NTIA alarmed as Verisign hints that it will not delegate new gTLDs

Verisign has escalated its war against competition by telling its government masters that it is not ready to add new gTLDs to the DNS root, raising eyebrows at NTIA.
The company told the US National Telecommunications and Information Administration in late May that the lack of uniform monitoring across the 13 root servers means it would put internet security and stability at risk to start delegating new gTLDs now.
In response, the NTIA told Verisign that its recent position on DNS security is “troubling”. It demanded confirmation that Verisign is not planning to block new gTLDs from being delegated.
The letters (pdf and pdf) were published by ICANN over the weekend, over two months after the first was sent.
Verisign senior VP Pat Kane wrote in the May letter:

we strongly believe certain issues have not been addressed and must be addressed before any root zone managers, including Verisign, are ready to implement the new gTLD Program.
We want to be clearly on record as reporting out this critical information to NTIA unequivocally as we believe a complete assessment of the critical issues remain unaddressed which left unremediated could jeopardize the security and stability of the DNS.
…
we strongly recommend that the previous advice related to this topic be implemented and the capability for root server system monitoring, instrumentation, and management capabilities be developed and operationalized prior to beginning delegations.

Kane’s concerns were first outlined by Verisign in its March 2013 open letter to ICANN, which also expressed serious worries about issues such as internal name collisions.
Verisign is so far the only root server operator to publicly express concerns about the lacking of coordinated monitoring, and many people believe that the company is simply desperately trying to delay competition for its $800 million .com business for as long as possible.
These people note that in early November 2012, Verisign signed a joint letter with ICANN and NTIA that said:

the Root Zone Partners are able to process at least 100 new TLDs per week and will commit the necessary resources to meet all root zone management volume increases associated with the new gTLD program

That letter was signed before NTIA stripped Verisign of its right to increase .com prices every year, depriving it of tens or hundreds of millions of dollars of additional revenue.
Some say that Verisign is raising spurious security concerns now purely because it’s worried about its bottom line.
NTIA is beginning to sound like one of these critics. In its response to the May 30 letter, sent by NTIA and published by ICANN on Saturday, deputy associate administrator Vernita Harris wrote:

NTIA and VeriSign have historically had a strong working relationship, but inconsistencies in VeriSign’s position in recent months are troubling… NTIA fully expects VeriSign to process change requests when it receives an authorization to delegate a new gTLD. So that there will be no doubt on this point, please provide me a written confirmation no later than August 16, 2013 that VeriSign will process change requests for the new gTLD program when authorized to delegate a new gTLD.

Harris said that a system is already in place that would allow the emergency rollback of the root zone, basically ‘un-delegating’ any gTLD that proves to cause a security or stability problem.
This would be “sufficient for the delegation of new gTLDs”, she wrote.
Could Verisign block new gTLDs?
It’s worth a reminder at this point that ICANN’s power over the DNS root is something of a facade.
Verisign, as operator of the master A root server, holds the technical keys to the kingdom. Under its NTIA contract, it only processes changes to the root — such as adding a TLD — when NTIA tells it to.
NTIA in practice merely passes on the recommendations of IANA, the department within ICANN that has the power to ask for changes to the root zone, also under contract with NTIA.
Verisign or NTIA in theory could refuse to delegate new gTLDs — recall that when .xxx was heading to the root the European Union asked NTIA to delay the delegation.
In practice, it seems unlikely that either party would stand in the way of new gTLDs at the root, but the Verisign rhetoric in recent months suggests that it is in no mood to play nicely.
To refuse to delegate gTLDs out of commercial best interests would be seen as irresponsible, however, and would likely put its role as custodian of the root at risk.
That said, if Verisign turns out to be the lone voice of sanity when it comes to DNS security, it is ICANN and NTIA that will ultimately look like they’re the irresponsible parties.
What’s next?
Verisign now has until August 16 to confirm that it will not make trouble. I expect it to do so under protest.
According to the NTIA, ICANN’s Root Server Stability Advisory Committee is currently working on two documents — RSSAC001 and RSSAC002 — that will outline “the parameters of the basis of an early warning system” that will address Verisign’s concerns about root server management.
These documents are likely to be published within weeks, according to the NTIA letter.
Meanwhile, we’re also waiting for the publication of Interisle Consulting’s independent report into the internal name collision issue, which is expected to recommend that gTLDs such as .corp and .home are put on hold. I’m expecting this to be published any day now.

Clean sweep for gTLD applicants as 91 pass

Ninety-one new gTLD applications passed Initial Evaluation this week, as ICANN enters the final month of results.
There were no failures to report. The following strings, with links to the relevant applicant on DI PRO, achieved passing scores:

.staples .gmo .hot .organic .degree .quebec .ricoh .guardian .hiphop .llp .ram .ieee .kpmg .obi .game .style .blackfriday .vlaanderen .tennis .baseball .afl .android .restaurant .sca .llc .rich .porn .gay .data .ink .nec .mzansimagic .moto .map .gap .zero .aarp .football .loans .schwarz .flsmidth .box .cloud .expert .stream .store .tunes .shopping .gmx .scot .tmall .dentist .live .app .tools .hair .ggee .bing .loans .video .golf .free .exposed .world .kerrylogisitics .llc .broker .coupons .eco .news .video .store .flights .comsec .inc .app .tours .abarth .edeka .locker .star .events .page .rent .financialaid .family .services .studio .honda .buy .click

There are now 1,377, passing applications and just 14 that are headed to Extended Evaluation.
With just 438 remaining in IE, ICANN remains on track to clean up the bulk of the process by the end of August as promised.
I expect there will be stragglers that do not receive their results until after the initial timeline is over, however, due to delays answering clarifying questions and such.

That’s all folks, no more LRO news

The results of Legal Rights Objections against new gTLD applications are no longer news.
That’s the decision handed down by the editor here at DI’s Global World International Headquarters today.
“Hey, Keith,” she barked from her ermine-carpeted corner office. “This LRO stuff is getting a bit old, don’t you think?”
“My name’s Kevin,” I said.
“Whatever,” she said. “LRO is now dog-bites-man. I decree it thus. No more of it, understand? Write more about Go Daddy girls.”
She has a point (she’s a great editor and I love her dearly).
The Legal Rights Objection has, I think, said pretty much everything it’s going to say in this new gTLD application round. I’m feeling pretty confident we can predict that all outstanding LROs will fail.
This prediction is based largely on the fact that the 69 LROs filed in this round all pretty much fall into three categories.

• Front-running. These are the cases where the objector is an applicant that secured a trademark on its chosen gTLD string, usually with the dot, just in order to game the LRO process. These have all been rejected so far. I thought Constantine Roussos’ .music objection was the only one with a sliver of a chance; now that it’s been rejected I think the chances of any outstanding objections of this type prevailing are zero.
• Brand v Brand. The objector may or may not be an applicant too, but both it and the respondent both own legit trademarks on the string in question. WIPO’s LRO panelists have made it clear, most recently yesterday in Merck v Merck (pdf) and Merck v Merck (pdf), that having a famous brand does not give you the right to block somebody else from owning a matching famous brand as a gTLD.
• Generic trademarks. Cases where an owner of a legit brand that matches a dictionary word files an objection against an applicant for the same string that proposes to use it in its generic sense. See Express v Donuts, for example. Panelists have found that unless there’s some nefarious intent by the applicant, the mandatory second-level rights protection mechanisms new gTLD registries must abide by are sufficient to protect trademark rights. As I don’t believe any applicants have a nefarious intent, I don’t believe any of these LROs will succeed.

In short, the LRO may be one of many deterrents to top-level cybersquatting, but has proven itself an essentially useless cash sink if you want to prevent the use of a trademark at the top level.
The impact of this, I believe, will be to give new gTLD consultants another excellent reason to push defensive gTLD applications on big brands in future new gTLD rounds.
Whether it will inspire unsavory types to apply for generic terms in future, in order to extort money from matching brands, will depend to a large extent on whether applicants in this round wind up making lucrative deals with the brands they’re competing against.
In any event, it seems certain that the LRO-to-application ratio will be far lower in future rounds.
DI will of course continue to peruse each new LRO as it is published and will report on any genuinely interesting developments, but we will not cover each decision as a matter of course.
Decisions are published by WIPO daily here and email notifications are sent along with WIPO’s daily UDRP newsletter.
Information about Go Daddy girls can, from now on, be found here.

ICANN to crack down on UDRP “cyberflight”

ICANN has moved closer to cracking down on cybersquatters who try to flip their domains when they discover they’ve been hit with a UDRP complaint.
Under recommendations approved by the GNSO Council yesterday, registrars would be bound by a much stricter set of UDRP-related domain locking rules in future.
So-called “cyberflight” — where squatters transfer their domains to a new registrar or registrants — appears to be a relatively infrequent problem, but when it does happen it causes big headaches for UDRP providers and trademark owners.
A survey of UDRP providers carried out as part of the GNSO’s policy development process discovered that the vast majority of registrars already lock domains hit by UDRP.
The problem is, they said, that locking practices are not uniform. Some registrars take well over a week to lock domains, and what the “lock” entails differs by registrar.
The recommendations of the GNSO’s Final Report on the Locking of a Domain Name Subject to UDRP Proceedings Policy Development Process, adopted by the Council yesterday, seek to standardize the process.
After being told about a complaint against one of its domains, the registrar in future would have a maximum of two business days to put a lock — preventing any changes in registrant or registrar — in place.
The lock would remain until the UDRP was resolved, but there would be various safeguards in place to enable complainants and respondents to settle their differences outside of the UDRP.
The lock would not prevent registrars or proxy/privacy services revealing the true identity of the registrant — that wouldn’t count as a change of registrant.
To prevent registrants abusing the two-day window to sell their domains or switch registrars, they would not be told about the existence of the UDRP until the domain had been locked.
The UDRP rules currently require the complainant to send a copy of their complaint to the domain owner at the same time it is filed with the UDRP provider.
But the GNSO has now recommended getting rid of this rule, stating: “as a best practice, complainants need not inform respondents that a complaint has been filed to avoid cyberflight.”
The registrant would be informed later by the UDRP provider instead.
Registrars would be prohibited from tipping off the registrant until the lock was in place.
The July 2013 recommendations (pdf) came out of a working group that was formed in April 2012, in response to policy ideas floated in 2011.
The GNSO’s resolution calls for ICANN staff to work with members of the working group on an implementation plan, which would eventually be put to the ICANN board for approval.
Once through the board, the new policy would become binding on all ICANN-accredited registrars.

New gTLD revenue projections revealed in leaked Famous Four presentation

Famous Four Media expects to make an average of almost $30 million revenue in year one from each of the new gTLDs it secures.
That’s according to a PowerPoint presentation (pdf), written for potential investors, that was provided by an anonymous source (I suspect not a fan of the company) to DI this week.
According to the presentation, “potential year 1 revenues for an average Registry” could amount to $28.4 million, the vast majority of which would come from sunrise, landrush and premium domain sales.
The presentation, dated June 2013, was prepared by Domain Venture Partners, the immediate parent of the 60 shell companies that Famous Four is using to apply for its 60 gTLDs.
The company was unable to provide an executive to discuss this story until August 14.
But according to the PowerPoint, the Domain Venture Partners II fund is an investment vehicle set up to “bridge the gap” in Famous Four’s funding requirements:

Domain Venture Partners II shall provide a unique structured regulated investment opportunity to participate in the new gTLD programme to provide secured fixed annual returns along with additional venture type returns at a time in the process where most of the major risks have been removed.

DVP is looking to raise up to $400 million, having raised £48.3 million ($73.2 million) in 2011 via the Domain Venture Partners I fund, it says. The current round opened in March and is expected to close in November.
Famous Four has applied for 60 gTLDs — mostly highly sought-after strings such as .poker, .music, .shop, .search and .buy — 10 of which were initially uncontested.
According to the presentation, landrush period auctions would account for about a third of year-one revenue in each gTLD: $9.7 million. That’s based on selling 45,697 domains for an average price of $213.34.
Revenue from trademark owners is the second-largest chunk. An average sunrise period could raise $6.9 million, assuming 39,679 domains at an average of $173.5 each, according to the PowerPoint.
Sales of regular domains during the first first year of general availability could raise $4.1 million, based on 225,759 registrations at $18.47 apiece, the presentation says.
Here’s the full slide, one of 33 in the deck:

The presentation says that the projections are “based on historical data points established by the existing operational gTLD Registries”, adding:

The figures are averages and therefore would represent projections for a standard gTLD Registry. Potential year 1 revenues for specific Registries may be below or above this average.

Some of the numbers strike me as optimistic. While the likes of .asia and .mobi may have seen these registration volumes due to the novelty and scarcity of new gTLD namespaces, my feeling is that those days are over.
The new gTLD program is likely to see scores of overlapping sunrise and landrush periods; it’s difficult to see registries benefiting from the same focus and excitement as their predecessors.
There’s a limited amount of domainer capital to spread around landrush sales and trademark owners are likely to be much more selective about where they defensively register their brands in a world of 1,300 gTLDs.
That said, Famous Four has applied for some of the nicest strings in the round so I may be wrong.
An appendix to the presentation discussing the first DVP funding round says that while Famous Four hopes to sign contracts for 30 new gTLDs, it has only secured 32% of the money it is looking for.
Securing investment appears to have been tough due in part to the complexity of the ICANN process and investors’ lack of familiarity with it, which looks like risk. It also says:

The costs associated with applications in the new gTLD have increased, the financial strength of most applicants has been reduced and the knowledge barrier to entry is too high to interest large standard venture investors.

Famous Four’s business model is based around consolidation and keeping costs down, according to the pitch. For the most part, this is due to the economies of scale of running a large number of TLDs.
With Neustar as its back-end provider, Famous Four says it has found the “lowest fees in the industry”.
But the model also involves keeping tax to a minimum. Famous Four is based in Gibraltar, where it says it will pay no tax on domain sales:

FFM is operating in a fiscal environment that has multiple advantages over others in the industry. Domain names sales are treated as royalty income which is currently zero rated in Gibraltar. This would result in an instant bottom line gain.

There’s a strong suggestion in the presentation that DVPII is not limiting its ambitions to the new gTLDs it has applied for.
It also seems to discuss acquiring other applicants and ccTLD rights, then bringing them into the Famous Four fold, but the plan was not completely clear to me and executives were unavailable for clarification.

DotMusic loses LRO, and four other cases rejected

Constantine Roussos has lost his first Legal Rights Objection over the flagship .music gTLD.
The case, DotMusic v Charleston Road Registry (pdf) was actually thrown out on a technicality — DotMusic didn’t present any evidence to show that it was the owner of the trademarks in question.
But the WIPO panelist handling the case made it pretty clear that DotMusic wouldn’t have won on the merits anyway.
If any applicant can be said to have built a brand around a proposed generic-term gTLD, it’s Roussos. DotMusic has been promoting .music on social media an in the music industry for years.
The company also owns the string “music” in a number of second-tier TLDs such as .co, .biz and .fm.
It’s not a bogus, last-minute attempt to game the system, like the .home cases — filed using Roussos-acquired trademarks — that have been thrown out repeatedly over the last couple of weeks.
The panelist addressed this directly:

On the one hand, the Panel recognizes that there has been a real investment by the Objector and associated parties in the trademark registrations, domain name registrations, sponsorship and branding to create consumer recognition and goodwill entitled to protection. On the other hand, there is a circularity in the Objector’s position in that the rights upon which the Objector relies to defeat the application are to a certain extent conditional on the defeat of the Applicant and the Objector’s success in obtaining the <.music> gTLD string.

In other words, Catch-22.
The panelist decided that .music is generic, that Google’s proposed use of it is generic, and that obtaining a trademark on a gTLD should not be a legit way to exclude rival applicants for that gTLD.

One objective of the Objector has been to obtain precisely the type of competitive advantage (in this case in the application process for the <.music> gTLD string) that the doctrine of generic names is designed to prevent. However, as the Applicant proposes to use the <.music> gTLD string in a generic sense it is immune from this challenge.

On that basis, the LRO would have failed, had DotMusic managed to demonstrate standing to object in the first place.
Unfortunately, DotMusic didn’t present any evidence that it actually owned the trademarks in question, which were applied for by Roussos and assigned to his company CGR E-Commerce.
The objection failed on that basis.
Defender Security, which obtained trademarks on “.home” from Roussos, ran into the same problems proving ownership of the trademarks in its LROs on the .home gTLD.
Four other LROs were decided this week:
.mail (United States Postal Service v. GMO Registry)
The case (pdf) turned on whether USPS owns a trademark that exactly matches the applied-for string (it doesn’t) and whether the word “mail” should be considered generic (it is) rather than a source identifier (it isn’t).
It’s pretty much the same logic applied in the two previous .mail LROs.
.food (Scripps Networks Interactive v. Dot Food, LLC)
This is the first of two competitive LROs filed by Scripps — which runs TV stations including the Food Network — against its .food applicant rivals to be decided.
Scripps has a bunch of trademarks containing the word “food”, including a November 2011 registration in the US for “Food” alone, covering entertainment services.
The WIPO panelist found (pdf) that the trademark was legit, but decided that it was not enough to prevent Dot Food using the matching string as a gTLD.
The fact that rights protection mechanisms exist in the new gTLD program was key:

to the extent that registration and use of a particular second-level domain within the <.food> gTLD actually creates a likelihood of confusion, then Objector will have remedies available to it, including the established Uniform Domain Name Dispute Resolution Policy, the forthcoming Uniform Rapid Suspension System and relevant laws. The fact that such disputes at the second level may arise is inherent in ICANN’s new gTLD program and is not in the circumstances of this case sufficient to uphold the present legal rights objection.
Objector’s rights in the FOOD mark do not confer upon it the exclusive right to use of the word “food” in all circumstances, particularly where, as here, Applicant intends to use the <.food> gTLD in connection with the food industry. Such intended use of the word would appear to be only for its dictionary meaning and not because of Objector’s trademark rights.

.vip (i-Registry v. Charleston Road Registry)
It’s the second objection by .vip applicant to get thrown out. In this case the respondent was Google.
Like the first time, the WIPO panelist found that the i-Registry trademark had been obtained for the purposes of the new gTLD program and that Google’s use of it in its generic sense would not infringe its rights.
.cam (AC Webconnecting Holding v. Dot Agency)
The second and final LRO decision (pdf) in the .cam contention set.
AC Webconnecting, an operator of webcam-based porn sites, lost again on the grounds that it applied for its trademark just a month before ICANN opened up the new gTLD application window in January last year.
The company didn’t have time to, and produced no evidence to suggest that, it had used the trademark and built up goodwill around “.cam” in the normal course of business.
In other words, front-running doesn’t pay.

Donuts details second private gTLD auction list

Donuts has committed 68 of its new gTLD applications to a set of private auctions due to commence August 13.
It’s the second round of auctions conducted by Innovative Auctions, which last month settled six contention sets for an average of $1.5 million per TLD.
Here’s the full list of Donuts’ strings:

.apartments .hot .art .jewelry .auction .law .audio .lawyer .baseball .legal .beauty .life .blog .living .boats .loans .broadway .memorial .broker .online .cafe .phone .casa .pizza .chat .place .church .plus .city .property .construction .rent .data .run .deals .salon .direct .school .discount .search .dog .show .expert .site .fish .soccer .football .storage .forum .store .furniture .studio .fyi .style .garden .team .global .theater .gratis .trading .group .website .guide .wedding .help .world .hosting .yoga

It’s very similar to the list of 63 strings that Donuts committed to the first round of auctions, which was under-subscribed by its rivals.
The additions since then are: .broker, .casa, .data, .deals, .dog,. expert, .lawyer, .life, .loans, .place, .property, .rent, studio, .website, .world and .yoga.
This list does not include the six gTLDs that were settled in the first round, for obvious reasons, but the following strings have also been removed: .forsale, .juegos, .marketing, .media, .sale.
Some of those appear to have been removed because Donuts has already won the contention set due to withdrawals.
The list still includes many in which Donuts is in a contention set with Uniregistry, which has previously said it would not participate in private auctions due to legal concerns.
Innovative said recently that over 100 applications had been committed to the August 13 auction.
It had previously said that the over 40 strings being applied for by applicants that had participated in the first auction had also been committed.
The deadline for committing to the auction is August 5.

Afilias wants registrar ownership ban lifted on .mobi and .pro

Afilias has applied to ICANN to have its ban on owning registrars in two of its own gTLDs, .mobi and .pro, lifted.
With requests to ICANN a few days ago (here and here), the company said it wants to be able to own more than 15% of an ICANN-accredited registrar that sells both TLDs, which is currently forbidden by the two Registry Agreements in question.
Afilias’ proposed new .info contract, which was renegotiated this year (because it expired) and closed for public comment last week, would also enable the company to vertically integrate with a .info registrar.
A process for relaxing the cross-ownership rules on a per-TLD basis was approved by ICANN’s board of directors last October.
The only registry so far to have its contractual ban lifted is puntCat, the .cat registry operator.
When an ICANN working group was discussing the vertical integration issue a couple of years ago, Afilias was one of the participants that held fast against any relaxation of the 15% ownership cap, eventually driving the working group into stalemate and forcing the ICANN board’s hand.

L’Oreal takes the red pill, withdraws .matrix bid

L’Oreal has withdrawn another of its dot-brand new gTLD applications.
This time it’s .matrix, for one of its hair-care product brands.
It’s the eighth of L’Oreal’s 14 original new gTLD applications to be withdrawn, after .欧莱雅, .kiehls, .loreal, .garnier, .maybelline, .kerastase, and .redken.
Only .lancome remains of its dot-brand applications. It has already passed Initial Evaluation, unlike the others which tend to get dropped shortly before results are posted, to secure a bigger refund.
Its “closed generic” bids for .skin, .beauty, .hair, .makeup and .salon are all still active and have all passed IE.

Is social media the answer to the dot-brand problem?

With many dot-brand gTLD applicants still unsure about how they will use their new namespaces, the maker of the Kred reputation service is proposing social media as the answer.
Speaking to DI today, Kred CEO Andrew Grill said that one dot-brand applicant — a bank — has already committed to use parent company PeopleBrowsr’s new Social OS platform for its gTLD.
Social OS is being marketed as a way for companies to quickly launch their own social media networks along the lines of Facebook or LinkedIn.
Dot-brands would be able to own the customer relationship and get access to much more data about their users than they get with the limited “Like”-oriented Facebook platform, Grill said.
End users would be able to use these vertical networks using their existing social media log-in credentials, he said.
The company plans to use the platform in its own gTLD, .ceo, which it has applied for uncontested.
Grill said he talked to about 100 people at the recent ICANN meeting in Durban and expects to come away with five to 10 additional customers for the Social OS platform.
While the value proposition for new gTLD owners seems fairly reasonable, in general I’m quite skeptical about the internet’s need for more social media sites.
Any such service operated by a dot-brand would have to have a fairly compelling value proposition for end users.
Grill said that a car maker, for example, could use its own gTLD social media network to keep in touch with its customers — giving them a second-level domain when they buy one of its vehicles.
A bank, meanwhile, could offer services such as customer-to-customer transaction apps for users who have second-level domains in its gTLD. If registrations were limited to existing banking customers, a greater level of security would be baked in from the start, he said.