Progress made on next new gTLD round rules

Pace towards finalizing the details of the next new gTLD application round is picking up, with a group of policy-makers close to overcoming some of the ICANN board’s concerns about the program.

A so-called “small team” of GNSO members, aided by a couple of ICANN directors, have drafted a set of recommendations aimed at helping the board approve the 38 community recommendations it has not yet adopted.

The board approved 98 new gTLD “Subsequent Procedures” policy recommendations in March, but was hesitant on issues such as the proposed registry back-end evaluation program, round-based applications, and content policing.

The board had raised the specter of a first-come, first-served model for new gTLD applications, something the community roundly rejected during the Policy Development Process for the next rounds.

Directors in the small group have since clarified that they’re really looking for a “steady state” application process, that may or may not involve FCFS, in order to make planning, hiring and software development more predictable.

There seems to be no question of the next application opportunity being anything other than a round-based process.

Nevertheless, it’s now possible that the GNSO may throw the board a bone by suggesting a PDP that would look into how the new gTLD program could operate in a “steady state” over the long term.

Content policing is another issue that has caused the board pause.

SubPro and the GNSO have recommended that registries be able to add Registry Voluntary Commitments — promises to ban certain types of content from their zone, for example — to their ICANN contracts.

But the board is worried that this may break its 2016 bylaws, which demand ICANN not get involved in content policing, even though the similar Public Interest Commitments from the 2012 round are enforceable.

The GNSO and board currently seem to be leaning towards a bylaws amendment to address RVCs, but it will be a bit of a tightrope, language-wise, to keep ICANN on its ostensibly technical mandate.

The small group has met nine times since late March to try and resolve these and other board concerns ahead of the mid-year ICANN 77 meeting in Washington DC, which starts June 12.

There’s a pretty aggressive schedule of meetings between now and then, with a bilateral between GNSO and board May 22. The board should have the GNSO’s response to its roadblocks by DC, which should allow it to start chipping away at some of the 38 unadopted recommendations.

Brands ask for cheaper ICANN fees

The group representing dot-brand gTLD registries has asked ICANN to relieve its members of millions of dollars of annual fees.

The Brand Registry Group has written to ICANN to complain that the current $25,000 a year fixed registry fee is too high, given that most dot-brands have next to no domains in their zones and pretty much no abuse.

A dot-brand is a gTLD matching a trademark in which only the brand holder may register domains. Most are unused, and those that are used don’t face many of the contractual compliance-related issues as regular gTLDs.

The BRG wants its members’ fees reduced to $5,000 a year, when the registry has fewer than 5,000 names and basically no abuse.
The group notes that 20-year-old gTLDs such as .museum, .coop, and .aero have a base fixed fee of just $500.

Given that there are about 400 contracted dot-brands, it’s basically asking ICANN to throw away about $8 million of annual revenue, paid for by some of the largest and wealthiest multinationals out there.

ICANN salary porn: 2022 edition

ICANN has published its fiscal 2022 US tax returns, revealing as usual the big bucks its top brass and contractors are paid for boldly keeping the internet stable and secure.

It was a good year for former CEO Göran Marby, who held the top job until the end of calendar 2022 and saw his total compensation top a million dollars for a second time, having dipped in fiscal 2021.

Marby’s total package was $1,050,755 in salary, bonus and benefits for the year ended June 30, up from $977,540 in the previous year. The performance-related portion was $218,315, up from $202,038. His base salary was $734,579, up from $673,462.

The tax filing lists 17 highly compensated employees, down by two from 2021, who are making $390,000 and up. Seven made over half a million dollars a year, up from five in the previous year.

One of the missing employees this year was CTO David Conrad, who left the Org at the end of 2021. The filing reveals he was paid $115,874 in severance, despite ICANN characterizing his departure as a decision he made himself.

Current interim CEO Sally Costerton’s compensation is not revealed. It’s paid to her consulting company and the sum, whatever it is, presumably does not meet the threshold for disclosure as a top contractor.

(I hope this number is disclosed in future, because I’ve just come up with a funny nickname for her if it’s a very large amount.)

Top contractors are as usual law firm Jones Day ($5,164,603, down from $8,769,608) and software developers Architech, Zensar and OSTechnical, which received $2,857,500, $1,488,077 and $1,169,210 respectively.

ICANN’s total revenue was $167,893,854, up from $163,942,482. Its surplus after expenses was $22,755,179, down from $32,564,762. It had net assets of $539,863,742 at the end of June, down from $555,804,201.

The filing reveals that non-accreditation fees from registries and registrars topped $100 million.

Another registrar seemingly vanishes

An accredited registrar appears to have gone bust after its parent company failed.

ICANN has sent a breach notice to Nimzo 98, which while registered as an LLC in the US appears to be Indian-operated, saying the company has not paid its fees and the Compliance folk haven’t been able to reach management since December.

The notice also complains that the company isn’t providing a Whois service as required, which may be a polite way of saying that the entire web site is down — it’s not resolving properly for me.

Digging into the data a little, it seems Nimzo was the in-house registrar of a company called Houm that, according to its press releases, was operating some kind of privacy-oriented social network slash cloud storage service.

Part of Houm’s offering was a personal domain name, which came bundled as part of the monthly service fee.

When Houm seriously started promoting its service last year, it appears to have led to a spike in registrations via Nimzo. Most of its domains were concentrated in new gTLDs such as .live, .xyz, .earth, .world and .space.

Having consistently registered no more than a couple hundred gTLD names per month for years, there was a sudden spike to over 5,000 in July and 12,000 in August, peaking Nimzo’s total domains at 21,000 that month.

But then, in October, the registrar deleted almost all of its names. It went from 21,000 domains under management in August to 190 at the end of October. These were not grace-period deletes, so fees would have been applicable.

Houm’s web site at houm.me also appears inoperable today, showing a server error when I access it, and its Twitter account has been silent since last August.

ICANN has given Nimzo until May 22 to pay up or lose its accrediation.

Verisign “pleased” at ICANN’s .web call

Verisign said it is “pleased” that ICANN has decided it should be awarded the .web gTLD, but hinted that it might not launch this year.

“We now look forward to NDC’s execution of the .web Registry Agreement and submission to ICANN of the request for assignment of the .web Registry Agreement to Verisign,” the company said in a statement this afternoon.

It follows the news this morning that ICANN’s board of directors decided that the company did not break any rules when it won the auction for .web via a secret intermediary company, Nu Dot Co.

Verisign reiterated that its current financial guidance for the year does not include any impact from .web.

Travel gTLD registry dumps three strings — NOT dot-brands

Future new gTLD application rounds will likely have three extra travel-related strings up for grabs, after the barely-precedented decision by a registry operator to dump three generic, non-branded strings.

Travel Reservations Srl, the registry owned by Despegar, one of South America’s largest online travel booking services, has told ICANN to tear up its contracts for .hoteles, .vuelos and .passagens.

These are the Spanish translations of “hotels” and “flights” and the Portuguese for “tickets” respectively. Despegar had also applied for the Portuguese .hoteis, but withdrew its bid before delegation.

None of the gTLDs ever launched and none had any registered domains. As such ICANN is not looking for a successor registry to protect registrants. The strings will be available to other applicants in future rounds.

Despegar never made any secret about the fact that it didn’t quite know what it wanted to do with its gTLDs when it applied in 2012, its applications noting that it would take a wait-and-see approach before making the domains available.

It waited, it saw, and a decade later it’s apparently decided it doesn’t want to operate these TLDs after all.

The fact that its termination notices were sent in January this year but dated November 6, 2020, may be indicative.

Worried about governments seizing .com domains? Too late

Language proposed for Verisign’s .net registry contract that some say would give governments the ability to arbitrarily seize domains is already present in the company’s .com contract.

As I reported earlier this month, the .net Registry Agreement is up for renewal and ICANN has opened up some largely uncontroversial proposed changes for public comment.

ICANN has received two comments so far, both of which refer to what one commenter called the “outrageous and dangerous” proposed changes to Verisign’s .net Registry-Registrar Agreement.

The RRA is the contract all accredited registrars must agree to when they sign up to sell domains in a given TLD. For ICANN, it’s a way to vicariously enforce policy on registrants via registrars via registries.

Unsimply put, the RA instructs Verisign to have an RRA with its registrars that tells them what rules their registrants have to agree to when they buy a domain name.

The new language causing the consternation is:

Verisign reserves the right to deny, cancel, redirect or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, as it deems necessary, in its unlimited and sole discretion:

…

to ensure compliance with applicable law, government rules or regulations, or pursuant to any legal order or subpoena of any government, administrative or governmental authority, or court of competent jurisdiction

One commenter states “this proposed agreement would allow any government in the world to cancel, redirect or transfer to their control applicable domain names”, adding “presumably ICANN staff and Verisign would want to also apply it to other extensions like .COM as those contracts come up for renewal”.

In fact, it’s the other way around. The exact same language has been present in Verisign’s .com contract for over three years, a change to Appendix 8a (pdf) that went largely unnoticed when thousands of commenters were instead complaining about the removal of price caps and fretting about the rise of Covid-19 around the world.

For those worried about the new .net language making it into the .com contract one day — worry not! It’s already there.

Epik’s meltdown is a ticking time-bomb for ICANN

There are many ways ICANN could eventually wind up shutting down flailing registrar Epik, but it might face a nightmare of its own when it does.

Epik appears to have been suffering from serious cash-flow problems for the last several months, with some customers still complaining this week that they haven’t been paid money owed as far back as September.

It’s facing a lawsuit by a customer who says he’s owed over $300,000 over a failed domain purchase, accusations that it’s been running its escrow service without the proper paperwork, and claims that current and former executives may have “embezzled” customer money.

It’s an absolute dumpster fire that so far shows little sign of being extinguished, but unfortunately there’s very little about the situation that appears to be in ICANN’s Compliance wheelhouse.

ICANN Compliance has the right to terminate a company’s accreditation — its ability to sell gTLD domains — if that registrar breaches the terms of the Registrar Accreditation Agreement that all registrars must sign.

The RAA does not cover the secondary market, or escrow or store credit services like Epik’s doomed “Masterbucks”.

Ironically, ICANN would stand a better chance of shutting Epik down if its Whois service crashed, or if the registrar for some reason failed to publish an abuse contact on its web site.

However, if Epik is treating its ICANN fees the same way customers say it’s treating their funds, it can expect a nastygram or six from Compliance, if it has not done so already.

Most cases where ICANN ultimately terminates a registrar’s accreditation begin when Compliance gets a note from the bean-counters that somebody hasn’t been paying their quarterly invoices.

Typically, this serves as a tip-off that the registrar is having problems, so Compliance audits the company to see where else it might be in breach, often discovering other minor or major infractions it can add to the docket.

Epik paid ICANN just shy of $150,000 in its last-reported fiscal year to June 30, 2022. If its current cash-flow problem has caused it to miss an ICANN payment in the three quarters since then, Compliance could be another very powerful creditor knocking at its door.

Another way ICANN could bring out the deaccreditation hammer is if Epik suffers unfavorable court rulings related to financial mismanagement. The RAA specifically allows termination if a court finds a registrar committed “fraud” or “a breach of fiduciary duty”.

The customer lawsuit Epik is currently facing could make such a finding, if it reaches trial and things don’t go Epik’s way.

Perhaps a more immediate concern is that the RAA contains another clause allowing termination if a registrar “is disciplined by the government of its domicile for conduct involving dishonesty or misuse of funds of others”.

I am not a lawyer, but I can see an argument being made that this might have happened already.

As Domain Name Wire reported in February, the Insurance Commissioner of Epik’s home state of Washington recently fined the company $10,000 for selling its DNProtect service as an “insurance” product without the proper licences.

Does this count as being “disciplined by the government of its domicile for conduct involving dishonesty”? Legally, I don’t know.

DNW reports in the same article that the Washington state attorney general has been tipped off about Epik’s escrow service, which is also a regulated industry in which Epik apparently does not have the necessary paperwork to operate.

I’m soothsaying here, of course, but any future disciplinary action from Epik’s local AG could well give ICANN Compliance another deaccreditation trigger to pull.

There are multiple excuses Compliance could find to shitcan Epik over the coming months, but let’s look at the downside for ICANN if it does.

Epik has built itself up in recent years as the go-to “free speech” registrar. It’s welcomed, even courted, multiple registrants that have had their domains banished from other registrars for their sites’ controversial content.

That pretty much always means “far-right” content, of course.

Most recently, it took the business of kiwifarms.net, a forum accused of allowing member to doxx and issue death threats against transgender rights activists.

It’s previously been associated with domains for similarly controversial registrants including Andrew Tate, Infowars, 8chan, Gab and The Daily Stormer.

When Monster was replaced by current CEO Brian Royce last September, the company made a big deal about how the new guy and the old guy were aligned on the free speech issue. Royce has subsequently echoed those thoughts.

Given the narrative Epik has created around itself, can you imagine how a certain section of the online public, namely the fringe of the American right-wing, would react if ICANN essentially shut down the “free speech registrar”?

ICANN has for many years faced misinformed criticism that it has the power to take down web sites it does not agree with, that it acts as a gatekeeper for the internet, that it is or risks becoming the internet’s “content police”.

If ICANN were to deaccredit Epik, removing its ability to sell most domain names, it would be incredibly easy to construct a narrative that a bunch of Californian liberals are trying to destroy “free speech” by taking down loads of right-leaning web sites.

It wouldn’t be true, of course, but the notion would only need to be propagated by a clueless Congressperson, a disingenuous podcast host, or a sustained social media campaign, before ICANN’s very raison d’être came under focus by people who don’t particularly care about facts.

ICANN wants more newbies on its board

ICANN is planning changes to how its board of directors are picked, including new measures to get more community virgins around the table.

Under proposed new rules for its Nominating Committee, which chooses eight of the 20 directors, at least three directors at any given time would have to be “unaffiliated”.

The definition of “unaffiliated” is extremely broad, seemingly ruling out anybody who has ever had any professional involvement with the ICANN community whatsoever. Even people who have showed up at ICANN meetings on their employer’s dime would be excluded.

By my reckoning, only two of the current crop of eight NomCom appointees could possibly meet this definition, based on their biographies.

The new rules would give NomCom some flexibility in cases where it really can’t find an otherwise qualified director without any ICANN ties.

NomCom members would also get their own terms extended under the proposals, from one year to two, in order to improve institutional memory. Some current members would have their terms extended while others would not.

To tackle the same continuity issues, ICANN also wants to create a Nominating Committee Standing Committee — that’s right, an entity with two “Committees” in its name — to oversee the NomCom.

The four-person committee would be made up of former NomCom members and would be tasked with things like reviewing the previous hiring cycle and suggesting possible procedural changes. It would have no input on who gets hired and fired.

The proposals, which originate from a review that began in 2016, are open for public comment until May 29.

ICANN to crowd-source CEO search

Community members will get more input into ICANN’s leadership than they have for a decade, as the Org searches for its new CEO.

Chris Chapman, chair of the board’s newly reconstituted CEO Search Committee has laid out plans for a series of “listening sessions” that will give interested parties the chance to give their two cents into what an ICANN CEO should look like.

There’s going to be an open Zoom call for 90 minutes on May 16, along with at least a dozen other sessions with various interest groups.

The GAC, ccNSO, ALAC, RSSAC, GNSO, ISOC, IETF, ASO and former directors will all get bilateral sessions during the board’s April 27-28 workshop, and will meet with the SSAC in May.

Staff have also had two such sessions and will get one more before the June public meeting, where ICANN will publish its “candidate profile” for the gig.

The search process wasn’t nearly as inclusive last time around, when a CEO was hired in 2016, but there was a similar level of outreach in 2012, after Rod Beckstrom resigned.