Latest news of the domain name industry

Recent Posts

ICANN content policing power grab may be dead

Kevin Murphy, April 3, 2024, Domain Policy

A move by ICANN to grant itself more formal “content policing” powers may be dead, after the community was split on the issue and governments failed to back the move.

The Governmental Advisory Committee yesterday sent comments essentially opposing, for now at least, the idea of ICANN reforming its bylaws to give it more powers over internet content, making it very unlikely that ICANN would be able to get such amendments approved by its community overseers.

The comments came a few days after ICANN extended the deadline for responses to a December 2023 consultation on whether applicants in the next new gTLD round should be able to sign up to so-called Registry Voluntary Commitments that regulate content in their zones.

RVCs would be an appendix to ICANN Registry Agreements which would commit a registry to, for example, ban certain types of registrant or certain types of content from domains in their gTLDs.

They’re basically a rebadged version of the Public Interest Commitments found in RAs from the 2012 round, in which the likes of .sucks agreed to ban cyberbullying and .music agreed to ban piracy.

But they’ve got ICANN’s board and lawyers worried, because the Org’s bylaws specifically ban it from restricting or regulating internet content. They’re worried that the RVCs might not be enforceable and that ICANN may wind up in litigation as a result.

ICANN has therefore proposed a framework (pdf) in which RVCs would be enforced by ICANN only after an agreed-upon third-party auditor or monitor found that a registry was out of compliance.

The board sent out several pages of questions to all of its Supporting Organizations and Advisory Committees in December, asking among other things whether the bylaws needed to be amended to clarify ICANN’s role, but the responses were split along traditional lines.

Registries and registrars were aligned: there’s no need for a bylaws change, because ICANN should not allow RVCs that regulate content into its contracts at all.

“ICANN should maintain its existing bylaws which exclude content from its mission, and allowing any changes to this could be a slippery slope opening ICANN to becoming a broader ‘content police’,” the Registrars Stakeholder Group said in its response, giving this amusing example:

An example of a content restriction is provided in the proposed implementation framework for .backyardchickens (e.g. no rooster-related content). Restricting rooster-related content would require a significant amount of policing, and could even prohibit valuable content that would benefit such a TLD. For example, a backyard hen farmer might want to promote the pedigree lineage of the roosters that helped sire the hens, show pictures of the roosters that were the fathers, etc. All of this could in theory be prohibited,but would also require review and subjective analysis. This would be a very slippery slope for ICANN, and a substantial departure from its mission. Restricting rooster content would then put ICANN in the place of enforcing laws that prohibit backyard roosters, rather than relying upon the competent government authorities charged with overseeing residential animal husbandry.

The Non-Commercial Stakeholders Group was more strident in its tone, even raising the possibility of legal action if ICANN went down the content policing route, saying “the best way for the Board to address content-related PICs and RVCs is to make it clear that it will reject them categorically.” It added:

The prohibition on content regulation in ICANN’s mission is extremely important and very clear. Mission limitations were a critical part of the accountability reforms that were required before ICANN would be released from US government control in 2016… NCSG will mount a legal challenge to any attempt to dilute this part of the mission.

The opposing view was held by the Business Constituency, the Intellectual Property Constituency, and the At-Large Advisory Committee, which is tasked with representing the interests of ordinary internet users.

They all said that ICANN should be able to allow content-related RVCs in registry contracts, but the IPC and BC said that no bylaws amendment is needed because the bylaws already have a carve-out that enables the Org to enforce PICs in its agreements. The ALAC said a bylaws amendment is needed.

“There is a distinction between ICANN regulating, i.e imposing ‘rules and restrictions on’ services and content, versus the registry operator voluntarily proposing and submitting to such rules and restrictions,” the IPC wrote.

“There is also a distinction between ICANN directly enforcing such rules and restrictions on third parties, i.e. registrants, versus ICANN holding a registry operator to compliance with the specifics of a contractual commitment,” it added.

The last community group to submit a response, fashionably late, was the GAC, which filed its response yesterday having reviewed all the other responses submitted so far. The GAC arguably has the loudest voice at ICANN, but its comments were probably the least committed.

The GAC said that ICANN should only go ahead with a bylaws amendment if it has community backing, but that the community currently lacks consensus. It said, “at this stage there are not sufficient elements to justify commencing a fundamental bylaws amendment to explicitly enable the enforcement of content-related restrictions”.

However, the GAC still thinks that RVCs “will continue to serve as tools for addressing GAC concerns pertaining to new gTLD applications during the next round” and that it wants them to be enforceable by ICANN, with consequences for registries found in breach.

The GAC said that it “will continue to explore options to address this important question”.

This all means that ICANN is a long way from getting the community support it would need to push through a bylaws amendment related to content policing. That’s considered one of the “Fundamental Bylaws” and can only be changed with substantial community support.

Such amendments require the backing of the Empowered Community. That’s the entity created in 2016 to oversee ICANN after it severed ties with the US government. It comprises individuals from five groups — the GAC, the GNSO, the ccNSO, the ALAC and the Address Supporting Organization.

For a fundamental bylaws amendment to get over the line, at least three of these groups must approve it and no more than one must object.

With the GNSO, given its divisions, almost certainly unable to gather enough affirmative votes, the GAC seemingly on the fence, and the ASO and ccNSO recusing themselves so far, only the ALAC looks like a clear-cut yes vote on a possible future bylaws amendment.

Perhaps that’s why ICANN chair Tripti Sinha has written to the ASO and ccNSO in the last few days to ask them whether they’d like to think again about ducking out of the consultation, giving them an extra two weeks to submit comments after the original March 31 deadline.

The ccNSO handles policy for country-code domains and the ASO for IP addresses. Both have previously told ICANN that gTLD policy is none of their business, but Sinha has urged them both to chip in anyway, because “the ICANN Bylaws govern us all”.

Some registrars have already quit ICANN’s Whois experiment

Kevin Murphy, March 26, 2024, Domain Policy

ICANN’s two-year experiment in helping connect Whois users with registrars has grown its pool of participating registrars over the last few months, but it has lost a couple of not-insignificant companies along the way.

The Registration Data Request Service launched in November, promising to provide a hub for people to request the private data in Whois records, which is usually redacted. Monthly usage reports, first published in January, showed 72 registrars had joined the scheme at launch.

That number was up to 77, covering about 55% of all registered gTLD domain names, at the end of February, the latest report shows. Seven more registrars have signed up and two have dropped out.

The newbies include WordPress creator Automattic, which has 1.1 million names, PublicDomainRegistry, which has 4.4 million, Register.it, which has 666,000, and Turkiye’s METUnic, which has 235,000.

The two registrars quitting the project, apparently in January, are Combell (formerly Register.eu), which has 1.3 million domains, and Hong Kong’s Kouming.com, which has 57,000.

The latest data shows that RDRS returns a “registrar not supported” error 32.7% of the time.

The running total of requesters was up by 607 to 2937 in February, ICANN’s data shows. They filed 246 requests in the month for an RDRS total of 754 so far. Intellectual property owners were the main users, followed by law enforcement and security researchers.

There were 64 approved requests — where the registrar handed over the Whois data — to make a to-date total of 133. On 50 occasions requests were turned down because the registrar decided it could not turn over the data due to privacy law. These stats break down to 20% approval and 70% denial.

It took an average of 6.92 days to approve a given request — a steep incline from the 3.89 days in January — and 2.92 to deny one.

The full report, containing much more data, can be read as a PDF here.

ICANN opens $217 million Grant Program

Kevin Murphy, March 25, 2024, Domain Policy

Ten million bucks of ICANN’s money is up for grabs, starting today.

The Org has opened the application window for the first stage of its Grant Program, which it hopes to eventually see hand out over the $217 million that it raised auctioning off contested gTLDs during the 2012 new gTLD program application round.

In this first phase, up to $10 million will be distributed, in tranches of between $50,000 and $500,000, to projects that align in some way with ICANN’s technical and internet governance missions.

Only registered non-profits are allowed to apply.

The application window is open until May 24, and ICANN expects its board of directors to make its final decision in December, before grant contracts are signed early next year.

Successful applicants are expected to begin their funded projects, which should last no more than two years, within 60 days of receiving the money, so presumably the cash will start actually making a difference about a year from now.

In a blog post, ICANN CEO Sally Costeron urged readers to spread word of the program on social media, specifically naming Facebook, Instagram, LinkedIn, Twitter, and WeChat, which appears to be a platform used primarily in China.

With ICANN occupying a rarefied, occasionally incestuous corner of the internet, there’s obviously a risk of the perception that the money will be doled out primarily to community insiders, but the rules ban anyone who was involved in crafting the program’s rules from participating.

The rules also ban applicants from using ICANN’s accountability mechanisms, such as the Independent Review Process, to challenge adverse grant decisions, and ICANN wants to change its bylaws to also ban third-party non-applicants from using IRP to appeal decisions they don’t like.

Details on the Grant Program can be found here.

Internet could get one-letter gTLDs (but there’s a catch)

Kevin Murphy, March 21, 2024, Domain Policy

ICANN is set to loosen up its restrictions on single-character gTLDs in the 2026 application round, according to draft Applicant Guidebook language.

But the exemption to the usual rule applies only to gTLDs written in one script — Han, which is used in Chinese, Japanese and Korean.

Applied-for Latin-script strings must be three characters and over (because two-letter strings are reserved for ccTLDs) and internationalized domain names in other, non-Han scripts have a minimum of two characters.

The exemption for Han is being put in place because it’s an ideographic script, where a single character can have a meaning that other, alphabetic scripts would require an entire string to express. Google tells me the Chinese for “water” is 水, for example.

The 2012 gTLD application round did not feature the Han carve-out, and no IDN gTLDs currently in the DNS have fewer than two characters.

The draft rules governing IDNs are expected to be part of the next batch of AGB components that ICANN releases for public comment. The comment period on the first batch ended this week with no particularly controversial issues emerging.

Amazon and Google among .internal TLD ban backers

Kevin Murphy, March 20, 2024, Domain Tech

Google and Amazon have publicly backed ICANN’s plan to reserve the top-level domain .internal for private behind-the-firewall uses.

ICANN picked the string “internal” as the one that it will promise to never delegate to the DNS root, allowing network administrators and software developers to confidently use it with a lower risk of data leakage should the TLD come under a registry’s control in future.

The public comment period over its choice is coming to a close tomorrow, with a generally supportive vibe coming from the 30-odd comments submitted so far.

Notably, tech giants Amazon and Google have both filed comments backing .internal, with both companies saying that they already use the TLD extensively for internal purposes (Google in its Cloud services) and that to allow it to be delegated in future would cause big problems.

Some commenters niggled that .internal is too long, and that something like .local or .lan, both already reserved, might be better. Others wondered why strings such as .corp or .home, which are already effectively banned due to the high risk of name collisions, were not chosen instead.

GoDaddy’s next .xxx contract may not be a done deal

Kevin Murphy, March 18, 2024, Domain Policy

ICANN has published what could be the next version of GoDaddy’s .xxx registry contract, and is framing it as very much open to challenge.

The proposed Registry Agreement would scrap the “sponsored” designation from .xxx, substantially reduce GoDaddy’s ICANN fees, and implement the strictest child-protection measures of any gTLD, as well as make ICANN Compliance’s job a lot easier by standardizing terms on the new gTLD program’s Base RA.

But, as eager as ICANN usually is to shift legacy, pre-2012 gTLDs to the Base RA, this time it’s published the contract for public comment as if it’s something GoDaddy is unilaterally proposing.

It’s “ICM’s proposal”, according to ICANN’s public comment announcement, referring to GoDaddy subsidiary ICM Registry, and “ICM has requested to use the Base Registry Agreement form, as well as to remove the sponsorship designation of the .XXX TLD”.

This is not the language ICANN usually uses when it publishes RA renewals for public comment. Normally, the proposed contracts are presented as the result of bilateral negotiations. In this case, ICANN and ICM have been in renewal discussions for at least three years, but the contract is being presented as something GoDaddy alone has asked for.

The new RA would remove almost all references to sponsorship and to IFFOR, the pretty much toothless “sponsor” organization ICM created to get its .xxx application over the line under the rules of the Sponsored TLD application round that kicked off back in 2003.

Instead, it loads a bunch of Public Interest Commitments, aimed at replicating some of the safeguards IFFOR oversight was supposed to provide, into the Base RA.

GoDaddy would have to ban and proactively seek out and report child sexual abuse material. It would also prohibit practices that suggest the presence of CSAM, such as the inclusion of certain unspecified keywords in .xxx domains or in the corresponding web site’s content or meta-content.

(ICANN notes that these PICs may become unenforceable, depending on the outcome of current discussions about its ability to enforce content-related terms of its contracts).

GoDaddy and IFFOR have both submitted letters arguing that sponsorship is no longer required. The existence of sister gTLDs .adult, .sex, and .porn as unsponsored gTLDs, also in the GoDaddy Registry stable, proves the extra oversight is not needed, they say. Registrants polled do not object to the changes, they say.

GoDaddy’s cost structure would also change under the new deal. Not only would it save $100,000 a year by cutting off IFFOR, but it would also inherit the Base RA’s 50,000-domain threshold for paying ICANN transaction fees.

This likely means it won’t pay the $0.25 transaction fee for a while — .xxx was at about 47,500 domains under management and shrinking at the last count. It hasn’t reported DUM over 50,000 since January 2023.

While the renewal terms may seem pragmatic and not especially unreasonable, they’ve already received at least one public objection.

Consultant Michael Palage, who was on the ICANN board for the first three years of .xxx’s agonizing eight-year path to approval, took to the mic at the ICANN 79 Public Forum earlier this month to urge the board to reject GoDaddy’s request.

Palage said there have been “material violations of the Registry Agreement” that he planned to inform ICANN Compliance about. He added that approving the new deal would set a bad precedent for all the other “community” registries ICANN has contracts with.

The situation has some things in common with the controversy over the proposed acquisition of Public Internet Registry and .org a few years ago, in that the proposal entails ignoring promises made by a registry two decades ago.

Whether .xxx will attract the same level of outrage is debatable — this deal doesn’t involve nearly as many domains and does not talk to the price registrants pay — but it could attract noise from those who believe ICANN should not throw out its principles for the sake of a quieter life.

One place we might look for comment is the Governmental Advisory Committee, which was the biggest reason .xxx took so long to get approved in the first place.

But the timing of the comment period opening is interesting, coming a week after ICANN 79 closed. It will end April 29, about six weeks before the full GAC next meets en masse, at ICANN 80.

It’s not impossible that the new contract could be approved and signed before the governments get a chance to publicly haul ICANN’s board over the coals.

ICANN 79: anonymous trolls and undercover lawyers

Kevin Murphy, March 14, 2024, Uncategorized

Transparency, an ICANN watchword since day one, was a noticeable thematic undercurrent at the community’s 79th public meeting in Puerto Rico last week.

The problem of lawyers representing unnamed clients in policy-making groups was raised in several fora, while another section of the community seems to have separately been infiltrated by the same kind of anonymous trolls that plagued ICANN during its infancy.

Governments were especially keen that the GNSO clean house by tightening up its disclosure rules, following an abortive attempt at reform at the Hamburg meeting last October, and they found allies in the Contracted Parties House, which had killed off the reform after deciding it did not go far enough.

Under the current GNSO rules of engagement, everyone who volunteers to participate in policy-making has to file a Statement of Interest, disclosing information such as their employer, community group affiliations, and so on. Among other things, volunteers are asked:

Do you believe you are participating in the GNSO policy process as a representative of any individual or entity, whether paid or unpaid? Please answer “yes” or “no.” If the answer is “yes,” please provide the name of the represented individual or entity. If professional ethical obligations prevent you from disclosing this information, please so state.

The exemption is believed to be designed primarily for American lawyers in private practice, some of whom say they may sometimes be ethically prevented from disclosing the identity of their clients.

But this creates problems for community volunteers, and for the rest of us.

For policy-makers: sometimes, in a working group, you won’t know who you’re really arguing with. The guy opposite, in the expensive suit who keeps inexplicably rubbing her nostrils, could be a mouthpiece for almost any corporation, industry association, or government.

For the rest of us: we don’t know who is really making the policies that impact how domain names are sold, managed, and regulated. Those may seem trivial issues in the grand scheme of things, but they touch on issues such as free speech, data privacy, and how much money comes out of your pocket when you buy a domain.

An attempt last year by the GNSO to update its SOI rules was shot down by the Contracted Parties House because the proposed changes kept the lawyer disclosure exemption.

The Non-Contracted Parties House gave the changes their unanimous approval.

The GNSO Council Committee for Overseeing and Implementing Continuous Improvement, which came up with the changes, looked at 351 SOIs from two recent large policy working groups and found that “a maximum of 0.03% members were making use of the exemption.”

I think that means just one person.

But the scale of the issue is irrelevant compared to the principle, according to some.

Swiss GAC rep Jorge Cancio noted during a session with the CPH last week, “even if there’s a very small number of cases where people use some exceptions for not explaining whom they are working for, even if it’s just 10 people out of 1,000 participants, this already tarnishes the whole of the system”.

Registries Stakeholder Group chair Sam Demetriou concurred: “We believe in and we are strong supporters of the multistakeholder model, but in order for a model to be multistakeholder, you need to know who those stakeholders are. It is inherent in the entire system and the definition.”

The GAC’s position is that everyone participating in policy-making needs to be up-front about their interests, in accordance with global norms. In a session with the GNSO Council, UK rep and vice-chair Nigel Hickson urged the GNSO to sort out the SOI issue before ICANN meets again, set for Kigali this June, because ministers will be present, wanting answers.

Separately at ICANN 79 last week, there was a parallel debate going on about whether a group affiliated with ICANN should force its members to even file SOIs at all.

The Universal Acceptance Steering Group isn’t technically an ICANN body — a Supporting Organization or Advisory Committee — but it is funded and supported by ICANN and carries out ICANN work. It’s been around since 2015 but so far hasn’t required members to submit SOIs.

As anyone who attended or remotely lurked on the ICANN 79 Public Forum last week will know, the UASG came in for a lot of criticism, mostly from remote participants, some of whom have managed to pull off the near-miraculously impressive achievement of having a non-existent Google footprint.

I’m not of course suggesting that some of the people in the Public Forum chat room were trolls using pseudonyms, but… actually, yes, that is what I am suggesting.

These participants had beef with the UASG for imposing a new strict SOI requirement — rules coming into force right now give participants a few months to file their SOIs or get kicked off the UASG mailing list — and suggested UASG leadership had broken with ICANN rules by unilaterally imposing the requirement.

Said mailing list is notable for being lightly used, but with occasional traffic spikes, usually during discussions of anything related to elections or UASG leadership, from participants using free webmail addresses and often what appear to be joke names (Yisrael Memshelet, really?).

Sometimes, these participants have helped steer the mailing list discussion, and at least one question from an aforementioned Google-resistant remote participant was read out at last week’s Public Forum and responded to (kinda) by a board member. ICANN received so many remote UASG questions during the Public Forum that it said it would provide a consolidated written response after the meeting.

It seems ICANN is suffering from twin related transparency problems right now — lawyers who don’t want to reveal their clients, and trolls who don’t want to reveal their identities — neither of which is ideal for its legitimacy.

ICANN scores win in single-letter .com lawsuit

Kevin Murphy, March 13, 2024, Domain Policy

A Los Angeles court has handed ICANN a victory in a lawsuit filed against it by a domainer who thinks he has the rights to register all the remaining single-character .com domains.

Bryan Tallman of VerandaGlobal.com sued ICANN back in August, claiming the Org was breaking the law by refusing to allow him to register domains such as 1.com and A.com.

He already owns the matching domains in Verisign’s Chinese, Japanese and Hebrew .com IDNs, such as A.קום (A.xn--9dbq2a) and 1.コム (1.xn--tckwe), and says previous Verisign statements mean this gives him the right to the equivalents in vanilla .com.

These domains would very likely be worth tens of millions of dollars apiece. Verisign has held almost all single-character domain names in registry-reserved status since the 1990s. A few, notably Elon Musk’s x.com, pre-date the reservation.

Tallman claimed unfair competition, breach of contract, negligence and fraud and sought a declaratory judgement stating that ICANN be forced to transfer to him all of the 10 digits and all 23 of the remaining unregistered letters in .com, along with some matching .net names.

Pretty outlandish stuff, based on some pretty flimsy arguments.

ICANN filed a demurrer last year, objecting to the suit and asking the Superior Court of California in LA to throw it out, and the judge mostly agreed. In a February ruling (pdf), published recently by ICANN, he threw out all seven of Tallman’s claims.

Tallman was given permission to re-state and re-file five of the claims within 30 days, but his demand for a declaratory judgement was ruled out completely as being irreparably broken.

Cosmetics brand terminates its gTLD

Kevin Murphy, March 13, 2024, Domain Registries

Brazilian cosmetics maker Natura has become the latest new gTLD operator to tell ICANN to terminate its dot-brand contract.

The company said it is “no longer interested” in operating .natura, and ICANN has agreed to end the Registry Agreement.

Natura was not using the domain beyond the mandatory nic.natura, but my records show that it did start experimenting with usage about five years ago.

A handful of domains, including global.natura, app.natura and innovationchallenge.natura were active and resolved to full-content web sites, but these were all shut off at the end of 2023.

The move comes at a time when Natura has been in a cost-cutting drive, divesting various assets and de-listing itself from the New York Stock Exchange.

The string “natura” is a dictionary word in some languages, meaning “nature” in Italian for example, so it could feasibly be applied for in future new gTLD program rounds.

Governments back down on new gTLD next round delay

Kevin Murphy, March 13, 2024, Domain Policy

ICANN’s Governmental Advisory Committee has decided not to force the Org to pay for a independent cost/benefit analysis of the new gTLD program, removing the potential for timeline friction ahead of the planned 2026 next-round launch.

In its latest communique, published following the ICANN 79 meeting in Puerto Rico last week, the GAC has essentially told ICANN that it broke its bylaws by not following eight-year-old GAC advice, but meh, whatever, just don’t do it again.

As I reported last week, governments had grown concerned that ICANN had not delivered the “objective and independent analysis of costs and benefits” of the new gTLD program that the GAC had asked for in 2016. Such an analysis was supposed to be a prerequisite for the next round going ahead.

What ICANN had delivered instead was a relatively hastily prepared summary of the next round’s policy recommendations, Org’s analysis of these recommendations, and the community-led review of competition, consumer protection and trust issues, the CCT review.

The Puerto Rico communique says that this response “cannot be considered to constitute a cost-benefit analysis, nor to be objective and independent” but that the GAC does not wish to throw up a road-block to the next round going ahead on schedule. It reads:

The GAC recognizes that the Community (with involvement of the GAC) is taking forward the next round of new gTLDs and has set a corresponding timeline. The GAC, therefore, believes that conducting further analysis at this stage would not serve the intended purpose.

The GAC encourages the Board to ensure that GAC advice, which the Board has accepted, is effectively implemented and its implementation is communicated to the GAC.

GAC chair Nicolas Caballero of Paraguay summarized it as the committee telling the ICANN board “we’re not aiming by no means at stopping the next round or anything like that, but that we want to be taken seriously”.

The original draft of the communique, drafted by Denmark, the US, the UK and Switzerland delegations, also contained text noting that the analysis ICANN provided was written by staff or community stakeholders, who were neither independent nor objective, but this was removed during a drafting session last week after objections from Iran, whose rep said it sounded too critical of the multistakeholder process.

It seems ICANN, and others who stand to make a lot of money from the new gTLD program, have dodged a bullet here, with the GAC essentially backing away and backing down from its potentially delay-causing previous demands.