ICANN boss warns over existential “threat” from Russia

The Cthulian threat of an intergovernmental takeover of ICANN has reared its head again, but this time a resurgent, interventionist Russia is behind it and ICANN’s CEO is worried.

Speaking at ICANN 72, the Org’s virtual annual general meeting this week, Göran Marby highlighted recent moves by Russia in the UN-backed International Telecommunications Union as a “threat” to ICANN’s existence and the current internet governance status quo in general.

Speaking at a constituency meeting on Monday, Marby said:

We see a threat to the multistakeholder model and ICANN’s role in the Internet ecosystem. And anyone in this call are well aware about this threat: Russia in their attempt to be the next secretary-general of the ITU. Their platform is about having a government running not only ICANN but also the RIRs, the IETF and the root server system.

Marby is referring to two things here: Russia’s month-old policy document calling for the exploration of ways to centralize control over many of the internet’s functions under governments, and its attempt to have one of its former ministers installed as the next head of the ITU at next year’s election.

Secretary-general Houlin Zhao’s second and last four-year term is up next year, and Russia is aggressively promoting its own Rashid Ismailov as his successor. American ITU lifer Doreen Bogdan-Martin is considered the main competition and equally aggressively promoted by the US government.

Marby’s clearly concerned that a Russian secretary-general would give more weight to Russia’s current position on internet governance, which is very much about reducing US influence, doing away with ICANN, and bringing internet infrastructure under intergovernmental control.

At a separate session on Tuesday, Marby referred to this state of affairs as a “threat against the interoperability of the internet, not only ICANN as an institution”.

Such threats from the ITU are certainly nothing new — I’ve been reporting on them for almost as long as I’ve been covering ICANN — but Marby seems to think it’s different this time. He said during the ICANN 72 session:

Some of you would say: oh, we heard that before. But this time I would say it’s a little bit different because I think that some of the positions we see there are more mainstream than they were only five years ago.

Russian-born cybersecurity policy expert Tatiana Tropina concurred, calling Marby’s concerns “very valid” and telling the same ICANN session:

The points Russia makes at the ITU are scary because they can speak to many governments. They are quite moderate — or, rather, midstream — now, but they do refer to issues of power and control.

Russia’s positions were spelled out in a recent ITU policy document, a “risk analysis of the existing internet governance and operational model”.

According to Russia, ICANN poses a risk because it’s based in the US and therefore subject to the US judicial and legislative systems, as well as the Office of Foreign Assets Control, which restricts American companies’ ability to deal with organizations or states deemed to support “terrorism” and is unpopular in the Middle East:

Critical infrastructure operators/ organizations (ICANN, PTI, RIRs, etc.) may be forced to comply with sanctions of a national administration under which jurisdiction they are located. A number of operational organizations performing supranational functions in the Internet governance are registered in the USA, and they must comply with all laws, rules and regulations of the US judicial authorities as well as of the Office of Foreign Assets Control (OFAC)

It also thinks there’s a risk of the current model favoring big business over the public interest, harming “the preservation of national and cultural heritage, identity of the territory and language”, and it points to ICANN’s decision to award the .amazon gTLD to Amazon over the objections of the eight governments of the Amazonia region.

It’s also worried about the hypothetical ability of ICANN to disconnect ccTLDs from the rest of the world, due to its influence over the DNS root server system, perhaps at the demand or request of the US government.

You can download the Russian document, which covers a broader range of issues, from here as a Word file, but be warned: if you’re not using Microsoft software you may not be able to open it. Because interoperability, yeah?

Big dose of reality for gTLD-hungry dot-brand applicants

Anyone tuning into yesterday’s Brand Registry Group session at ICANN 72 expecting good news about new gTLDs was in for a reality check, with a generally gloomy outlook on display.

BRG members expressed frustration that ICANN continues to drag its feet on the next application round, failing to provide anywhere near the degree of certainty applicants in large organizations need.

Meanwhile, a former ICANN director clashed with GoDaddy’s chief new gTLD evangelist on whether the 2012 round could be considered a success and whether there really is a lot of demand for the next round.

The BRG has arguably been the most vocal group in the community when it comes for calling for ICANN to stop messing around and approve the next round already, so members are naturally not enthused about the recent approval of an Operational Design Phase, a new layer of bureaucracy expected to add at least 13 months to the next-round runway.

Deborah Atta-Fynn, a VP at current and prospective future dot-brand owner JP Morgan Chase, expressed frustration with ICANN’s inability to put a date on the next round, or even confirm it will be approved, saying that it’s tough to get departmental buy-in for a project with undefined timing and which may never even happen.

Would-be dot-brands “need that clarity, and they need that definitive timeline” she said.

“In the same way that ICANN has to ramp up, we need to ramp up,” she said. “We have to get internal stakeholders from legal and marketing and whatever other groups may be involved to buy into it. They need to see the value, they need to see the use cases.”

“That open-endedness of the timeline makes it very difficult for us to get that stakeholder buy-in that we need. It makes it difficult for us to do any definitive planning,” she said.

Nigel Hickson, now the UK’s Governmental Advisory Committee representative and a civil servant but a senior ICANN staffer at the time of the 2012 round, concurred with the need for firmer timeline.

“It’s very difficult to tell ministers that something is going to happen, and then it doesn’t happen for a couple of years, because basically they lose interest,” he said. “Having some predictability in this process is very important.”

But probably the most compelling interventions during yesterday’s session came from former ICANN director Mike Silber, a new gTLD skeptic who abstained from the 2011 vote approving the program, and new gTLD evangelist Tony Kirsch, now with GoDaddy Registry after years with Neustar.

Silber had some stern words for ICANN of 2011, and for the two CEOs preceding Goran Marby, and indicated that he was an admirer of the policy work done by the New gTLD Subsequent Procedures working group (SubPro) and a supporter of a thorough ODP.

Silber started by taking a pop at former ICANN directors and staffers who he said pushed the program through “for their own personal benefit or ego boost or whatever”, then left the Org to let others “clean up the mess they created by rushing”. He didn’t name them, but I can think of at least three people he might have been talking about, including ICANN’s then-chair and then-CEO.

“This time it doesn’t look like a rush,” he said.

He went on to say that he expects the next application round to be a different animal to 2012, with less speculation and a more realistic approach to what new gTLDs can achieve.

“If you look at the number of applications and look at the number of TLDs actually launched and the number of TLDs that have actually been successful, I think that he hype that existed in 2012 is not there any longer,” he said.

“I think people are going to look long and hard before submitting an application,” Silber said. “These weird and wonderful applications for these weird and wonderful TLDs, by people who thought they would make a fortune, are vaporware.”

“I think applicants now are more serious, and I think there’s going to be a lot less speculation,” he said.

This hype-reduction takes the pressure of ICANN to quickly approve the next round, he said.

Counterpoint was provided by GoDaddy’s Kirsch, a long-time cheerleader for new gTLDs and in particular dot-brands. He’s not a fan of the ODP and the delay it represents.

Kirsch said that new gTLD advocates are reflecting the fact that there’s demand for both top-level and second-level domains out there.

“If there is no customer base, if there is no demand, then there is no revenue base,” he said.

He pointed to data showing that, while there are only 26 million new gTLD domains registered today, there have been 136 million registered over the lifetime of the 2012 round to date (about seven years).

While agreeing that the next round might see less wild top-level speculation, and that the industry has “matured”, Kirsch suggested there might actually be more applications for generic dictionary TLDs next time, but with a better understanding of the marketing commitment needed to make them succeed.

“I’m working with people right now who are doing that with a far greater business plan underneath it, and an understanding that if they don’t have that they won’t succeed with a generic term in the new world,” he said.

Silber dismissed the 136 million number as “indicative of speculation”, which Kirsch did not try very hard to dispute, and expressed skepticism about the level of demand at the top level.

“I find it quite amusing that people say there’s real demand, but then they need a target date to actually drive demand and it makes me worry that maybe the demand’s not quite as real as they think it is,” he said.

Atta-Fynn, Kirsch and session chair Martin Sutton challenged this.

“I think that the the idea that we need to target date to drive demand is incorrect,” Kirsch said. “I think we need a target date to convert interest into demand.”

“It is incumbent on ICANN to make sure that it provides a robust and visible plan for applicants to buy into this, because I think everyone’s watching and we’ve had enough time. It’s time to turn this into a into a real program that that benefits all internet users around the world,” he said.

Donuts shuts down 14 registrars, but it’s “not related to DropZone”

Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.

ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.

This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.

But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.

DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.

But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:

We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.

It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.

Most registrars did NOT “fail” abuse audit, ICANN says

Most registrars did not “fail” a recent abuse audit, despite what I wrote in my original coverage, according to ICANN.

“Referring to a certain blog, none of the registrars failed the audit,” ICANN senior audit manager Yan Agranonik said during a session of ICANN 72’s Prep Week last night.

He’s talking about ME! He’s talking about ME!

“Failure would mean that there’s an irreparable finding of deficiency that can not be corrected timely or it just goes against the registrar’s business model,” Agranonik said.

An accompanying presentation reads:

None of the registrars “failed” the audit. “Failure” means that the auditee did not acknowledge/remediate identified violations of the RAA or their business practices are not compatible with RAA.

At the risk of prolonging a tedious semantic debate, what I reported in August, when the results of the audit were announced, was: “The large majority of accredited registrars failed an abuse-related audit at the first pass, according to ICANN.”

A bunch of registrar employees, and now apparently ICANN’s own head auditor, disagreed with my characterization.

ICANN had issued a press release stating that of 126 audited registrars, it had identified 111 “that were not fully compliant with the RAA’s requirements related to the receiving and handling of DNS abuse reports.”

To me, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, that’s a fail.

But to ICANN, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, and it tells you you’re not doing the thing you should be doing, so you start doing the thing, that’s not a fail.

I think reasonable people could disagree on the definitions here.

But I did write that the registrars “failed… according to ICANN”, and that appears to be inaccurate, so I’m happy to correct the record today.

Surprise eleventh-hour picks for NomCom leadership after ICANN U-turn

ICANN has named the new chair of its influential Nominating Committee, and it’s not who you might have expected.

The Org last night said Michael Graham will chair NomCom for the 2022 cycle, with Damon Ashcraft taking the chair-elect role.

The news came weeks later than expected — live during an online Prep Week session of ICANN 72 last night in fact — and followed a secretive ICANN vote that saw the board of directors U-turn on its initial selection.

ICANN said that 2021 chair-elect Tracy Hackshaw — who under ICANN convention was the heir apparent for the chair, replacing Ole Jacobsen — had “withdrew his candidacy for 2022 NomCom Chair due to a new professional role he has taken”.

No additional information on the withdrawal, which came as a surprise even to NomCom insiders, was made available. Hackshaw has not responded to an October 5 request for comment and does not appear to have addressed his withdrawal in public.

It’s the second time in recent years a chair-elect has not gone on to take the chair. In 2015, Ron Andruff was snubbed after poor peer-evaluation results. Hackshaw, however, appears to have scored more respectably in his review.

While the leadership picks were not revealed until the 11th hour, it seems ICANN actually made its choice in secret two weeks ago.

In a September 30 vote, the board selected Graham and Ashcraft.

But that resolution actually overrode and replaced a September 12 resolution, which was never published, appointing Hackshaw as NomCom chair. The September 30 resolution states:

Whereas, prior to publishing the Approved Resolutions of the 12 September 2021 Board meeting, the Board became aware of new information that is relevant to the evaluation of candidates.

Whereas, taking into account this new information, the BGC has recommended that the Board rescind its previous resolution and approve Michael Graham be appointed as the 2022 NomCom Chair and J. Damon Ashcraft be appointed as the 2022 NomCom Chair-Elect

That resolution was redacted in its entirety until last night. For some reason ICANN found it necessary to keep its NomCom picks secret until the very last moment.

The 2022 NomCom has the responsibility of picking three ICANN directors, one member of the Public Technical Identifiers board, two ALAC reps, and one member each of the ccNSO Council and GNSO Council.

Both chair and chair-elect are IP lawyers. New chair Graham is travel company Expedia’s top IP guy, and Ashcraft is a partner at the law firm Snell & Wilmer. It’s Ashcraft’s second go at the job in recent years, having chaired the 2019 committee.

Due to the leadership kerfuffle, the NomCom is starting its work on this cycle slightly later than usual.

Man with broken shift key sues ICANN and GoDaddy over Bitcoin domain

Sometimes I wonder if all they teach you at American law schools is how to correctly use upper-case letters.

A Georgia man who lost a cybersquatting case with Sotheby’s, concerning his registration of sothebysauctionbitcoin.com, has taken the auction house, along with ICANN, GoDaddy, and ADR Forum to court.

Harris’ case is filed pro se, which is Latin for “he doesn’t have a lawyer, his complaint makes no sense, and the case is going to get thrown out of court”.

He claims a UDRP decision that went against him recently was incorrect, that ADR Forum is corrupt and biased, and that the UDRP itself is flawed.

The domain was registered with GoDaddy, and ADR Forum was the UDRP provider.

He wants his domain back, along with root-and-branch reform of the UDRP and “self-regulating lumbering Monopolistic Behemoth” ICANN, which is apparently still working under the auspices of the US Department of Commerce.

Here’s a flavor of the filing (pdf), which was filed in a Georgia District Court yesterday:

We are ASKING THE Court to find the UDRP (Uniform Dispute Resolution Procedure) #FA2108001961598 (Sotheby’s and SPTC v Harris) Arbitration process and resulting ruling was Fatally Flawed; whereas ICANN failed to properly parse the “Provider” and we believe allowed Sotheby’s Counsel of Record in those proceeding to have specifically chosen ADR Form ADR FORUM whose history is tainted by a Consent Decree in their previous corporate iteration as an arbitration Provider for bad behavior and is also known to be a pro Claimant Provider.

In the version published to PACER, the complaint ends abruptly mid-sentence and seems to have one or more pages missing.

The decision in the original UDRP case is equally enlightening. Harris apparently sent nine responses to the complaint, many of which seemed to argue that Sotheby’s should have made an offer for the domain instead of “intimidating and bullying” him.

Harris apparently argued that the registration was a “legitimate investment”, thereby conferring rights to the domain.

Sole panelist Neil Anthony Brown seems to have taken pity on Harris, who had declared that Sotheby’s citation of previous UDRP cases was “irrelevant”, by deciding the case (against him, of course) without direct reference to prior precedent.

It was basically a slam-dunk decision, as I expect this lawsuit will also be.

Alice’s Registry disappears down the rabbit hole

One of the oldest domain registrars appears to be on its way out.

San Francisco-based Alice’s Registry has been hit with a breach notice and termination warning by ICANN after apparently being incommunicado for over a year.

According to ICANN, they last spoke in August 2020, when AR indicated that it was thinking about “shutting down the registrar business”.

Since then, the web site has stopped working and ICANN can’t get through on the telephone.

The breach notice claims past-due fees and a failure to operate a working Whois service, and gives the registrar until November 1 to pay up or get its contract terminated.

Alice’s Registry is one of the oldest registrars, founded in 1999, but it’s never had more than a few thousand names under management. Its founder, Rick Wesson, has been involved in the ICANN community since pretty much the beginning.

10 Years Ago… new gTLDs, ICANN pay, DNS abuse and ethics

The more things change, the more they stay the same.

I’ve been in a reflective mood recently, and it’s a slow news day, so I thought now might be a good time to launch a new, irregular feature — a trawl back through the DI archives to see what we were all talking about a decade ago this month.

In many respects, the conversations haven’t changed all that much in the last 10 years. Some are being repeated almost verbatim today. Others seem almost laughably naive with hindsight.

New TLDs

We were just a few months away from the opening of the first big new gTLD application window, but in October 2011 many of the rules of the program were, remarkably, still up in the air.

ICANN still hadn’t decided how much an application would cost. It had yet to decide how it would subsidize poorer applicants.

No Trademark Clearinghouse supplier had yet been found, and there was still some confusion about how the application process would work, and how it would be communicated to potential applicants.

The industry was awash with speculation, as it had been for the whole year, about who might apply for a gTLD. In October, there were stories about potential applications from New South Wales, Orange, Corsica, and BITS.

Afilias was offering $5,000 for new gTLD ideas.

But perhaps the strangest idea was a pitch from CentralNic to the super-rich. For $500,000, it would apply for your family name as a new gTLD. This came to nothing in the 2012 round, but CentralNic’s site is still live.

While new gTLDs were still in the future, October 2011 saw the ongoing sunrise period for the previous round’s .xxx, auctions following the recent launch of .co, and the creation of two new ccTLDs.

Abuse

October 2011 was marked by the registrar community reluctantly agreeing to enter talks with ICANN to renegotiate their standard Registrar Accreditation Agreement, which would ultimately lead to the current 2013 RAA.

The move came as the Governmental Advisory Committee was on the warpath on behalf of its law enforcement allies, demanding more action from the industry on DNS abuse and threatening legislation if it didn’t happen.

Imagine that.

Meanwhile, Verisign asked ICANN for more powers to take down abusive domains, which faced immediate pushback from registrars and others, before the request was retracted mere days later.

The Revolving Door

There was a lot of talk during and around ICANN 42 about conflicts of interest, particular with regards the emergence of a so-called “revolving door” between ICANN’s top brass and the domain industry.

It had been just a few months since chair Peter Dengate Thrush had, on the eve of his retirement from the board, pushed through final approval of the new gTLD program and promptly took a top job at portfolio applicant Minds + Machines.

It looked rotten, and ICANN CEO Rod Beckstrom, who had himself announced he was quitting just months earlier, had made its his personal mission to reduce at least the perception of conflicts of interest at the Org.

He ruled out being replaced by a fellow director, threw money at consultants, and said the next CEO should be an industry outsider.

It was probably all pointless.

As it turned out, the guy who replaced Beckstrom, Fadi Chehade, put in a few years in the corner office before prematurely quitting for private equity, where he now runs the company that owns Donuts, itself run by Chehade’s ICANN number two, Akram Atallah.

The amount of revolving door action at less-senior levels has been so frequent since 2011 that I don’t even keep track of it any more.

ICANN Pay

ICANN gave its top execs big pay raises. Along with death and taxes, this is a universal constant.

Donuts’ DropZone approved despite competition fears

ICANN has approved Donuts’ proposed drop-catching service, DropZone, despite concerns it could add cost to the dropping domains market.

The Org and Donuts subsidiaries representing over 200 gTLDs signed amendments September 29 that incorporate DropZone into their Registry Agreements, according to ICANN records.

The full new text in the amendments, which does a pretty good job of describing the service, is:

Dropzone Service

Registry Operator may offer the Dropzone service, which is a Registry Service that will manage the release of domain names that have reached the end of their life cycle.

The Dropzone is a separate system, parallel to the main EPP system, that will manage on a daily basis the release of domain names that have been purged for a short period of time, called the Dropzone. Any TLD-accredited registrars may use the Dropzone to register a recently-purged domain name.

On a daily basis, at the end of the Dropzone period, the Registry will execute an awarding process, which will select, per domain name, the first domain creation request submitted (first come, first serve).

What the amendment doesn’t mention are fees. The original Donuts Registry Service Evaluation Request stated in August:

In addition to the standard or premium registration prices of a given domain name, The Dropzone service can support additional application fees to be configured on a per TLD basis. Applications fees where applicable will be charged in addition to the standard registration price of a domain name.

This caused concern at TurnCommerce, the company that runs the DropCatch.com network of registrars, which told ICANN last month that DropZone was anti-competitive and could raise the price of dropping domains.

But ICANN responded that DropZone passed its competition sniff test, and would not be referred to government authorities.

Donuts has not yet publicly announced plans to launch DropZone.

A virtually identical service, that did not mention added fees in its RSEP, was previous approved for Afilias, the registry operator Donuts acquired at the start of the year.

I’m not kidding, ICANN is flirting with banning jokes

ICANN has come a long way since 2005 or thereabouts, when, at a public meeting, I made deputy general counsel Dan Halloran laugh so hard he vomited out of his nose.

Now, the increasingly po-faced Org has crawled so far up its own arse that it’s openly talking about banning — or at the very least discouraging — humor and lightheartedness during its thrice-annual get-togethers.

Ombudsman Herb Waye today blogged up his traditional pre-meeting reminder about the Expected Standards of Behavior, ahead of this month’s ICANN 72 AGM, which is taking place virtually.

There’s nothing wrong with this — the ESOB is merely a form of institutionalized politeness — but it’s being embellished this time around with a warning not to joke around in the Zoom chat rooms.

Waye wrote:

the intention of a comment can be difficult to ascertain without the benefit of vocal tone and body language. What was intended as a joke or light-hearted observation online to a group can unintentionally make the subject of the comment feel unfairly targeted.

I consulted with the ICANN community and organization (org) leadership for thoughts on how to promote a respectful virtual environment while also supporting the spirit of open dialogue that drives ICANN. I am grateful for their input. To ensure our Zoom sessions are engaging, inclusive, and productive, please remember these tips:

• To avoid confusion and to respect the session’s planned agenda, please keep your interventions in the public chat on the topic that is being discussed.
• Use private messages for off-topic comments.
• Before commenting or adding a joke, please remember the cultural diversity of the ICANN community and consider how your comment could be perceived.

Remember, ICANN meetings are designed to be soul-crushingly dull, and attended only by sensitive North American children, so let’s keep them that way.