ICANN punts o.com auction to US watchdogs

Verisign’s proposed auction of the domain o.com might have a negative effect on competition and has been referred to US regulators.
That’s according to ICANN’s response to the .com registry’s request to release the domain, which is among the 23 single-letter domains currently reserved under the terms of its contract.
ICANN has determined that the release “might raise significant competition issues” and has therefore been referred to “to the appropriate governmental competition authority”.
It’s forwarded Verisign’s request to the US Department of Justice.
Verisign late last month asked ICANN if it could release o.com to auction as a test that could presumably lead to other single-character .com names being released in future.
The plan is for a charity auction, in which almost all the proceeds are donated to internet-related good causes.
Only the company running the auction would make any significant money; Verisign would just take its standard $7.85 annual fee.
ICANN told the company that it could find no technical reason that the release could not go ahead.
The only barrier is the fact that Verisign arguably has government-approved, cash-printing, market dominance and is therefore in a sensitive political position.
Whether its profitless plan will be enough to see the auction given the nod remains to be seen.
A certain bidder in the proposed auction would be Overstock.com, the online retailer, which has been pressuring ICANN and Verisign for the release of O.com for well over a decade and even owns trademarks covering the domain.
Disclosure: several years ago I briefly provided some consulting/writing services to a third party in support of the Verisign and Overstock positions on the release of single-character domain names, but I have no current financial interest in the matter.

DotKids doesn’t want .kids auction to go ahead

One of the applicants for the .kids gTLD has asked ICANN to stop the planned last-resort auction.
DotKids Foundation is competing with Amazon for .kids and, because the two strings were ruled confusingly similar, with Google’s application for the singular .kid.
ICANN last month set a January 25 date for the three contenders to go to auction, having unfrozen DotKids’ application back in October.
DotKids’ bid had been put on hold due to it losing a Community Priority Evaluation — which found overwhelmingly that the organization did not represent a proper community — and its subsequent appeals of that ruling.
But the foundation now says that its application should be treated the same as .music, .gay, and a few others, which are currently on hold while ICANN waits for the results of a third-party review of the CPE process.
DotKids filed a Request for Reconsideration (pdf) with ICANN yesterday, immediately after being told that there were no plans to put the contention set back on hold.
Tomorrow is the deadline for the three applicants to submit their information to ICANN to participate in next month’s auction.
An ICANN last-resort auction sees the winning bid being placed in a fund for a yet-to-be-determined purpose, as opposed to private auctions where the losing bidders share the loot.

Open Whois must die, Europe privacy chiefs tell ICANN

Unfettered public access to full Whois records is illegal and has to got to go, an influential European Union advisory body has told ICANN.
The Article 29 Working Party on Data Protection, WP29, wrote to ICANN yesterday to say that “that the original purposes of the WHOIS directories can be achieved via layered access” and that the current system “does not appear to meet the criteria” of EU law.
WP29 is made up of representatives of the data protection agencies in each EU member state. It’s named after Article 29 of the EU’s 1995 Data Protection Directive.
This directive is parent legislation of the incoming General Data Protection Regulation, which from May 2018 will see companies fined potentially millions of euros if they fail to protect the privacy of EU citizens’ data.
But WP29 said that there are questions about the legality of full public Whois under even the 1995 directive, claiming to have been warning ICANN about this since 2003:

WP29 wishes to stress that the unlimited publication of personal data of individual domain name holders raises serious concerns regarding the lawfulness of such practice under the current European Data Protection directive (95/46/EC), especially regarding the necessity to have a legitimate purpose and a legal ground for such processing.

Under the directive and GDPR, companies are not allowed to make consent to the publication of private data a precondition of a service, which is currently the case with domain registration, according to WP29.
Registrars cannot even claim the publication is contractually mandated, because registrants are not party to the Registrar Accreditation Agreement, the letter (pdf) says.
WP29 adds that law enforcement should still be able to get access to Whois data, but that a “layered” access control approach should be used to prevent full disclosure to anyone with a web browser.
ICANN recently put a freeze on its contract compliance activities surrounding Whois, asking registries and registrars to supply the organization with the framework and legal advice they’re using to become compliant with GDPR.
Registries and registrars are naturally impatient — after a GDPR-compatible workaround is agreed upon, they’ll still need to invest time and resources into actually implementing it.
But ICANN recently told contracted parties that it hopes to lay out a path forward before school breaks up for Christmas December 22.

Roberts elected to ICANN board

Channel Islands ccTLD operator Nigel Roberts has been elected to ICANN’s board of directors.
He gathered an impressive 67% of the votes in an anonymous poll of ccNSO members conducted last week.
He received 60 votes versus the 29 cast for his only opponent, Pierre Ouedraogo, an internet pioneer from Burkina Faso.
Roberts, a Brit, runs ChannelIsles.net, registry manager for .gg (for the islands Guernsey, Alderney and Sark) and .je (for Jersey). These are the independent UK dependencies found floating between England and France.
He’s been in the ICANN community since pretty much day one.
His election still has to be formally confirmed by the ccNSO Council and then the ICANN Empowered Community.
Roberts will not take his seat on the ICANN board until October next year, at the end of public meeting in Barcelona.
He will replace Mike Silber, the South African who’s currently serving his ninth and therefore final year as a director.
The other ccNSO seat is held by Australian ICANN vice chair Chris Disspain, who is also term-limited and will leave at the end of 2019.

Brazil loses its only registrar as UOL bows out

There are now no ICANN-accredited registrars in Brazil, following the termination of Universo Online’s contract this week.
I understand the agreement was ended at UOL’s request. It’s not a case of it breaching its contract.
UOL is a big deal in Brazil, getting beaten in the eyeballs stakes only by the likes of Google and Facebook, but as a registrar it wasn’t in the top 100 globally.
It had a little over 100,000 gTLD domains under management at the last count, with a peak over the last five years of roughly 200,000
I hear that these remaining domains will be transferred to Tucows’ accreditation.
Brazil has had at least four registrars, including UOL, over the years.
Countries roughly the same size as Brazil by population (over 200 million) include Nigeria and Pakistan, each of which still have one active registrar.
There are 10 contracted registries, managing nine 2012-round new gTLDs, in Brazil.

Verisign wants to auction off O.com for charity

The internet could soon gets just its fourth active single-character .com domain name, after Verisign revealed plans to auction off o.com for charity.
The company has asked ICANN to allow it to release just one of the 23 remaining one-letter .com domains, which are currently reserved under the terms of the .com registry agreement.
It’s basically a proof of concept that would lead to this contractual restriction being lifted entirely.
O.com has been picked as the guinea pig, because of “long-standing interest” in the domain, according to Verisign.
Overstock.com, the $1.8 billion-a-year US retailer, is known to have huge interest in the name.
The company acquired o.co from .CO Internet for $350,000 during the ccTLD’s 2010 relaunch, then embarked upon a disastrous rebranding campaign that ended when the company estimated it was losing 61% of its type-in traffic to o.com.
Overstock has obsessed over its unobtainable prize for over a decade and would almost certainly be involved in any auction for the domain.
In fact, I wouldn’t be surprised to discover that Overstock pressured Verisign into requesting the release of o.com.
Despite the seven or eight figures that a single-letter .com domain could fetch, Verisign’s cut of the auction proceeds would be just $7.85, its base registry fee.
Regardless, it has a payment schedule in mind that would see the winning bidder continue to pay premium renewal fees for 25 years, eventually doubling the sale price.
The winner would pay their winning bid immediately and get a five-year registration, but then would have to pay 5% of that bid to renew the domain for years six through 25.
In other words, if the winning bid was $1 million, the annual renewal fee after the first five years would be $50,000 and the total amount paid would eventually be $2 million.
All of this money, apart from the auction provider’s cut, would go to a trust that would distribute the funds to internet-focused non-profit organizations, such as those promoting security or open protocols.
There’s also a clause that would seem to discourage domain investors from bidding. The only way to transfer the domain would be if the buyer was acquired entirely, though this could be presumably circumvented with the use of a shell company.
It’s an elaborate auction plan, befitting of the fact that one-character .com domains are super rare.
Only x.com, q.com and z.com are currently registered and it’s Verisign policy to reserve them in the unlikely event they should ever expire.
Billionaire entrepreneur Elon Musk this July reacquired x.com, the domain he used to launch PayPal in the 1990s, back from PayPal for an undisclosed sum.
Z.com was acquired by GMO Internet for $6.8 million in 2014.
Single-character domains are typically not reserved in the ICANN contracts of other gTLDs, whether pre- or post-2012, though it’s standard practice for the registry to reserve them for auction anyway.
Verisign’s reservations in .com and .net are a legacy of IANA policy, pre-ICANN and have been generally considered technically unnecessary for some years.
Still, there’s been a reluctance to simply hand Verisign, already a money-printing machine through accident of history, another windfall of potentially hundreds of millions of dollars by allowing it to sell off the names for profit. Hence the elaborate plan with the O.com trust fund.
The proposal to release O.com requires a contractual amendment, so Verisign has filed a Registry Services Evaluation Process request (pdf) with ICANN that is now open for public comment.
As a matter of disclosure: several years ago I briefly provided some consulting/writing services to a third party in support of the Verisign and Overstock positions on the release of single-character domain names, but I have no current financial interest in the matter.

ICANN urged to crack down on new gTLD abuse

Registries selling dirt-cheap new gTLD domains should be rewarded with lower ICANN fees when they get proactive about abuse, while registrars that turn a blind eye to spammers should be suspended, an ICANN working group will recommend.
In its second batch of findings, the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) said that financial incentives and a new complaints procedure should be used to persuade registries and registrars to fight DNS abuse.
The CCT said it “proposes the development of incentives to reward best practices preventing technical DNS abuse and strengthening the consequences for culpable or complacent conduits of technical DNS abuse” in a paper published today.
The review, which drew on multiple sources of market and abuse data, original research, and analysis of third-party research, is probably the most comprehensive study into the impact of the new gTLD program to date.
It concluded that overall rates of DNS abuse did not increase as a result of the program, but that bad actors are increasingly migrating away from legacy gTLDs such as .com to 2012-round TLDs such as .top, .gdn and Famous Four Media’s stable.
Indeed, much of the paper appears to be a veiled critique of FFM’s practices.
The registrar AlpNames, known to be affiliated with FFM and responsible for most of its retail sales, is singled out as the currently accredited registrar particularly favored by abusers.
The CCT report notes that AlpNames regularly sells domains for under $1, or gives them away for free, and offered a tool allowing registrants to randomly generate up to 2,000 available domains in 27 different gTLDs, pretty much inviting abuse.
“Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse. Such behavior needs to be identified rapidly and action
must be taken by ICANN compliance as deemed necessary,” the paper says.
The review found that gTLDs with no registration restrictions and the lowest prices had the most abuse. Duh.
“Generally, the DNS Abuse Study indicates that the introduction of new gTLDs did not increase the total amount of abuse for all gTLDs,” its report says. “[F]actors such as registration restrictions, price, and registrar-specific practices seem more likely to affect abuse rates.”
Drawing on data provided by 11 domain block-lists (SURBL, SpamHaus, etc), the paper states that at least one TLD (FFM’s .science) had an abuse rate excess of 50%.
Using SpamHaus data, the paper identities FFM’s .science, .stream, .trade, .review, .download and .accountant as having over 10% abuse during the period of its study. Also on that list: Uniregistry’s low-price .click and the China-based .top and .gdn.
One thing they all have in common is that AlpNames is a leading registrar, usually accounting for at least a quarter of domains under management.
There’s no way AlpNames/FFM is not aware of the amount of bad actors in its customer base, the question is what can ICANN do about it?
The CCT team recommends that registries and registrars with over 10% of their names used for abusive purposes should be tasked by ICANN with proactively cleaning up their zones. Those that fail to do so should be subject to a new Domain Abuse Dispute Resolution Process, it said.
These companies should have their contracts suspended when they’re “associated with unabated, abnormal and extremely high rates of technical abuse”, the report recommends.
There’s a big boilerplate specifying, tellingly, that registry operators that control registrars are affected by this recommendation too.
It should be noted that there was not a full consensus of support for the idea of a DADRP. Half a dozen working group members filed minority statements opposing it.
It’s not all stick in the report, however. There’s some carrot, too.
The CCT report recommends financial incentives such as fee reductions for registries that have “proactive anti-abuse measures” in place.
It noted that there is precedent for ICANN doing this kind of thing when it implemented an anti-tasting policy that seriously restricted registrars’ ability to get registry refunds.
The CCT Review Team was formed to figure out what impacts the 2012 new gTLD round had on the domain name market.
The completion of its work is one of several gating factors to the next new gTLD application round under ICANN’s new bylaws and the old Affirmation of Commitments with the US government.
It published initial recommendations earlier this year. This new set of recommendations is now open for public comment until January 8.

Aussie gov refuses to spill the beans on ICANN vice chair’s firing

The Australian government has refused to release documents concerning alleged “financial irregularities” at local ccTLD manager auDA that have been linked to the firing of former CEO Chris Disspain.
A request under the Freedom of Information Act sought documents detailing Disspain’s March 2016 termination, as well as high levels of travel expenses and apparent under-reporting of “fringe benefit tax” under his watch.
The request was filed in September by by industry consultant Ron Andruff, who is known to have beef with Disspain after having been passed over for an important ICANN leadership role.
One of the specific documents sought by Andruff was an unpublished audit by PPB Advisory known to have uncovered slack historical expenses management practices and high levels of travel expenditure.
While rumors have circulated, there have been no substantiated allegations of wrongdoing by Disspain.
The Australian Department of Communications and the Arts told Andruff this weekend that 13 relevant documents had been identified and reviewed, but that all were exempt from disclosure under the FOI Act.
Reasons given include the right to privacy of the individual concerned and the fact that the information could fuel “unsubstantiated allegations of misconduct”.
The Department also thought that disclosing the documents could make it harder to it to obtain information from auDA in future, particularly relevant given that it recently kicked off a review of the organization.
While acknowledging there were some public interest reasons to publish the documents, on balance it said that the public interest reasons not to publish were more numerous.
auDA has been plagued by problems such as high turnover of staff and board, unpopular policies, and the member-instigated ouster of its chair, since Disspain left.
Separately, Disspain became ICANN’s vice chair earlier this month, having sat on the board for the last seven years as a representative of the ccTLD community.
He’s one of four community-nominated ICANN directors who have agreed to undergo the same background checks as their Nominating Committee-appointed counterparts, in part due to pressure applied by Andruff.
The FOI response can be viewed here (pdf).

Hurricane victims get a renewal pass under ICANN rules

ICANN has given registries and registrars the ability to delay the cancellation of domain names owned by victims of Hurricane Maria and other similar natural disasters.
In a note to contracted parties, published by Blacknight boss Michele Neylon this weekend, Global Domains Division president Akram Atallah said:

registrars will be permitted to temporarily forebear from canceling domain registrations that were unable to be renewed as a result of the natural disaster.

Maria and other hurricanes caused widespread damage to infrastructure in the Caribbean earlier this year — not to mention the loss of life — making it difficult for many people to get online to renew their registrations.
ICANN’s Registrar Accreditation Agreement ties registrars to a fairly strict domain name renewal and expiration life-cycle, but there’s a carve out for certain specified “extenuating circumstances” such as bankruptcy or litigation.
Atallah’s note makes it clear that ICANN considers hurricane damage such a circumstance, so its contractual compliance department will not pursue registrars who fail to expire domains on time when the registrant has been affected by the disaster.
He added that perhaps it’s time for the ICANN community to come up with a standardized policy for handling such domains. There’s already been mailing list chatter of such an initiative.
ICANN is heading to Puerto Rico, which was quite badly hit by Maria, for its March 2018 public meeting.
While attendees have been assured that the infrastructure is in place for the meeting to go ahead, large parts of the island are reportedly still without power.

Even post-Weinstein, no sexual harassment complaints at ICANN

There have been no formal complaints of sexual harassment in the ICANN community since the organization introduced a zero tolerance policy back in March, according to the Ombudsman.
That’s even after the current media storm about such behavior, precipitated by the revelations about movie producer Harvey Weinstein, which has given men and women in many industries the confidence to level accusations against others.
“There have been no complaints of sexual harassment since the implementation of the Community Anti-Harassment Policy nor the uptake of [post-Weinstein] media coverage,” ICANN Ombudsman Herb Weye told DI in response to an inquiry today.
The anti-harassment policy was adopted in March, and there have been three full, in-person ICANN meetings since then.
Face-to-face meetings are of course where one would expect to see such incidents, if any were to occur.
The policy bans everything from groping to wolf-whistling to dirty jokes to repeated, unwanted requests for dates.
At the time the policy was approved, ICANN general counsel John Jeffrey noted that there had been more than one such complaint since the infamous Cheesesandwichgate incident in March 2016.
No complaints since March does not necessarily mean no incidents, of course.
One recent recommendation to reform the office of the Ombudsman (or Ombudsperson, or simply Ombuds, in recent ICANN documentation) is to ensure a gender-mixed staff to perhaps make it more likely for issues related to gender to be reported.
A recent, non-scientific survey of ICANN participants found that about a third of women had knowledge or experience of sexism in the community.
Weye said that most complaints about non-sexual “harassment” occur at social events where alcohol is involved. He said that ICANN participants should be discreet when discussing “sensitive” cultural issues in such contexts, lest they inadvertently offend those within earshot.
There is “no place for disrespect in ICANN’s multi-cultural diverse environment” he said.