Verisign is pleased to support the new topDNS initiative, which will help bring together stakeholders with an interest in combating and mitigating DNS security threats,” a company spokesperson said.

Unlike CentralNic and PIR, Verisign is not currently one of the 48 signatories of the DNS Abuse Framework, but the spokesperson said topDNS is “largely consistent” with that effort.

Verisign has also expressed support for early-stage trusted notifier framework discussions being undertaken by ICANN’s registry and registrar stakeholder groups.

PIR also has its own separate project, the DNS Abuse Institute, which is working on similar stuff, along with some tools to support the paperwork.

DNSAI director Graeme Bunton said: “I see these efforts as complementary, not competing, and we are happy to support and participate in each of them.” He’s going to be on topDNS’s inaugural Advisory Council, he and Rickert said.

Rickert and Bunton both pointed out that topDNS is not going to be limited to DNS abuse issues alone — that’s simply the most pressing current matter.

Rickert said issues such as DNS over HTTP and blockchain naming systems could be of future interest.

Domain firms plan “Trusted Notifier” takedown rules

Domain name registries and registrars are working on a joint framework that could speed up the process of taking down domain names being used for behavior such as movie piracy.

Discussed last week at the ICANN 71 public meeting, the Framework on Trusted Notifiers is a joint effort of the Registrar Stakeholder Group and Registries Stakeholder Group — together the Contracted Parties House — and is in the early stages of discussion.

Trusted Notifiers are third parties who often need domain names taken down due to activity such as copyright infringement or the sale of counterfeit pharmaceuticals, and are considered trustworthy enough not to overreach and spam the CPH with spurious, cumbersome, overly vague complaints.

It’s not a new concept. Registries in the gTLD space, such as Donuts and Radix, have had relationships with the Motion Picture Association for over five years.

ccTLD operator Nominet has a similar relationship with UK regulators, acting on behalf of Big Copyright and Big Pharma, taking down thousands of .uk domains every year.

The joint RrSG-RySG effort doesn’t appear to have any published draft framework yet, and the discussions appear to be being held privately, but members said last week that it is expected to describe a set of “common expectations or common understandings”, establishing what a Trusted Notifier is and what kind of cooperation they can expect from domain firms.

It’s one of several things the industry is working on to address complaints about so-called “DNS Abuse”, which could lead to government regulations or further delays to the new gTLD program.

It obviously veers into content policing, which ICANN has disavowed. But it’s not an ICANN policy effort. Whatever framework emerges, it’s expected to be non-contractual and voluntary.

Trusted Notifier relationships would be bilateral, between registry and notifier, with no ICANN oversight.

Such deals are not without controversy, however. Notably, free speech advocates at the Electronic Frontier Foundation have been complaining about Trusted Notifier for years, calling it “content policing by the back door” and most recently using it as an argument against Ethos Capital’s acquisition of Donuts.

ICANN waves off EFF concerns about the Ethos-Donuts deal

ICANN has dismissed concerns from the Electronic Frontier Foundation about the recent acquisition of Donuts by Ethos Capital.

Responding to a letter from EFF senior attorney Mitch Stoltz, ICANN chair Maarten Botterman said the deal had been thoroughly reviewed according to the necessary technical and financial stability standards.

In reviewing this transaction, the ICANN org team completed a thorough review and analysis of information provided by Ethos Capital and Donuts. Based on the review, the ICANN org team concluded that Donuts, as controlled by its proposed new owners would still meet or exceed the ICANN-adopted specifications or policies on registry operator criteria in effect, including with respect to financial resources, operational and technical capabilities, and overall compliance with ICANN’s contracts and Consensus Policies. Before its final decision on the matter, ICANN org provided multiple briefings to the Board. Following its final briefing and discussion with the Board, ICANN org approved the change of control in late March 2021.

The EFF had claimed that the anti-abuse parts of Donuts various registry agreements amounted to giving Donuts the right to “censor” domains, and it took issue with the Domain Protected Marks List domain blocking service.

Botterman noted that these predate the Ethos acquisition and were not reviewed.

Prior to the deal, which closed in March, Donuts was owned by another PE firm, Abry Partners. ICANN CEO Göran Marby had previously expressed puzzlement that the acquisition to lead to such concerns.

EFF rages as Ethos closes Donuts buy

The Electronic Frontier Foundation thinks the acquisition of Donuts by “secretive” private equity group Ethos Capital represents a risk to free speech.

The deal, which sees Ethos buy a controlling stake from fellow PE firm Abry Partners, closed earlier this week, having apparently received no official objection from ICANN.

But the EFF now wants ICANN to force Donuts to change its gTLD registry contracts to make it harder for the company to engage in what it calls “censorship-for-profit”.

The group’s senior staff attorney, Mitch Stoltz, raised the issued at the Public Forum session of last week’s ICANN 70 virtual public meeting, and expanded upon his thinking in a blog post this week. He wrote:

Donuts already has questionable practices when it comes to safeguarding its users’ speech rights. Its contracts with ICANN contain unusual provisions that give Donuts an unreviewable and effectively unlimited right to suspend domain names—causing websites and other internet services to disappear.

He pointed to Donuts’ trusted notifier program with the Motion Picture Association, which streamlines the takedown of domains used for pirating movies, as an example of a registry’s power to censor.

Donuts runs gTLDs including ones with social benefit meanings that the EFF is particularly concerned about, such as .charity, .community, .fund, .healthcare, .news, and .university.

Stoltz also makes reference to the Domain Protected Marks List, a Donuts service that enables trademark owners to block their marks, and variants, across its entire portfolio of 240+ gTLDs.

In effect, this lets trademark holders “own” words and prevent others from using them as domain names, even in top-level domains that have nothing to do with the products or services for which a trademark is used. It’s a legal entitlement that isn’t part of any country’s trademark law, and it was considered and rejected by ICANN’s multistakeholder policy-making community.

The DPML is not unique to Donuts. Competitors such as UNR and MMX have similar services on the market for their gTLDs.

When Stoltz raised the EFF’s concerns at last week’s ICANN meeting, CEO Göran Marby basically shrugged them off, saying he didn’t understand why one PE firm buying an asset off another PE firm was such a big deal.

I have to say I agree with him.

Ethos came under a lot of scrutiny last year when it tried to buy .org manager Public Interest Registry, turning it into a for-profit entity, generating cash for Ethos’ still-undisclosed backers.

(This week, Ethos disclosed in a press release that its investors include massive hedge funds The Baupost Group and Neuberger Berman “among others”, which appears to be the first time these names have been mentioned in connection with the company).

But a pretty good case could be made that .org is a unique case, that has had a non-profit motive baked into its DNA for decades. That does not apply to Donuts, which was a profit-making venture from the outset.

It’s not entirely clear why the EFF is suddenly concerned that Donuts will start exercise its contractual right-to-suspend more frequently under Ethos than under Abry. Stoltz wrote:

As we learned last year during the fight for .ORG, Ethos expects to deliver high returns to its investors while preserving its ability to change the rules for domain name registrants, potentially in harmful ways. Ethos refused meaningful dialogue with domain name users, instead proposing an illusion of public oversight and promoting it with a slick public relations campaign. And private equity investors have a sordid record of buying up vital institutions like hospitals, burdening them with debt, and leaving them financially shaky or even insolvent.

Even with the acquisition passing through ICANN easily, the EFF wants Donuts to change its contracts to make it more difficult for the company to suspend domain names on a whim.

I believe the language causing the controversy comes from anti-abuse policies in the Public Interest Commitments found in almost all Donuts’ contracts with ICANN, which state in part:

Registry Operator reserves the right, at its sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status as it determines necessary for any of the following reasons:

a. to protect the integrity and stability of the registry;

b. to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process;

c. to comply with the terms of this Registry Agreement and the Registry Operator’s Anti-Abuse Policy;

d. registrant fails to keep Whois information accurate and up-to-date;

d. domain name use violates the Registry Operator’s acceptable use policies, or a third party’s rights or acceptable use policies, including but not limited to the infringement of any copyright or trademark; or

e. as needed during resolution of a dispute.

As a voluntary PIC, this language is unique to Donuts, though other registries have similar provisions in their registry agreements.

SaveDotOrg to protest outside ICANN HQ. #lol

Good grief.
Just when you thought the outrage over .org manager Public Interest Registry’s imminent sale to Ethos Capital couldn’t get any weirder, the #SaveDotOrg campaign has announced that it is going to physically protest ICANN’s headquarters in Los Angeles next week.
From 0900 until 1100 local time, Friday January 24, they’ll gather to demand that non-profit voices are heard in ICANN’s decision whether to approve the acquisition. From the announcement:

Join us in demanding that ICANN commit to a process that includes the voices and priorities of nonprofits and grassroots organizations. The .ORG domain isn’t up for sale without our participation. We’ll rally outside ICANN’s offices in Los Angeles on Friday, January 24. This is an important moment in the SaveDotOrg campaign, and we want you to join us!

Sloganed T-shirts and signs will be available.
The event is being organized by NTEN, the Electronic Frontier Foundation and Fight For The Future. All very lovely people; I can’t see this turning into some Hong Kong-style riot situation.
Unusual as it is, this kind of direct action against ICANN is not unprecedented.
Back in 2011, a group of pornographers and civil liberties activists gathered outside the Westin St Francis hotel in San Francisco to, where ICANN was holding its public meeting, protest the imminent approval of .xxx, which they thought was a threat to free speech online. About 25 people showed up, by my count, chanting slogans such as “We want porn! No triple-X!”. Buttman was there.
Those protesters, it turns out many years later, really had nothing to worry about; nobody has been forced to buy a .xxx domain, and my friends tell me porn is still very much available on the internet.
I rather suspect the #SaveDotOrg guys are in the same boat. Of all the arguments against the acquisition, the one claiming that free speech is at risk still seems to me the least convincing.

Now .org critics actually want to take over the registry, blocking billion-dollar sale

A group of ICANN alumni and non-profits want to block the $1.135 billion sale of .org manager Public Interest Registry and for ICANN to hand over the reins to a new not-for-profit entity.
The Cooperative Corporation of .ORG Registrants was reportedly formed in California this week, supported by a long list of opponents of the .org deal, which would see the Internet Society sell PIR to a new private equity company called Ethos Capital.
Currently not-for-profit .org would become commercial again, answerable to shareholders who want to see a return on their investment. PIR recently had its 10%-a-year price caps lifted by ICANN, enabling it to increase its annual registry fees by as much as it wants.
Founding directors of the new co-op reportedly include ICANN founding chair Esther Dyson and founding CEO Mike Roberts, neither of whom have been heavily involved in ICANN or the domain name industry for the better part of two decades.
According to Reuters, Also on the board are Wikimedia Foundation CEO Katherine Maher, Jeff Ubois of the MacArthur Foundation, and Bill Woodcock, executive director of Packet Clearing House, which provides .org, via back-end Afilias, with DNS resolution services.
Dyson told the New York Times: “If you’re owned by private equity, your incentive is to make a profit. Our incentive is to serve and protect nonprofits and the public.”
The new registry would not have a profit motive, and excess funds would be returned to the non-profit community.
While the new group has yet to make a formal, public proposal, the idea is reportedly to persuade ICANN to block the sale of PIR to Ethos — something nobody can seem to agree is even within its powers — and instead transfer stewardship to this new co-op.
It’s a crazily ambitious goal.
The group would be basically asking ICANN to cut off ISOC’s primary funding source. PIR currently gives tens of millions of dollars a year to its owner, and after the Ethos deal ISOC intends to live off the interest of its billion-dollar windfall.
If ICANN canceled the PIR contract and handed .org to a third party, ISOC would get nothing, potentially crippling it and subsidiaries such as the IETF.
I can’t imagine such a decision, on the outside chance ICANN actually went down this path, not resulting in litigation.
The Cooperative Corporation of .ORG Registrants is reportedly also being backed by other supporters of the #SaveDotOrg campaign (which now has over 20,000 supporters), including the free speech advocates at the Electronic Frontier Foundation and NTEN, a conference/community hub for non-profits.
This campaign last month managed to persuade a group of four Democrat members of Congress — Ron Wyden, Richard Blumenthal, Elizabeth Warren and Anna Eshoo — to express their concerns about the Ethos deal and ask ISOC/Ethos/PIR a series of pointed questions about its potential ramifications.
In its response this week (pdf), the leaders of the three entities avoided directly answering the bulleted questions, but did make some commitments that I believe are new.
Notably, they said that the registry would reincorporate as a Public Benefit LLC before the acquisition closes. This is a relatively new form of legal entity, which has been described like this:

A Public Benefit LLC is a for-profit entity; however, in operating a Public Benefit LLC, the LLC’s management can take into account social, economic and political considerations without violating its fiduciary duty to act in the best interests of the company.

In other words, PIR would be free to place the needs of .org’s non-profit registrants ahead of the needs of its own shareholders without opening itself up to legal action.
A “statement of public benefit” would be in its certificate of formation, and would include a commitment “to limit any potential increase in the price of a .ORG domain registration to no more than 10% per year on average”.
I’ve noted before that this is worded vaguely enough to give Ethos some flexibility to raise prices by over 10%, but the fact that it’s offering to bake a commitment on pricing into its corporate DNA may be seen as a step in the right direction by critics.
It’s also proposing a “Stewardship Council”, which would be “an independent and transparent body” tasked with providing policy guidance to PIR and overseeing a new “Community Investment Fund” that would be used for initiatives such as the annual .org awards program.

Non-coms want .org’s future carved in stone

ICANN’s non-commercial stakeholders have “demanded” changes to Public Interest Registry’s .org contract, to protect registrants for the next couple of decades.
The NCSG sent a letter to ICANN chair Maarten Botterman this week which stopped short of demanding, as others have, that ICANN reverse its decision to unfetter PIR from the 10%-a-year cap on prices increases it has previously been subject to.
Instead, it asks ICANN to strengthen the already existing notification obligations PIR has when it increases prices.
Today, if PIR wants to up its fee it has to give its registrars six months notice, and registrants are allowed to lock in the current pricing by renewing for up to 10 years.
NCSG wants to ensure registrants get the same kind of advance notification, either from PIR or its registrars, and for the lock-in period doubled to 20 years.
The group is concerned that, now that PIR seems set to become a for-profit venture following its $1.135 billion acquisition by Ethos Capital, there’s a risk the registry may attempt to exploit the registrants of its over 10 million .org domains.
I think it unlikely that ICANN, should it pay any attention at all to the letter, will agree to the 20-year renewal ask, given that the contract only runs for 10 years and that gTLD registries are forbidden from selling domains for periods of longer than a decade.
It would require adjustments with other parts of the contract, such as transaction reporting requirements, and would probably need some industry-wide tinkering with the EPP registry protocols too.
In some respects, the stance on pricing could be seen as a softening of NCSG’s previous position.
In April, it said that price caps should remain, but that they should be increased from the 10% a year level. If that view remains, the letter does not restate it.
The NCSG also wants the oft-criticized Uniform Rapid Suspension policy removed from the .org contract, on the basis that it was only ever supposed to be applied to gTLDs applied for in the 2012 round and not legacy gTLDs.
URS has been incorporated in all but one of the legacy gTLD contracts that have been renewed since 2012.
Finally, NCSG asks that ICANN essentially write the US First Amendment into the .org agreement, writing that it wants:

A strong commitment that the administration of the ORG domain will remain content-neutral; that is, the registry will not suspend or take away domains based on their publication of political, cultural, social, ethnic, religious, and personal content, even untrue, offensive, indecent, or unethical material, like that protected under the U.S. First Amendment.

The fear that a .org in commercial hands will be more susceptible to censorship pressures is something that the Electronic Frontier Foundation has also recently raised.
The basis for the NCSG’s demands are rooted in the original redelegation of .org from Verisign to PIR in early 2003, which came after a competitive bidding process that saw PIR beat 10 rival applicants, partly on the basis of its commitment to non-profit registrants.
You may recall I did a deep-dive into .org’s history last week that covered what was said by whom during that process.
NCSG writes:

The ORG situation is unique because of its origins in a competitive RFP that was specifically earmarked for noncommercial registrants. How ICANN handles this case, however, will have enormous precedential consequences for the stability of the DNS and ICANN’s own reputation and status. Changes in ownership are likely to be increasingly common going forward. Domain name users want stability and predictability in their basic infrastructure, which means that the obligations, service commitments and pricing cannot be adjusted dramatically as ownership changes.

NCSG’s letter has not yet been published by ICANN, but the Internet Governance Project’s Milton Mueller has copied its text in a blog post here.

#SaveDotOrg to hold public web conference tomorrow with Ethos execs

The two top executives at Ethos Capital are due to confront non-profits that want to stymie its $1.13 billion acquisition of Public Interest Registry on a public call tomorrow.
The call has been put together by NTEN, a conference organizer that focuses on the use of tech by non-profits.
According to NTEN, the call will feature speakers from anti-deal Electronic Frontier Foundation, The National Council of Nonprofits, and Internet Society chapter leaders (some of whom are against the deal).
PIR boss Jon Nevett, as well as Ethos CEO Erik Brooks and chief purpose office Nora Abusitta have also agreed to attend. Andrew Sullivan, CEO of the Internet Society “has been invited but has not confirmed participation”, NTEN said.
It’s going to be the first time that those in favor of the deal will face off in public against those that want it scrapped.
The acquisition is controversial because it represents the .org gTLD going into private, for-profit hands for the first time in 17 years, with previous pricing restrictions removed.
So far, over 12,000 people have signed a petition at savedotorg.org to express their dismay with the deal.
You can find details about the call here, including an email address to submit questions in advance.
The call will happen online at 2000 UTC (1200 US Pacific Time) Thursday December 5. You may have to install some software in advance, though a browser-only option seems to be available too.

Four big developments in the .org pricing scandal

The renewal of Public Interest Registry’s .org contract and its subsequent acquisition by Ethos Capital is the gift that keeps on giving in terms of newsworthy developments, so I thought I’d bundle up the most important into a single article.
First, ICANN has thrown out the appeal filed by Namecheap and provided a (kinda) explanation of how the recent contract renewal came about.
The board of directors voted to reject Namecheap’s Request for Reconsideration on Thursday, as I reported last week, but the decision was not published until last night.
Namecheap had demanded ICANN reverse its decision to remove the 10%-a-year cap on price increases previously in the .org contract, enabling PIR to unilaterally raise its prices by however much it wants.
It said that ICANN had “ignored” the more then 3,000 people and organizations that had submitted comments opposing the lifting of caps.
But the board said:

ICANN org’s Core Values do not require it to accede to each request or demand made in public comments or otherwise asserted through ICANN’s various communication channels. ICANN org ultimately determined that ICANN’s Mission was best served by replacing price caps in the .ORG/.INFO Renewed RAs with other pricing protections to promote competition in the registration of domain names, afford the same “protections to existing registrants” that are afforded to registrants of other TLDs, and treat registry operators equitably.

The board also decided to describe, in a roundabout kinda way, how it conducts renewal talks with pre-2012 legacy gTLDs, explaining that ICANN “prefers” to move these registries to the 2012 contract, but that it cannot force them over. The resolution states:

All registry agreements include a presumptive right of renewal clause. This clause provides a registry operator the right to renew the agreement at its expiration provided the registry operator is in good standing (e.g., the registry operator does not have any uncured breaches), and subject to the terms of their presumptive renewal clauses.
In the course of engaging with a legacy registry operator on renewing its agreement, ICANN org prefers to and proposes that the registry operator adopts the new form of registry agreement that is used by new gTLDs as the starting point for the negotiations. This new form includes several enhancements that benefit the domain name ecosystem such as better safeguards in dealing with domain name infrastructure abuse, emergency backend support, as well as adoption of new bilaterally negotiated provisions that ICANN org and the gTLD Registries Stakeholder Group conduct from time to time for updates to the form agreement, and adoption of new services (e.g., RDAP) and procedures.
Although ICANN org proposes the new form of registry agreement as a starting place for the renewal, because of the registry operator’s presumptive right of renewal ICANN org is not in a position to mandate the new form as a condition of renewal. If a registry operator states a strong preference for maintaining its existing legacy agreement form, ICANN org would accommodate such a position, and has done so in at least one such instance.

I believe the gTLD referred to in the last sentence is Verisign’s .net, which renewed in 2017 without substantially transitioning to the 2012-round contract.
On the acquisition, the board notes:

the Board acknowledges (and the Requestor points out in its Rebuttal) the recently announced acquisition of PIR, the current .ORG registry operator, and the results of that transaction is something that ICANN organization will be evaluating as part of its normal process in such circumstances.

That appears to be a nod to the fact that ICANN has the power to reject changes of control under exceptional circumstances, per the .org contract.
Despite the wholly predictable rejection of Namecheap’s RfR, appeals against the contract’s new terms may not be over.
For some reason I have yet to ascertain, the very similar RfR filed around the same time by the Electronic Frontier Foundation was not considered, despite being on the agenda for last Thursday’s board meeting.
Additionally, I hear Namecheap has applied for Cooperative Engagement Process status, meaning it is contemplating filing an Independent Review Process appeal.
Second, Ethos Capital, PIR’s new owner, launched a web site in which it attempts to calm many of the concerns, criticisms and conspiracy theories leveled its way since the acquisition was announced.
Found at keypointsabout.org, the site tries to clarify the timing and motivation of the deal.
On timing, Ethos says:

Ethos Capital first approached the Internet Society in September 2019, well after PIR’s contract renewal with ICANN had finished… PIR was not for sale at the time the price caps were lifted on .ORG. The removal of .ORG’s price restrictions earlier this year was not unique to .ORG and was in no way motivated by a desire to sell PIR.

The .org contract was signed at the end of July, so while Ethos may well have been lusting after PIR before the renewal, it apparently did not run towards it with its trousers around its ankles until at least a month later.
On its pricing intentions, Ethos says:

The current price of a .ORG domain name is approximately $10 per year. Our plan is to live within the spirit of historic practice when it comes to pricing, which means, potentially, annual price increases of up to 10 percent on average — which today would equate to approximately $1 per year.

This sounds rather specific, but it’s vague enough to give PIR leeway to, say, introduce a 100% increase immediately and then freeze prices until it averages out at 10% per year. I don’t think the company will do something so extreme, but it would technically be possible the way it’s described here.
On the connections to Abry Partners and former ICANN CEO Fadi Chehade, Ethos says that while founder and CEO Erik Brooks is a 20-year veteran of Abry (which also owns Donuts) “Abry Partners is not involved in this transaction.”
It adds, however, that Chehade’s company, Chehade & Company, where Ethos chief purpose officer Nora Abusitta-Ouri has worked “is an adviser to Ethos”.
What this means, at the very least, is that the new owner of .org allowed an outside contractor to register the domain matching its name in the very gTLD it runs, which most domain veterans will recognize as a rookie mistake.
Ethos goes on to list VidMob Inc, Whistle Sports Inc, Adhark Inc and LiquidX Inc as other companies Ethos has invested in, perhaps rubbishing the hypothesis (which I, admittedly, have publicly floated) that Ethos was a vehicle created by Abry purely to buy up PIR.
Third, Ethos may be funded by “billionaire Republicans”.
.eco registry founder Jacob Malthouse, who’s trying to rouse up support for the #SaveDotOrg campaign, dug up an email apparently sent by ISOC CEO Andrew Sullivan to a members mailing list in the wake of the acquisition announcement, which names some of the backers of the deal.
They are: Perot Holdings, FMR LLC and Solamere Capital.
What they have in common is that they’re all — at least according to Malthouse’s since-amended original post — founded/owned/affiliated with prominent billionaire US Republicans. I’m not sure I’d fully agree with that characterization.
Perot was founded by Ross Perot, who stood for US president as an independent a few times but spent the last couple of decades of his life (which ended in July) as a Republican. I’d say his political affiliation died with him.
FMR, or Fidelity Investments, is run by Abigail Johnson, who inherited the role from her father and grandfather. While she’s made donations to Republicans including local senator, Mitt Romney, she also gave Hillary Clinton a tonne of cash to support her 2016 presidential election run, so I’m not sure I’d necessarily characterize her as die-hard GOP.
Romney himself was involved in the founding of Solamere Capital, the third apparent Ethos investor, but according to its web site he stepped down at the start of this year, long before Ethos was even founded, in order to re-join the US Senate.
I’m not sure what the big deal about these connections is anyway, unless you’re of the (often not unreasonable) belief that you don’t get to be a billionaire Republican without being just a little bit Evil.
Fourth, a bunch of non-profits are campaigning to get the deal scrapped.
The #SaveDotOrg campaign now has its matching .org address and web site, savedotorg.org.
It appears to have been set up by the EFF, but its supporters also include the non-profits American Alliance of Museums, American Society of Association Executives, Aspiration, Association of Junior Leagues International, Inc., Creative Commons, Crisis Text Line, Demand Progress Education Fund, DoSomething.org, European Climate Foundation, Free Software Foundation, Girl Scouts of the USA, Independent Sector, Internet Archive, Meals on Wheels America, National Council of Nonprofits, National Human Services Assembly, NTEN, Palante Technology Cooperative, Public Knowledge, R Street Institute, TechSoup, VolunteerMatch, Volunteers of America, Wikimedia Foundation, YMCA of the USA and YWCA USA.
The letter (pdf) states:

Non-governmental organizations all over the world rely on the .ORG top-level domain. Decisions affecting .ORG must be made with the consultation of the NGO community, overseen by a trusted community leader. If the Internet Society (ISOC) can no longer be that leader, it should work with the NGO community and the Internet Corporation for Assigned Names and Numbers (ICANN) to find an appropriate replacement.

It claims that the new .org contract gives PIR powers to “do significant harm” to non-profits, should they be abused.
The campaign has had a little traction on social media and so far has over 8,000 signatures.

ICANN board meets to consider PIR acquisition TODAY

ICANN’s board of directors will gather today to consider whether the acquisition of Public Interest Registry by a private equity company means that it should reverse its own decision to allow PIR to raise .org prices arbitrarily.
Don’t get too excited. It looks like it’s largely a process formality that won’t lead to any big reversals, at least in the short term.
But I’ve also learned that the controversy could ultimately be heading to an Independent Review Process case, the final form of appeal under ICANN rules.
The board is due to meet today with just two named agenda items: Reconsideration Request 19-2 and Reconsideration Request 19-3.
Those are the appeals filed by the registrar Namecheap in July and rights group the Electronic Frontier Foundation in August.
Namecheap and EFF respectively wanted ICANN to reverse its decisions to remove PIR’s 10%-a-year price-raising caps and to oblige the registry to enforce the Uniform Rapid Suspension anti-cybersquatting policy.
Both parties now claim that the sale by the Internet Society of PIR to private equity firm Ethos Capital, announced last week, casts new light on the .org contract renewal.
The deal means PIR will change from being a non-profit to being a commercial venture, though PIR says it will stick to its founding principles of supporting the non-profit community.
I reported a couple of weeks ago that the board had thrown out both RfRs, but it turns out that was not technically correct.
The full ICANN board did in fact consider both appeals, but it was doing so in only a “preliminary” fashion, according to an ICANN spokesperson. ICANN told me:

On 3 November the Board considered “proposed determinations” for both reconsideration request 19-2 and 19-3. In essence, the Board was taking up the Board Accountability Mechanism Committee (BAMC) role, as the BAMC had not been able to reach quorum in early November due to certain recusals by BAMC members.
Once the Board adopted the proposed determinations (in lieu of the BAMC issuing a recommendation to the Board) the parties that submitted the reconsideration requests had 15 days to submit a rebuttal, for the Board’s full consideration of the matter, which is now on the agenda.

Normally, RfRs are considered first by the four-person BAMC, but in this case three of the members — Sarah Deutsch, Nigel Roberts, and Becky Burr — recused themselves out of the fear of appearing to present conflicts of interest.
The committee obviously failed to hit a quorum, so the full board took over its remit to give the RfRs their first pass.
The board decided that there had been no oversights or wrongdoing. Reconsideration always presents a high bar for requestors. The .org contract was negotiated, commented on, approved, and signed completely in compliance with ICANN’s governing rules, the board decided.
But the ICANN bylaws allow for a 15-day period following a BAMC recommendation during which rejected RfR appellants can submit a rebuttal.
And, guess what, both of them did just that, and both rebuttals raise the PIR acquisition as a key reason ICANN should think again about the .org contract changes.
The acquisition was announced a week ago, and it appears to have come as much of a surprise to ICANN as to everyone else. It’s a new fact that the ICANN board has not previously taken into account when considering the two RfRs, which could prove important.
Namecheap reckons that the deal means that PIR is now almost certain to raise .org prices. New gTLD registry Donuts was bough by Ethos affiliate Abry Partners last year, and this year set about raising prices across the large majority of its 200-odd gTLDs. Namecheap wrote in its rebuttal:

Within months of be acquired by Abry Partners, it raised prices in 2019 for 220 out of its 241 TLDs. Any statements by PIR now to not raise prices unreasonably are just words, and without price caps, there is no way that .org registrants are not used a source to generate revenue for acquisitions or to pay dividends to its shareholders.

It also said:

The timing and the nature of this entire process is suspicious, and in a well-regulated industry, would draw significant scrutiny from regulators. For ICANN not to scrutinize this transaction closely in a completely transparent and accountable fashion (including public disclosure of pertinent information regarding the nature, cost, the terms of any debt associated with the acquisition, timeline of all parties involved, and the principals involved) would demonstrate that ICANN org and the ICANN Board do not function as a trusted or reliable internet steward.

Namecheap also takes issue with the fact that ICANN’s ruling on its RfR (pdf) draws heavily on a 2009 economic analysis by Professor Dennis Carlton, which concluded that price caps were unnecessary in the new gTLD program.
The registrar trashes this analysis as being based on more opinion than fact, and says it is based on outdated market data.
Meanwhile, the EFF’s rebuttal makes the acquisition one of four reasons why it thinks ICANN should reverse course. It said;

ICANN must carefully reexamine the .ORG Registry Agreement in light of this news. Without the oversight and participation of the nonprofit community, measures that give the registry authority to institute new [Rights Protection Mechanisms] or make other major policy changes invite management decisions that conflict with the needs of the .ORG community.

Quite often, RfRs are declined by ICANN because the requestor does not present any new information that the board has not already considered. But in this case, the fact of the PIR acquisition is empirically new information, as it’s only week-old news.
Will this help Namecheap and the EFF with their cause? The board will certainly have to consider this new information, but I still think it’s unlikely that it will change its mind.
But I’ve also learned that Namecheap has filed with ICANN to trigger a Cooperative Engagement Process procedure.
The CEP is an often-lengthy bilateral process where ICANN and an aggrieved party attempt to resolve their differences in closed-door talks.
When CEP fails, it often leads to an Independent Review Process complaint, when both sides lawyer up and three retired judges are roped in to adjudicate. These typically cost both sides hundreds of thousands of dollars in legal fees.
CEP and IRP cases are usually measured in years rather than months, so the PIR acquisition could be under scrutiny for a long time to come.