This is how stupid the GAC’s new gTLDs advice is (part two)

When Donuts and ICANN signed a new gTLD contract for .游戏, on a stage in front of hundreds of people at ICANN 47 this morning, it made a mockery of the relationship between ICANN and the GAC.
游戏 is the Chinese for “game” or “games”. It was an uncontested application with no objections and, importantly, no Governmental Advisory Committee advice standing in its way.
Donuts got lucky. The six companies that have applied for .game or .games in English are all currently prohibited from entering into contract negotiations with ICANN because they did receive GAC advice.
When the GAC drafted its “Advice on New gTLDs” in Beijing three months ago, it included a long but “non-exhaustive” set of strings that it said needed extra “safeguards” on security and community support.
ICANN has called these strings the “Category 1” list. It’s already been the subject of some strong discussion with the GAC at the meeting in Durban, which kicked off over the weekend.
So was it the GAC’s intention with Category 1 to introduce a language bias into the new gTLD program? Did it intend to give Chinese-script strings special privileges over ASCII-based languages?
If there was a sensible rationale for including .game/.games on the Category 1 list, why didn’t it apply to .游戏?
Or did the GAC simply not give its Beijing advice the care and attention it deserved?
Based on sessions in Durban over the weekend, the latter explanation appears to be closer to the truth.
“Vague and unimplementable”
At session between the GAC and ICANN’s board-level New gTLD Program Committee yesterday, the GAC heard in the strongest terms (within the bounds of polite discourse) how silly its Beijing advice was.
The session kicked off with NGPC member Chris Disspain delivering a witheringly but necessarily blunt assessment of the “Category 1” list and the associated safeguards.
He first noted that ICANN already rejected the GAC’s advice to make certain strings mandatory “community” gTLDs — something that would have had the same effect as the Beijing advice — back in 2011.
The GAC Early Warning system was introduced instead, he said, to give governments the ability to work with or object to applicants for specific strings that they were worried about.
Disspain continued with a catalog of criticisms against the Category 1 advice:

The difficulties we see at the moment are that the categories of strings are broad and undefined. There’s no principled basis for distinguishing certain categories and strings.
Generic terms are in the same category as highly regulated industries. Some strings have segments that are both licensed and unlicensed.
It’s difficult to determine relevant regulatory agencies and self-regulatory organizations. Some strings refer to industries that may be sensitive or regulated in a single or a few jurisdictions only.
The safeguard advice items three to eight create obligations that are vague and unimplementable.
And these are the outcomes that we sought to avoid when we rejected the advice in the first place. And we agreed to put in place the Early Warning system so that governments could deal directly with applicants if they had issues with the string.

He received some push-back from GAC members, some of whom — insisting that the Beijing communique was well-considered and easily understood — appear to be in denial.
“In the end, you should come with us, trying to implement,” the member for Italy said. “Because I’m sure that you well understood the meaning of this Annex 1.”
In response, Disspain reiterated that the NGPC really doesn’t understand what the GAC wants and really doesn’t understand how it came up with the Category 1 list in the first place.
“We’re unclear how we could implement at all some pieces of the advice,” he said. “The issue for us is not so much that there could be other names that could be added to the list but rather there are names that appear on the list that we don’t understand why they’re there in the first place.”
Now what?
Impasse thus reached, much of the discussion during the hour-long session focused on ways to potentially move the process forward, with participants acknowledging they’re in “uncharted territory”.
Switzerland suggested — contrary to what is plainly spelled out in the Applicant Guidebook, which asks the GAC to comment on specific applications — that the GAC didn’t think that its job was to come up with a definitive list of worrying strings. He said:

Initially, we did not think that it’s the task of the GAC to put together a finite list of sensitive strings, but we have been informed that it would be helpful to come up with concrete names.
So don’t take this list as a list that has been worked out over months and years and every TLD has been tested. These are examples, as we identified it in a rather short time.
There might be a few names that are not on the list that you could easily also add. There are some inconsistencies in that sense. But this is not meant to be a finite, absolute list.

The UK rep said he was disappointed with the “negative” tone of the NGPC’s response to the safeguard advice, but also suggested that the next step might be to come up with a proper list of strings.
“I think the next step forward is for the committee to try and prepare a first draft list for consultation with the whole community,” he said. “And we, the governments, we could obviously seize the opportunity to contribute to that consultation.”
The European Commission provided a statement that its representative said represented the views of EU states on the GAC. The statement said that the Beijing list should be an “at-minimum” list.

European GAC members consider the role of the GAC in this discussion is to provide high-level clarifications regarding the Beijing GAC advice rather than precise implementation means.
We would also like to note that the list of sensitive strings provided in the Beijing communique is a non-exhaustive one… meaning the list should be considered an at-minimum list.

What does this all mean for applicants?
Based on yesterday’s hour-long discussion, ICANN can surely be no closer to understanding which applications are affected by the GAC advice and presumably still doesn’t have a clue what some of it means.
This afternoon, during another session in Durban, program manager Christine Willett said that ICANN is using the Category 1 list published in Beijing when deciding which applicants can be contracted with.
“The NGPC is still considering the Category 1 advice and we have no direction or indication from them yet that a definitive list will be created,” she said.
I can’t see it being resolved this week, and inter-sessional meetings are very rare, so we could now be looking at Buenos Aires — November — before any of this gets sorted out.
For applicants who were — it now seems — selected at random to appear on the Beijing list, they’re facing months more delay while applicants that were not included are free to sign registry contracts today.
Is this fair?
Is it fair to allow applicants that were inexplicably excluded from the GAC’s Beijing list to go ahead and contract with ICANN, while others that were inexplicably included are delayed by many more months?
Is it fair that some applications will get bumped up the queue to delegation just because the GAC didn’t spend enough time thinking about its task?
How can ICANN be certain at contracting that any application is free of GAC advice, when the GAC has made it clear that it expects its list of strings to grow?
I asked ICANN CEO Fadi Chehade some of these questions during a press conference this afternoon and he pointed out that there are mechanisms in place in the Registry Agreement to allow future GAC advice to be addressed.
If it indeed the case that Donuts, for example, might have to add some safeguard commitments to its already signed .游戏 contract, why prevent the .game and .games applicants from signing contracts too?
Wouldn’t it be fairer to delay all new gTLD applications, or none at all, rather than relying on a list of strings we now know definitively to be ad hoc and unreliable?

ICANN says Article 29 letter does not give EU registrars privacy opt-out

Registrars based in the European Union won’t immediately be able to opt out of “illegal” data retention provisions in the new 2013 Registrar Accreditation Agreement, according to ICANN.
ICANN VP Cyrus Namazi on Saturday told the Governmental Advisory Committee that a recent letter from the Article 29 Working Party, which comprises the data protection authorities of EU member states, is “not a legal authority”.
Article 29 told ICANN last month that the RAA’s provisions requiring registrars to hold registrant data for two years after the domain expires were “illegal”.
While the RAA allows registrars to opt out of clauses that would be illegal for them to comply with, they can only do so with the confirmation of an adequate legal opinion.
The Article 29 letter was designed to give EU registrars that legal opinion across the board.
But according to Namazi, the letter does not meet the test. In response to a question from the Netherlands, he told the GAC:

We accept it from being an authority, but it’s not a legal authority, is our interpretation of it. That it actually has not been adopted into legislation by the EU. When and if it becomes adopted then of course there are certain steps to ensure that our contracted parties are in line with — in compliance with it. But we look at them as an authority but not a legal authority at this stage.

It seems that when the privacy watchdogs of the entire European Union tell ICANN that it is in violation of EU privacy law, that’s not taken as an indication that it is in fact in violation of EU privacy law.
The European Commission representative on the GAC expressed concern about this development during Saturday’s session, which took place at ICANN 47 in Durban, South Africa.

First new gTLD contracts signed

Donuts, an ARI Registry Services subsdiary and CORE this morning became the first new gTLD applicants to sign registry contracts with ICANN.
The ceremonial signing took place live on stage at the opening ceremony of ICANN 47, the week-long public meeting in Durban, South Africa.
ARI CEO Adrian Kinderis signed on behalf of شبكة. applicant International Domain Registry. The string is Arabic for “.web” and transliterates as “.shabaka”. It is 3 in the program’s evaluation queue.
In an ARI press release, Go Daddy CEO Blake Irving confirmed that Go Daddy will carry .shabaka.
Donuts CEO Paul Stahura signed for .游戏, the Chinese-language “.games”, which had prioritization number 40.
It was not immediately clear which contracts Iliya Bazlyankov, chair of CORE’s executive committee, signed. CORE has applied for three internationalized domain name gTLDs with high priority numbers.
(UPDATE: Bazlyankov has been in touch to say: “We signed the .сайт (site) and .онлайн (online) contracts which had numbers 6 and 9 in the priority”.)
Representatives of Go Daddy, MarkMonitor, Momentous, Mailclub and African registrar Kheweul.com also joined ICANN CEO Fadi Chehade on stage to sign the 2013 Registrar Accreditation Agreement.
The event marks the beginning of the contract signing phase of the new gTLD program, an important milestone.
For applicants without outstanding objections, contention or Governmental Advisory Committee advice, signing a contract means only pre-delegation testing and the final transition to delegation remains.

86 passes and two failures in this week’s new gTLDs

ICANN has just published this week’s batch of new gTLD Initial Evaluation results, revealing 86 passing scores and two applications that must go to Extended Evaluation.
The two failures are .ged and .bcg.
The .ged bid, which is intended to represent General Educational Development, was filed by a joint venture of the American Council on Education and the big publisher Pearson.
It’s the first example of an application to receive passing scores on both its financial and technical questions but to still require Extended Evaluation anyway.
The applicant had proposed a registry service related to internationalized domain names that gave the evaluation panels reason to believe a deeper evaluation was needed.
Uniquely so far, Extended Evaluation is likely to cost this applicant more money, due to the cost of a Registry Services Evaluation Panel.
Boston Consulting Group applied for .bcg as a dot-brand and failed because it scored a zero on its “Financial Statements” question, as most other IE failures have to date.
This weeks passing scores belong to these applications:

.redstone .institute .website .airtel .bestbuy .education .charity .shouji .alstom .multichoice .reit .bible .holiday .deutschepost .chrysler .terra .cam .inc .farm .cars .florist .financial .bet .design .cafe .sale .lundbeck .latino .iveco .inc .dodge .security .global .food .tradershotels .design .bond .zappos .rwe .commbank .landrover .house .cars .blog .fish .amazon .adult .wine .group .property .free .living .maserati .beauty .amsterdam .foodnetwork .broker .design .sucks .fans .tushu .discount .glass .fashion .search .school .linde .off .office .miami .trust .red .boats .immo .repair .dstv .claims .iinet .soccer .inc .mail .toshiba .law .love .suzuki .africa

There are now 730 applications still in Initial Evaluation. So far 1,092 have passed and 13 have failed.

Guest post: Pritz on policy vs implementation and the brother-in-law test

A current, important debate in internet governance and operation of the multi-stakeholder model asks: when do the bottom-up policy-making volunteers let go and when do the staff policy implementers take over?
Drawing that line to the satisfaction of everyone seems impossible. That is because there is no bright line — the development and implementation of policy is a task requiring the constant attention and cooperation of policy makers and implementation teams.
Is an ICANN action a policy position? Or is it a mere implementation detail? Labels almost never work, especially one-word labels. Since when are ICANN issues black or white?
We’ve stopped discussing the issues, it is easier to discuss the labels: is it “policy” or “implementation”?
The multi-stakeholder model depends on communication, consideration and collaboration
ICANN has a rich history of its stakeholders butting heads with the Board and both butting heads with the staff: long lines at microphones, speaking in hyperbole, and wringing of hands that the multi-stakeholder model has failed. ICANN also has a rich history of staff-stakeholder collaboration in the formulation of policy and in the implementation of policy.
The initial Inter-Registrar Transfer Policy was little more than a framework. Then a team of ICANN staff and TLD registry operators met over a period of months and developed the implementation model. It really didn’t matter where the policy making ended and the implementation started. There was a resolve that there should be an easy-to-follow way for registrants to transfer names and there was teamwork to get that accomplished.
There are parallels in the “real” world. In 1990, the United States enacted the American with Disabilities Act (ADA). The ADA itself was little more than a framework also: American employers should make “reasonable accommodation” for those with a “disability.” What was a reasonable accommodation? And what qualified as a disability?
Over a period of many years, those questions have been answered through a series of many court cases and regulations. But in 1990 employers were trying to figure that out.
At the time, we worked on developing clear criteria that would let our employees know what was covered by the ADA. After failing at that, we developed an approach to treat employees as you would your brother-in-law. You are deferential to your brother-in-law (because you have to face your sister) but not totally deferential (after all, he is making love to her). You just treat him better than the letter of the law requires.
So when your employee comes up to you and asks for better lighting at his workstation, you don’t try to parse whether you are required to accommodate near-sighted employees. You say, this is my brother-in-law, and I will listen to his request and carefully consider it.
This is how a public participation model works. The stakeholders are not strangers to one another and the model only works if there is mutual trust and respect.
If someone says, “I want to be heard,” she is generally listened to. (That doesn’t mean discussion is never ending. If that same person wants to be heard again, and says the same thing without change, she will be disregarded. If she continually repeats the same demand and content, she will be shunned.)
Policy versus Implementation should be Policy and Implementation
Take the example currently debated. There is a new gTLD policy element (approved in 2009) that states:

Strings must not infringe the existing legal rights of others that are recognized or enforceable under generally accepted and internationally recognized principles of law.

How does one implement that? The implementation of trademark rights protection mechanisms were developed after years of community/staff consultation, “implementability” studies, draft positions, memoranda describing potential solutions and the reasoning behind them, debate, and discussion.
When things were apparently settled, new parties joined the ICANN discussion — they were welcomed as were their opinions. ICANN was richer because there were new participants in the model. New implementation models were written. Finally, there was an indication the discussion was spent. The work was “said and done.”
Then, apparently, not all was said-and-done. After the gTLD program was launched, there were new suggestions and participants. ICANN decided to entertain those ideas. After a round of community feedback, a subset of the new suggestions was recommended by ICANN for inclusion into the implementation plan for new gTLDs.
ICANN’s policy makers, the GNSO, weighed in, agreeing with many of the conclusions but picking one of the recommendations and saying, “we’d like to talk a bit more about this one because we don’t fully understand its implications and effects.” (Unfortunately, the GNSO didn’t say exactly that, it sounded more to me like, “this item is policy and therefore it cannot be implemented without our consensus opinion.”)
Now, if my brother-in-law says he wants to talk about something some more, even if he doesn’t give a good reason, I am ready to indulge him. But ICANN did not indulge the GNSO. Now, we are in a policy versus implementation discussion: what work is the province of policy makers, and the province of implementers? The GNSO is considering ICANN Bylaw changes to ensure they are heeded.
Bylaw changes are not the lynchpin to multi-stakeholder model success. Putting rules in place for how and when to listen never work. There will always be exceptions. (Another whole piece can be written on how the rules governing communications between ICANN and its Governmental Advisory Committee have failed to facilitate the success of the multi-stakeholder model.)
Processes and procedures (as they are currently described in the Bylaws) are important. We must have clear rules for creation of consensus policy, with timelines and borders to ensure that issues are addressed and rights are respected.
But the operation of the multi-stakeholder model is more complicated than following those processes. The success of the model depends on the mutual trust and respect of the participants, and the ability to actively listen and to understand what is meant, even if that is not exactly what is said.
Rather than create new rules or discuss how one side can prevent the other from abusing its position, the volunteers, staff and Board should look inwardly to improve its own listening and communicating.
You’re my brother-in-law. I am ready (more than ready) to disagree with you, but first I am going to listen to what you have to say.
This is a guest post written by Kurt Pritz, ICANN’s former chief strategy officer. He is currently an independent consultant working with new gTLD applicants and others.

Donuts beats dot-brand in fight over .express gTLD

Donuts has prevailed in the first big dust-up between a portfolio gTLD applicant and a dot-brand hopeful.
The World Intellectual Property Organization today published its decision (pdf) in the Legal Rights Objection filed by a clothing retailer called Express over the .express gTLD.
The ruling could have a big impact on future rounds of the new gTLD program, possibly giving rise to an influx of defensive, generic-word dot-brand applications.
Both Express and Donuts have applied for .express. They’re the only two applicants for the string.
Express runs about 600 stores in the US and elsewhere and has had a trademark on its name since 1979. Donuts, as with all of its 307 original applications, wants to run .express as an open gTLD.
Express argued in its LRO that a Donuts-run .express would severely damage its brand, saying:

Should applicants for new TLDs be able to operate unrestricted TLDs represented by generic words which are also extremely well known brands, billions of dollars of goodwill will be wiped out in a TLD heartbeat.

Donuts, in its response, pointed out that there are thousands of uses of the word “express” in trademarks and other contexts, and even produced a survey that it said showed only 8% of fashionistas even associate the word with the brand.
The WIPO panelist, after what appears to have been something of a crisis moment of wondering what the hell ICANN was thinking when it designed the LRO, sided with Donuts. He said:

The Panel ultimately decides that the trademark owner (Complainant) should not be able to prevent adoption by the applicant (Respondent) of the applied-for gTLD <.express> in the particular context presented here. While Complainant certainly owns rights in the EXPRESS trademark for use in connection with apparel and fashion accessories, and while that trademark is reasonably well known among a relevant segment of consumers in the United States, there are so many common usages of the term “express” that it is not reasonable to foreclose its use by Respondent as a gTLD.

He follows up with a few sentences that should give owners of dictionary-word trademarks reason to be worried.

The Panel recognizes that, should Respondent successfully secure the gTLD, Complainant may be required to address potential Internet user confusion in the commercial marketplace for its products based on the registration (or attempted registration) of certain second level domains. However, Complainant faces this risk because it adopted a common word in the English language for its trademark. Moreover, Complainant has applied for the identical <.express> string as a gTLD in competition with Respondent. Ultimately, the parties may well end up in an auction contest for the gTLD. This is not Complainant’s last chance to secure its trademark as a gTLD.

In other words, Express can either pay ICANN or Donuts a bunch of cash at auction to get its dot-brand, or it can let Donuts win and spend a bunch of cash on defensive registrations and UDRP/URS complaints. Not a great result for Express either way.
The panelist takes 10 pages of his 26-page decision to explain his deliberations, but it basically boils down to this: Express’ trademark is too generic to give the company exclusivity over the word.
It’s hard to disagree with his reasoning.
If subsequent LROs go the same way, and I suspect they will, then it will quickly become clear that the only way to guarantee nobody else gets your dictionary-word brand as a gTLD will be to apply for it yourself and fight it all the way to auction.

IAB gives dotless domains the thumbs down

The Internet Architecture Board believes dotless domain names would be “inherently harmful to Internet security.”
The IAB, the oversight committee which is to internet technical standards what ICANN is to domain names, weighed into the debate with an article apparently published yesterday.
In it, the committee states that over time dotless domains have evolved to be used only on local networks, rather than the internet, and that to start delegating them at the top level of the DNS would be dangerous:

most users entering single-label names want them to be resolved in a local context, and they do not expect a single name to refer to a TLD. The behavior is specified within a succession of standards track documents developed over several decades, and is now implemented by hundreds of millions of Internet hosts.
…
By attempting to change expected behavior, dotless domains introduce potential security vulnerabilities. These include causing traffic intended for local services to be directed onto the global Internet (and vice-versa), which can enable a number of attacks, including theft of credentials and cookies, cross-site scripting attacks, etc. As a result, the deployment of dotless domains has the potential to cause significant harm to the security of the Internet

The article also says (if I understand correctly) that it’s okay for browsers to interpret words entered into address bars without dots as local resources and/or search terms rather than domain names.
It’s pretty unequivocal that dotless domains would be Bad.
The article was written because there’s currently a lot of talk about new gTLD applicants — such as Google, Donuts and Uniregistry — asking ICANN to allow them to run their TLDs without dots.
There’s a ban in the Applicant Guidebook on the “apex A records” that would be required to make dotless TLDs work, but it’s been suggested that applicants could apply to have the ban lifted on a case by case basis.
More recently, ICANN’s Security and Stability Advisory Committee has stated almost as unequivocally as the IAB that dotless domains should not be allowed.
But for some reason ICANN recently commissioned a security company to look into the issue.
This seems to have made some people, such as the At Large Advisory Committee, worried that ICANN is looking for some wiggle room to give its new gTLD paymasters what they want.
Alternatively, ICANN may just be looking for a second opinion to wave in the faces of new gTLD registries when it tells them to take a hike. It was quite vague about its motives.
It’s not just a technical issue, of course. Dotless TLDs would shake up the web search market in a big way, and not necessarily for the better.
Donuts CEO Paul Stahura today published an article on CircleID that makes the case that it is the browser makers, specifically Microsoft, that are implementing DNS all wrong, and that they’re objecting to dotless domains for competitive reasons. The IAB apparently disagrees, but it’s an interesting counterpoint nevertheless.

First three new gTLD objections thrown out

Three objections against new gTLD applications have been thrown out by the World Intellectual Property Organization, two of them on the basis that they were blatant attempts to game the system.
The objections were all Legal Rights Objections. Essentially, they’re attempts by the objectors to show that for ICANN to approve the gTLD would infringe their existing trademark rights.
The applications being objected to were Google’s .home, SC Johnson’s .rightathome and Vipspace Enterprises .vip.
The decisions are of course completely unprecedented. No LROs have ever been decided before.
Let’s look at each in turn.
Google’s .home
The objector here was Defender Security Company, a home security company, which has also applied for .home and has objected to nine of its competitors for the string.
Basically, the objection was thrown out (pdf) because it was a transparent attempt to game the trademark system in order to secure a potentially lucrative gTLD.
Defender appears to have bought the application, along with associated companies, domains, social media accounts and trademarks, from CGR E-Commerce, a company owned by .music applicant Constantine Roussos.
The panelist in the case apparently doesn’t have a DomainTools subscription and couldn’t make the Roussos link from historical Whois records, but it’s plain to see for those who do.
The case was brought on the basis of a European Community trademark on the term “.home”, applied for in December 2011, just a few weeks before ICANN opened the new gTLD application window, and a US trademark on “true.home” applied for a few months later.
The objector also owned dothome.net, one of many throwaway Go Daddy domain name resellers Roussos set up in late 2011 in order to assert prior rights to TLDs he planned to apply for.
The panelist saw through all the nonsense and rejected the objection due to lack of standing.
Here’s the money quote:

The attempted acquisition of trademark rights appears to have been undertaken to create a basis for filing the Objection, or defending an application. There appears to have been no attempt to acquire rights in or use any marks until after the New gTLD Program had been announced, specifically two weeks before the period to file applications for new gTLDs was to open.

For the EC trademark, lack of standing was found because Defender didn’t present any evidence that it actually owned the company, DotHome Ltd, that owned the trademark.
For the US trademark, which is still not registered, the panelist seems to have relied upon UDRP precedent covering rights in unregistered trademarks in his decision to find lack of standing.
The panelist also briefly addresses the Applicant Guidebook criteria for LROs, although it appears he was not obliged to, and found Defender’s arguments lacking.
In summary, it’s a sane decision that appears to show that you can’t secure a gTLD with subterfuge and bogosity.
It’s not looking good for the other eight objections Defender has filed.
Vipspace Enterprises’ .vip
This is another competitive objection, filed by one .vip applicant against another.
The objector in this case is German outfit I-Registry, which has applied for four gTLDs. The respondent is Vipspace, which has only applied for .vip.
In this case, both companies have applied for trademarks, one filed one month before the other.
The panelist’s decision focuses, sanely again, on the generic nature of the string in question.
Because both trademarks were filed for the word “VIP” meaning “Very Important Person”, which is the intended meaning of both applications, it’s hard to see how either is a proper brand.
The panelist wrote (pdf):

while SOAP, for example, may be a perfectly satisfactory trade mark for cars, it cannot serve as a trade mark for the cleaning product “soap”.
…
While the parties have used the term, “VIP”, in various forms on their website to indicate the manner in which the term will be used if they are successful in being awarded the domain, there is nothing before the Panel (beyond mere assertion) to show that either of them has yet traded under their marks sufficiently to displace the primary descriptive meaning of the term and establish a brand or at all.

In other words, it’s a second case of a WIPO panelist deciding that getting, or applying for, a trademark is not enough to grant a company exclusive rights to a new gTLD string.
Sanity, again, prevails.
SC Johnson’s .rightathome
While it contains the word “home”, this is a completely unrelated case with a different objector and a different panelist.
The objector here was Right At Home, a Nebraska-based international provider of in-home elderly care services. The applicant is a subsidiary of the well-known cosmetics company SC Johnson, which uses “Right@Home” as a brand.
It appears that both objector and applicant have really good rights to the string in question, which makes the panelist’s decision all the more interesting.
The way the LRO is described in ICANN’s new gTLD Applicant Guidebook, there are eight criteria that must be weighed by the panelist.
In this case, the panelist does not provide a conclusion showing how the weighting was done, but rather discusses each point in turn and decides whether the evidence favors the objector or the applicant.
The applicant here won on five out of the eight criteria.
The fact that the two companies offer different products and/or services, accompanied by the fact that the phrase “Right At Home” is in use by other companies in addition to the complainant and respondent appears to have been critical in tipping the balance.
In short, the panelist appears to have decided (pdf) that because SC Johnson did not apply for .rightathome in bad faith, and because it’s unlikely internet users will think the gTLD belongs to Right At Home, the objection should be rejected.
I am not a lawyer, but it appears that the key takeaway from this case is that owning a legitimately obtained brand is not enough to win an LRO if you’re an objector and the new gTLD applicant operates in a different vertical.
This will worry many people.

Chehade joins Twitter

ICANN CEO Fadi Chehade now has his own Twitter account, the organization has confirmed.
Here he is, tweeting this morning:

Receive the best of our meeting in Durban sent directly to your email with the #myICANN platform. http://t.co/PRD7nBHPQw #ICANN47

— ICANN President (@icann_president) July 9, 2013

And here’s ICANN confirming it:

@DanielNegari @DomainIncite – Yes. That is Fadi's official twitter handle.

— ICANN (@ICANN) July 9, 2013

And here’s somebody who is definitely not Chehade, but is quite amusing anyway:

It's been a year since my selection as #ICANN CEO and I'm in a celebrating kind of mood. Anyone else need an engagement center?

— Shit Fadi Says (@ShitFadiSays) June 27, 2013

2013 RAA is illegal, says EU privacy watchdog

European privacy regulators have slammed the new 2013 Registrar Accreditation Agreement, saying it would be illegal for registrars based in the EU to comply with it.
The Article 29 Working Party, which comprises privacy regulators from the 27 European Union nations, had harsh words for the part of the contract that requires registrars to store data about registrants for two years after their domains expire.
In a letter (pdf) to ICANN last month, Article 29 states plainly that such provisions would be illegal in the EU:

The fact that these personal data can be useful for law enforcement does not legitimise the retention of these personal data after termination of the contract. Because there is no legal ground for the data processing, the proposed data retention requirement violates data protection law in Europe.

The 2013 RAA allows any registrar to opt out of the data retention provisions if it can prove that to comply would be illegal its own jurisdiction.
The Article 29 letter has been sent to act as blanket proof of this for all EU-based registrars, but it’s not yet clear if ICANN will treat it as such.
The letter goes on to sharply criticize ICANN for allowing itself to be used by governments (and big copyright interests) to circumvent their own legislative processes. It says:

The fact that these data may be useful for law enforcement (including copyright enforcement by private parties) does not equal a necessity to retain these data after termination of the contract.
…
the Working Party reiterates its strong objection to the introduction of data retention by means of a contract issued by a private corporation in order to facilitate (public) law enforcement.
If there is a pressing social need for specific collections of personal data to be available for law enforcement, and the proposed data retention is proportionate to the legitimate aim pursued, it is up to national governments to introduce legislation

So why is ICANN trying to get many of its registrars to break the law?
While it’s tempting to follow the Article 29 WP’s reasoning and blame law enforcement agencies and the Governmental Advisory Committee, which pushed for the new RAA to be created in the first place, the illegal data retention provisions appear to be entirely ICANN’s handiwork.
The original law enforcement demands (pdf) say registrars should “securely collect and store” data about registrants, but there’s no mention of the period for which it should be stored.
And while the GAC has expressly supported the LEA recommendations since 2010, it has always said that ICANN should comply with privacy laws in their implementation.
The GAC does not appear to have added any of its own recommendations relating to data retention.
ICANN can’t claim it was unaware that the new RAA might be illegal for some registrars either. The Article 29 WP told it so last September, causing ICANN to introduce the idea of exemptions.
However, the European Commission’s GAC representative then seemed to dismiss the WP’s concerns during ICANN’s public meeting in Toronto last October.
Perhaps ICANN was justifiably confused by these mixed messages.
According to Michele Neylon, chair of the Registrars Stakeholder Group, it has yet to respond to European registrars’ inquiries about the Article 29 letter, which was sent June 6.
“We hope that ICANN staff will take the letter into consideration, as it is clear that the data protection authorities do not want create extra work either for themselves or for registrars,” Neylon said.
“For European registrars, and non-European registrars with a customer base in the EU, we look forward to ICANN staff providing us with clarity on how we can deal with this matter and respect EU and national law,” he said.