UN ruling may put .io domains at risk

The future of .io domains may have been cast into doubt, following a ruling from the UN’s highest court.
The International Court of Justice this afternoon ruled (pdf) by a 13-1 majority that “the United Kingdom is under an obligation to bring to an end its administration of the Chagos Archipelago as rapidly as possible”.
The Chagos Archipelago is a cluster of islands that the UK calls the British Indian Ocean Territory.
It was originally part of Mauritius, but was retained by the UK shortly before Mauritius gained independence in 1968, so a strategic US military base could be built on Diego Garcia, one of the islands.
The native Chagossians were all forcibly relocated to Mauritius and the Seychelles over the next several years. Today, most everyone who lives there are British or American military.
But the ICJ ruled today, after decades of Mauritian outrage, that “the process of decolonization of Mauritius was not lawfully completed when that country acceded to independence in 1968, following the separation of the Chagos Archipelago”.
So BIOT, if the UK government follows the ruling, may cease to exist in the not-too-distant future.
BIOT’s ccTLD is .io, which has become popular with tech startups over the last few years and has over 270,000 domains.
It’s run by London-based Internet Computer Bureau Ltd, which Afilias bought for $70 million almost two years ago.
Could it soon become a ccTLD without a territory, leaving it open to retirement and removal from the DNS root?
It’s not impossible, but I’ll freely admit that I’m getting into heavy, early speculation here.
There are a lot of moving parts to consider, and at time of writing the UK government has not even stated how it will respond to the non-binding ICJ ruling.
Should the UK abide by the ruling and wind down BIOT, its IO reservation on the ISO 3166-1 alpha-2 list could then be removed by the International Standards Organisation.
That would mean .io no longer fits the ICANN criteria for being a ccTLD, leaving it subject to forced retirement.
Retired TLDs are removed from the DNS root, meaning all the second-level domains under them stop working, obviously.
It’s not entirely clear how this would happen. ICANN’s Country Code Names Supporting Organization has not finished work on its policy for the retirement of ccTLDs.
TLDs are certainly not retired overnight, without the chance of an orderly winding-down.
Judging by the current state of ccNSO discussions, it appears that ccTLDs could in future be retired with or without the consent of their registry, with a five-to-10-year clock starting from the string’s removal from the ISO 3166-1 list.
Under existing ICANN procedures, I’m aware of at least two ccTLDs that have been retired in recent years.
Timor-Leste was given .tl a few years after it rebranded from Portuguese Timor, and .tp was removed from the DNS a decade later. It took five years for .an to be retired after the Netherlands Antilles’ split into several distinct territories in 2010.
But there are also weird hangers-on, such as the Soviet Union’s .su, which has an “exceptional reservation” on the ISO list and is still active (and inexplicably popular) as a ccTLD.
As I say, I’m in heavy speculative territory when it comes to .io, but it strikes me that not many registrants will consider when buying their names that the territory their TLD represents may one day simple poof out of existence at the stroke of a pen.
Afilias declined to comment for this article.

ICANN approves two new TLDs, including THAT one

ICANN’s board of directors has given the nod to two more country-code TLDs.
The eight-year-old nation of South Sudan is finally getting its possibly controversial .ss, while Mauritania is getting the Arabic-script version of its name, موريتانيا. (.xn--mgbah1a3hjkrd), to complement its existing .mr ccTLD.
Both TLDs were approved by ICANN after going through the usual, secretive IANA process, at its board meeting at the weekend.
The recipient of موريتانيا. is the Université de Nouakchott Al Aasriya, while .ss is going to National Communication Authority, a governmental agency.
As previously noted, .ss has the potential to be controversial due to its Nazi associations, and the fact that Nazis are precisely the kind of people who have trouble finding TLDs that will allow them to register names.
But none of that is ICANN’s business. It simply checks to make sure the requester has the support of the local internet community and that the string is on the ISO 3166 list.
The Mauritanian IDN has already been added to the DNS root, while .ss has not.

Nazis rejoice! A TLD for you could be coming soon

The domain name system could soon get its first new standard country-code domain for eight years.
This weekend, ICANN’s board of directors is set to vote on whether to allow the delegation of a ccTLD for the relatively new nation of South Sudan.
The string would be .ss.
It would be the first Latin-script ccTLD added to the root since 2010, when .cw and .sx were delegated for Curaçao and Sint Maarten, two of the countries formed by the breakup of the Netherlands Antilles.
Dozens of internationalized domain name ccTLDs — those in non-Latin scripts — have been delegated in the meantime.
But South Sudan is the world’s newest country. It formed in 2011 following an independence referendum that saw it break away from Sudan.
It was recognized by the UN as a sovereign nation in July that year and was given the SS delegation by the International Standards Organization on the ISO 3166-2 list a month later.
The country has been wracked by civil war for almost all of its existence, which may well be a reason why it’s taken so long for a delegation request to come up for an ICANN vote. The warring sides agreed to a peace treaty last year.
South Sudan is among the world’s poorest and least-developed nations, with shocking levels of infant and maternal mortality. Having an unfortunate ccTLD is the very least of its problems.
The choice of .ss was made in 2011 by the new South Sudan government in the full knowledge that it has an uncomfortable alternate meaning in the global north, where the string denotes the Schutzstaffel, the properly evil, black-uniformed bastards in every World War II movie you’ve ever seen.
The Anti-Defamation League classifies “SS” as a “hate symbol” that has been “adopted by white supremacists and neo-Nazis worldwide”.
When South Sudan went to ISO for the SS delegation, then-secretary of telecommunications Stephen Lugga told Reuters

We want our domain name to be ‘SS’ for ‘South Sudan’, but people are telling us ‘SS’ has an association in Europe with Nazis… Some might prefer us to have a different one. We have applied for it anyway, SS, and we are waiting for a reply.

To be fair, it would have been pretty dumb to have applied for a different string, when SS, clearly the obvious choice, was available.
There’s nothing ICANN can do about the string. It takes its lead from the ISO 3166 list. Nor does it have the authority to impose any content-regulation rules on the new registry.
Unless the new South Sudan registry takes a hard line voluntarily, I think it’s a near-certainty that .ss will be used by neo-Nazis who have been turfed out of their regular domains.
The vote of ICANN’s board is scheduled to be part of its main agenda, rather than its consent agenda, so it’s not yet 100% certain that the delegation will be approved.

Exclusive: Tiny island sues to take control of lucrative .nu

The tiny Pacific island of Niue has sued the Swedish ccTLD registry to gain control of its own ccTLD, .nu, DI has learned.
The lawsuit, filed this week in Stockholm, claims that the Internet Foundation In Sweden (IIS) acted illegally when it essentially took control of .nu in 2013, paying its American owner millions of dollars a year for the privilege.
Niue wants the whole ccTLD registry transferred to its control at IIS’s expense, along with all the profits IIS has made from .nu since 2013 — many millions of dollars.
It also plans to file a lawsuit in Niue, and to formally request a redelegation from IANA.
While .nu is the code assigned to Niue, it has always been marketed in northern Europe, particularly Sweden, in countries where the string means “now”.
It currently has just shy of 400,000 domains under management, according to IIS’s web site, having seen a 50,000-name slump just a couple weeks ago.
It was expected to be worth a additional roughly $5 million a year for the registry’s top line, according to IIS documents dated 2012, a time when it only had about 240,000 domains.
For comparison, Niue’s entire GDP has been estimated at a mere $10 million, according to the CIA World Factbook. The island has about 1,800 inhabitants and relies heavily on tourism and handouts from New Zealand.
According to documents detailing its 2013 takeover, IIS agreed to pay a minimum of $14.7 million over 15 years for the right to run the ccTLD, with a potential few million more in performance-related bonuses.
The Niue end of the lawsuit is being handled by Par Brumark, a Swedish national living in Denmark, who has been appointed by the Niuean government to act on its behalf on ICANN’s Governmental Advisory Committee, where he is currently a vice-chair.
Brumark told DI that IIS acted illegally when it took over .nu from previous registry, Massachusetts-based WorldNames, which had been running the ccTLD without the consent of Niue’s government since 1997.
The deal was characterized by WorldNames in 2013 as a back-end deal, with IIS taking over administrative and technical operations.
But IIS documents from 2012 reveal that it is actually more like a licensing deal, with IIS paying WorldNames the aforementioned minimum of $14.7 million over 15 years for the rights to manage, and profit from, the TLD.
The crux of the lawsuit appears to be the question of whether .nu can be considered a “Swedish national domain”.
IIS is a “foundation”, which under Swedish law has to stick to the purpose outlined in its founding charter.
That charter says, per IIS’s own translation, that the IIS “must particularly promote the development of the handling of domain names under the top-level domain .se and other national domains pertaining to Sweden.”
Brumark believes that .nu is not a national domain pertaining to Sweden, because it’s Niue’s national ccTLD.
One of his strongest pieces of evidence is that the Swedish telecoms regulator, PTS, refuses to regulate .nu because it’s not Swedish. PTS is expected to be called as a witness.
But documents show that the Stockholm County Administrative Board, which regulates Foundations, gave permission in 2012 for IIS to run “additional top-level domains”.
Via Google Translate, the Board said: “The County Administrative Board finds that the Foundation’s proposed management measures to administer, managing and running additional top-level domains is acceptable.”
Brumark thinks this opinion was only supposed to apply to geographic gTLDs such as .stockholm, and not to ccTLD strings assigned by ISO to other nations.
The Stockholm Board did not mention .nu or make a distinction between ccTLD and gTLDs in its letter to IIS, but the letter was in response to a statement from an IIS lawyer that .nu, with 70% of its registrations in Sweden, could be considered a Swedish national domain under the IIS charter.
Brumark points to public statements made by IIS CEO Danny Aerts to the effect that IIS is limited to Swedish national domains. Here, for example, he says that IIS could not run .wales.
IIS did not respond to my requests for comment by close of business in Sweden today.
Niue claims that if .nu isn’t Swedish, IIS has no rights under its founding charter to run it, and that it should be transferred to a Niuean entity, the Niue Information Technology Committee.
That’s a governmental entity created by an act of the local parliament 18 years ago, when Niue first started its campaign to get control of .nu.
The history of .nu is a controversial one, previously characterized as “colonialism” by some.
The ccTLD was claimed by Boston-based WorldNames founder Bill Semich and an American resident of the island, in 1997. That’s pre-ICANN, when the IANA database was still being managed by Jon Postel.
At the time, governments had basically no say in how their ccTLDs were delegated. It’s not even clear if Niue was aware its TLD had gone live at the time.
The official sponsor of .nu, according to the IANA record, is the IUSN Foundation, which is controlled by WorldNames.
Under ICANN/IANA policy, the consent of the incumbent sponsor is required in order for a redelegation to occur, and WorldNames has been understandably reluctant to give up its cash cow, despite Niue trying to take control for the better part of two decades.
The 2000 act of parliament declared that NITC was the only true sponsor for .nu, but even Niuean law has so far not proved persuasive.
So the lawsuit against IIS is huge twist in the tale.
If Niue were to win, IIS would presumably be obliged to hand over all of its registry and customer data to Niue’s choice of back-end provider.
Both Afilias and Danish registrar One.com have previously expressed an interest in running .nu, providing a share of the revenue to Niue, according to court documents.
Brumark said that a settlement might also be possible, but that it would be very costly to IIS.
Readers might also be interested in my 2011 article about Niue, which was once widely referred to as the “WiFi Nation”.

ICANN turns 20 today (or maybe not)

ICANN is expected to celebrate its 20th anniversary at its Barcelona meeting next month, but by some measures it has already had its birthday.
If you ask Wikipedia, it asserts that ICANN was “created” on September 18, 1998, 20 years ago today.
But that claim, which has been on Wikipedia since 2003, is unsourced and probably incorrect.
While it’s been repeated elsewhere online for the last 15 years, I’ve been unable to figure out why September 18 has any significance to ICANN’s formation.
I think it’s probably the wrong date.
It seems that September 16, 1998 was the day that IANA’s Jon Postel and Network Solutions jointly published the organization’s original bylaws and articles of incorporation, and first unveiled the name “ICANN”.
That’s according to my former colleague and spiritual predecessor Nick Patience (probably the most obsessive journalist following DNS politics in the pre-ICANN days), writing in now-defunct Computergram International on September 17, 1998.
The Computergram headline, helpfully for the purposes of the post you are reading, is “IANA & NSI PUBLISH PLAN FOR DNS ENTITY: ICANN IS BORN”.
Back then, before the invention of the paragraph and when ALL CAPS HEADLINES were considered acceptable, Computergram was published daily, so Patience undoubtedly wrote the story September 16, the same day the ICANN proposal was published.
A joint Postel/NetSol statement on the proposal was also published September 17.
The organization was not formally incorporated until September 30, which is probably a better candidate date for ICANN’s official birthday, archived records show.
Birthday meriments are expected to commence during ICANN 63, which runs from October 20 to 25. There’s probably free booze in it, for those on-site in Barcelona.
As an aside that amused me, the Computergram article notes that Jones Day lawyer Joe Sims very kindly provided Postel with his services during ICANN’s creation on a “pro bono basis”.
Jones Day has arguably been the biggest beneficiary of ICANN cash over the intervening two decades, billing over $8.7 million in fees in ICANN’s most recently reported tax year alone.

Root crypto rollover now slated for October

ICANN has penciled in October 11 as the new date for rolling the DNS root’s cryptographic keys, a delay of a year from its original plan.
The so-called KSK rollover will see ICANN remove the deprecated 2010 Key Signing Key, leaving only the 2017 KSK active.
The KSK acts as the “trust anchor” for DNSSEC across the whole internet.
After the rollover, any network not configured to use the latest KSK would see a service interruption.
This could mean many millions of internet users being affected, but ICANN doesn’t know the extent of the possible impact for sure.
ICANN told us in November that it knows of 176 organizations in 41 countries, fairly evenly spread across the globe, that are currently not prepared to handle the new KSK.
But its data is patchy because only a tiny number of DNS resolvers are actually configured to automatically report which KSKs they’re set up to use.
Key rollovers are recommended by DNSSEC experts to reduce the risk of brute force attacks against old keys. At the root, the original plan was to roll the keys every five years.
ICANN had named October 11 2017 as the date for the first such rollover, but this was pushed back to some time in the first quarter after ICANN became aware of the lack of support for the 2017 KSK.
This was pushed back again in December to Q3 at the earliest, after ICANN admitted it still didn’t have good enough data to measure the impact of a premature roll.
Since then, ICANN has been engaged in (not always successful) outreach to networks it knows are affected and has kicked off discussions among network operators (there’s a fairly lively mailing list on the topic) to try to gauge how cautious it needs to be.
It’s now published an updated plan that’s the same as the original plan but with a date exactly one year late — October 11, 2018.
Between now and then, it will continue to try to get hold of network operators not ready to use the new keys, but it’s not expecting to completely eliminate damage. The plan reads:

Implicit in the outreach plan is the same assumption that the community had for the earlier (postponed) plan: there will likely be some systems that will fail to resolve names starting on the day of the rollover. The outreach will attempt to minimize the number of affected users while acknowledging that the operators of some resolvers will be unreachable.

The plan is open for public comment and will require the assent of the ICANN board of directors before being implemented. You have until April 2 to respond.

Is the Trump administration really trying to reverse the IANA transition?

Questions have been raised about the US government’s commitment to an independent ICANN, following the release of letters sent by two top Trump appointees.
In the letters, new NTIA head David Redl and Secretary of Commerce Wilbur Ross expressed an interest in looking at ways to “unwind” the IANA transition, which in 2016 severed the formal ties between ICANN and the US in DNS root zone management.
Responding to questions from senators during his lengthy confirmation process, now National Telecommunications and Information Administration assistant secretary Redl wrote:

I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.

The letters were first obtained by Politico under the Freedom of Information Act. We’re publishing them here (pdf).
They were sent last August, when Redl’s confirmation to the NTIA role was being held up by Senator Ted Cruz, who vehemently opposed the transition because he said he thought it would give more power over online speech to the likes of Russia and China.
He was confirmed in November.
The question is whether Redl was serious about unwinding the transition, or whether he was just bullshitting Cruz in order to remove a roadblock to his confirmation.
Technically, he only promised to “recommend” convening a panel of experts to his boss, Ross.
NTIA declined to comment last week when DI asked whether the department still supports the IANA transition, whether any efforts are underway to unwind it, and whether the panel of experts has already been convened.
Redl’s statements on ICANN since his confirmation have been more or less consistent with his Obama-era predecessor, Larry Strickling, in terms of expressing support for multi-stakeholder models, but with perhaps some causes for concern.
During his first public speech, delivered at the CES show in Las Vegas earlier this month, Redl expressed support for multi-stakeholder internet governance amid pushes for more multi-lateral control within venues such as the International Telecommunications Union.
However, he added:

I’ll also focus on being a strong advocate for U.S. interests within ICANN. We need to ensure transparency and accountability in ICANN’s work. And in light of the implementation of the European General Data Privacy Regulation, or GDPR, we need to preserve lawful access to WHOIS data, which is a vital tool for the public.
In the coming weeks, I’ll be seeking out the views of stakeholders to understand how else NTIA can best serve American interests in these global Internet fora.

Could this be an allusion to the “panel of experts”? It’s unclear at this stage.
One of Redl’s first moves as NTIA chief was to slam ICANN for its lack of accountability concerning the shutdown of a review working group, but that was hardly a controversial point of view.
And in a letter to Senator Brian Schatz, the Democrat ranking member of the Senate Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, sent earlier this month, Redl expressed support for the multi-stakeholder model and wrote:

NTIA will be a strong advocate for US interests with the Governmental Advisory Committee of the Internet Cooperation [sic] for Assigned Names and Numbers (ICANN) in the existing post-transition IANA phase. NTIA will also monitor the [IANA operator] Public Technical Identifiers (PTI) and take action as necessary to ensure the security and stability of the DNS root.

That certainly suggests NTIA is happy to work in the new paradigm, while the promise to “take action as necessary” against PTI may raise eyebrows.
While a lot of this may seem ambiguous, my hunch is that there’s not really much appetite to reverse the IANA transition. Apart from appeasing Cruz’s demons, what could possibly be gained?
Ross, quizzed by Cruz at his own confirmation hearing a year ago, seemed reluctant to commit to such a move.

New Trump appointee slams ICANN after security group shutdown

Not even a month into the job, the US official with most direct responsibility over domain name policy has criticized ICANN for shutting down a security working group.
David Redl, the new assistant secretary at the National Telecommunications and Information Administration, wrote to ICANN (pdf) last week to complain about its board unilaterally shutting down, temporarily, its supposedly independent Security, Stability and Resiliency of the DNS Review team.
He wrote that the action “calls into question” ICANN’s commitment to transparency and accountability, writing:

Everything documented to date about these reviews stresses the importance of openness, transparency and community consultation. Unfortunately, it seems that with the October 28th action, the ICANN Board violated these principles by substituting its judgement for that of the community.

SSR-2, as it is known, is one of the reviews previously mandated by ICANN’s Affirmation of Commitments with the US government (via the NTIA) but which can now be found instead embedded in its bylaws.
The ICANN board of directors temporarily suspended it in October, something like a soft reboot, after growing concerned that it was stepping outside of its mandate and that its members lacked expertise.
The move attracted broad criticism and it would be disingenuous of me to suggest that Redl’s position is a controversial one — you’d be hard pressed to find any section of the community that wholeheartedly supports the board’s action.
Indeed, the US representative to the Governmental Advisory Committee voiced similar concerns at the ICANN meeting in Abu Dhabi in late October, prior to Redl’s confirmation to the NTIA job.
Redl took the post November 21, having been nominated by Donald Trump back in May, replacing Obama appointee Larry Strickling, who left the agency in January.
He’s the first NTIA chief since ICANN’s inception not to enjoy the special position of power over ICANN granted by the old IANA contract, which was scrapped in September 2016.

Davies named new IANA boss

Kim Davies has been named the new head of IANA.
ICANN said today that he’s been promoted from his role as director of technical services to VP of IANA services and president of Public Technical Identifiers, the company that manages the IANA functions.
With ICANN since 2005, he replaces Elise Gerich, who announced her departure, originally scheduled for October, back in April.
Gerich has been IANA’s top staffer since 2010 and was PTI’s first president.
IANA is responsible for overseeing the top-level domain database, as well as the allocation of IP address blocks and protocol numbers.
Starting January 1, Davies will be in the top spot when ICANN executes the first-ever rollover of the root system’s most important DNSSEC keys, due to delays.

US “threatens” Costa Rica over Pirate Bay domains

The US government has been threatening to “close down” Costa Rica’s .cr registry over its refusal to take down a Pirate Bay domain name, according to the registry.
Representatives of the US embassy in Costa Rica have been badgering NIC.cr to take down thepiratebay.cr since 2015, according to a letter from Pedro León Azofeifa, president of Academia Nacional de Ciencias, which runs the registry.
The letter claims:

These interactions with the United States Embassy have escalated with time and include great pressure since 2016 that is exemplified by several phone calls, emails and meetings urging our ccTLD to take down the domain, even though this would go against our domain name policies

According to the letter, a US official “has mentioned threats to close our registry, with repeated harassment regarding our practices and operation policies and even personal negative comments directed to our Executive Director”.
The letter was sent to the chair of ICANN’s Governmental Advisory Committee 10 days ago, CC’d to senior ICANN, Costa Rican and US governmental figures, and has been circulated this week in the Latin American domain name community.
The form of the alleged threats to close the registry is not clear, but it should be noted that prior to October 1 last year the US Department of Commerce, via its now-relinquished oversight of ICANN, played a key role in the administration of the DNS root zone.
The Pirate Bay is of course a popular directory of BitTorrent links largely used to disseminate pirated copies of movies and music, much of it American-made.
The site has been TLD-hopping for years, as registries around the world shut down its domains for violations of their own local rules. It has been live on thepiratebay.cr since December 2014, when its Swedish operation was shut down by authorities.
The NIC.cr letter says that its own policies follow international “best practices” and allow it to take down domains when presented with a Costa Rican court order, but that “the pressure and harassment [from the US] to take down the domain name without its proper process and local court order persists”.
The US Department of Commerce even pressured its Costa Rican counterpart to investigate NIC.cr, but that probe concluded that the registry was acting within its procedures, according to the letter.
It’s not the first attempt to get rid of the Pirate Bay this year.
Public Interest Registry in February announced a “UDRP for copyright” proposal that would allow copyright holders to have piracy disputes heard by independent arbitrators. It looked like a way to get unloved thepiratebay.org domain taken down without PIR having to take unilateral action.
That proposal was shelved after an outcry from the industry and civil rights watchdogs.
In April, one of the Pirate Bay’s founders launched a piracy-friendly domain registration service.
Just this week, the European Court of Justice ruled, after seven years of legal fights, that the Pirate Bay infringes copyright, raising the possibility of the site being blocked in more European countries.
The NIC.cr letter is dated June 6. It has not yet been published by ICANN or the GAC.