Group to seek .io TLD takeover after OECD human rights ruling
A group composed of displaced Chagossians will ask ICANN to redelegate the increasingly popular .io top-level domain, according to the group’s lawyer.
The move, still in its very early stages, follows a recent ruling under the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which mildly chastised the current registry, Identity Digital.
“The next move is domain reassignment,” lawyer Jonathan Levy, who brought the OECD complaint on behalf of the Chagos Refugees Group UK, told us. The proposed beneficiary would be “a group composed of Chagossians” he said.
.io is the ccTLD for the archipelago currently known as the British Indian Ocean Territory. It’s one of those Postel-era “Just Some Guy” developing-world delegations that pre-date ICANN.
But BIOT is a controversial territory. Originally the Chagos Archipelago, the few thousand original inhabitants were forced out by the UK government in the 1970s so the US military could build a base on Diego Garcia, the largest island.
Most of the surviving Chagossians and their descendants live in Mauritius, but have been fighting for their right to return for decades. In 2019, the UN ruled the UK’s current administration of BIOT is unlawful.
In recent years, since .io became popular, the ccTLD has become part of the fight.
The original and technically still-current registry for .io is a UK company called Internet Computer Bureau. ICB was acquired by Afilias in 2017 for $70 million. Afilias was subsequently acquired by Donuts, which is now called Identity Digital.
Corporate accounts filed by ICB name its ultimate owner as Beignet DTLD Holdings of Delaware, which appears to be a part of $2.21 billion private equity firm Ethos Capital, Identity Digital’s owner, which is co-managed by former ICANN CEO Fadi Chehadé.
None of these companies have a connection to BIOT beyond paying a local company called Sure (Diego Garcia) Limited for a mail-forwarding service. The only people believed to reside in the territory at all are US and UK military and contractors.
Levy, on behalf of the Chagossian refugees and a group of victims of cryptocurrency scams operated from .io domains, filed a complaint with the Ireland National Contact Point for the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct — basically a mediation service operated by the Irish government — seeking a share of the money from .io sales and/or redelegation.
According to its most-recent public accounts, ICB had turnover of £16.4 million ($19.8 million) in 2021, up from £12.8 million ($15.5 million) in 2020, but also had absolutely horrible gross margins for a registry with only one employee.
The company had cost of sales of £15.8 million and a gross margin of 3.58%. It pays no ICANN fees and the UK government receives no cut beyond the regular corporate tax ICB pays (about £26,000 in 2021).
The OECD’s Guidelines are voluntary guidelines that countries sign up to that are meant to guide how multinational companies behave with regards human rights and so on. Enforcement seems to be relatively toothless, with national NCPs only having the power to “recommend” actions.
In fact, Afilias declined to participate in mediation and appears to have received only a mild finger-wagging in the Irish NCP’s decision (pdf), which was published in September. One of its recommendations reads:
The NCP recommends that in cases in which a product, including a digital asset, is associated with long-running disputes regarding human rights, multinational enterprises should be able to demonstrate that they have carried out human rights due diligence
Levy thinks the NCP’s decision is a big deal, saying it means the OECD has validated the Chagossians’ concerns. Coupled with the UN sanction on the UK related to BIOT, he reckons it could play in their favor in a future redelegation request.
.io domain owners shouldn’t be too worried right now, however. Redelegation takes a very long time even when the losing party agrees, and it doesn’t tend to happen without the consent of the incumbent.
Identity Digital keeps .org back-end deal
Public Interest Registry is to keep Identity Digital as its back-end registry services provider following a competitive RFP process, the organization announced today.
The deal’s highlight TLD is of course .org, with its 11 million domains, but it also includes the much smaller .charity, .foundation, .gives, .giving, .ngo, .ong, .орг, .संगठन , and .机构.
Identity Digital inherited the contract when it acquired Afilias a few years back. PIR announced the RFP back in March.
There’s no word on whether Identity Digital is taking a pay cut as a result of the competitive process, but it should become clear when non-profit PIR eventually publishes its tax returns.
Second DNSSEC screw-up takes down Aussie web sites
.au domains failed to resolve for many internet users for almost an hour on Monday, after the registry operator messed up a DNSSEC update.
ccTLD overseer auDA said the issue was caused by a “key re-signing process that generated an incorrect record”. Users on ISPs that strictly enforce DNSSEC would have returned not-found errors for .au domains during the outage.
.au’s technical back-end is managed by Identity Digital, which reportedly said that the outage lasted from 0005 UTC until 0052 UTC.
With over four million domains, .au is I believe the largest TLD zone to fall victim to DNSSEC-related downtime, but it’s not the first time it has happened to the domain.
In March 2022, thousands of .au domains were affected by a DNSSEC snafu that lasted a few hours.
DNSSEC is meant to make the DNS more secure by reducing the risk of man-in-the-middle attacks, but it’s appears to be easy to screw up, judging by a list of TLD outages. Just this year, Mexico, New Zealand and Venezuela have also suffered downtime.
Four more years for Identity Digital in Oz
Identity Digital has won another fours years as .au registry back-end provider.
Australian ccTLD manager auDA said the reappointment was decided after an open Request for Tender process that started in May.
It’s not clear how many other registries responded, but there’s a limited pool of companies that have a proven track record of handling such a large zone.
When .au moved from Neustar (now part of GoDaddy) to Afilias (now part of Identity Digital) in 2018 it was the largest back-end migration in the history of the DNS.
Back then, .au had 3.1 million domains under management. Now, following the release of second-level names last year, it’s closer to 4.3 million. Another migration would have been another record-breaker.
auDA said dentity Digital’s next four-year contract begins July 1 next year, with a two-year extension option.
Identity Digital is gobbling up Verisign’s back-end business
Verisign appears to be getting out of the new gTLD back-end registry services business, with Identity Digital taking over most of its dot-brand contracts.
Since 2018, over 80 gTLDs have moved from Verisign’s back-end to a competitor or have been removed from the DNS altogether. Over the same period, it hasn’t won any business from any of its rivals, according to data I’ve compiled.
Over the last few months about 30 new gTLDs have moved their technical back-end from Verisign to competitors, all but two to Identity Digital. Nominet and CIRA picked up a gTLD deal each.
Verisign tells me it’s not interested in providing new gTLD back-end services any more. A Verisign spokesperson said in an email:
In the case of the back-end services we provide to new gTLDs, we continually evaluate our business objectives and a few years ago, we decided that we would not be renewing our current new gTLD registry services customers and that we would help them transition before their contracts expired if they wished.
gTLDs moving home recently include .bosch, .crown, .chanel, .next, .nikon, .juniper and .fidelity.
Given the sheer number of gTLDs going to Identity Digital, it appears that there may be a side deal between the two registries to recommend migration to ID, but both companies declined to comment on that suggestion.
In 2012, Verisign had signed on to be the back-end for 220 new gTLDs, mostly dot-brands. Not all of those made it through the application process, but today my database has the company as RSP-of-record for fewer than 80 2012-round labels.
The company was said to be among the priciest option for dot-brands, trading on decades of .com uptime prestige, but the need for an RSP with 150 million domains under management is debatable when your gTLD is essentially just parked.
And for Verisign, the dot-brand business is not material to revenues and probably not especially profitable, at least when compared to the vast amounts of cash .com effortlessly generates.
In 2021, Verisign lost its deal to manage .tv to GoDaddy, after it declined to compete presumably due to the anticipated lower profit margins.
Three more straggler new gTLDs coming soon
Three more new gTLDs from three different registries are set to launch this (northern hemisphere) summer.
Identity Digital is gearing up to launch .watches in June, while newcomer Digity will launch .case in July and Intercap will launch .box in August, according to ICANN records.
.watches was bought from luxury goods maker Richemont, which hadn’t used it, in 2020. It’s currently in sunrise and will go to general availability June 7.
Digity, which is affiliated with the registrar Sav, bought .case from CentralNic, which in turn bought it from industrial machinery maker CNH Industrial. It was a dot-brand, but will be repurposed as an open generic targeting the legal field.
Intercap is planning to start .box’s sunrise August 9 and go to general availability the following month, September 13. The gTLD was originally bought for $3 million before Intercap acquired it in 2020.
.org back-end contract up for grabs
Public Interest Registry has started vetting potential registry service provider replacements for Identity Digital, ahead of a formal request for proposals later this year.
The company said this week that in order to run .org’s back-end, which would have to support almost 11 million domains, an RSP would have to hit a list of high-end criteria.
Candidates will have to have seven years experience running an RSP across multiple TLDs, with at least three registry clients, over 500,000 domains, and at least 25 ICANN-accredited registrars on its books, among other items.
That narrows the field down to probably fewer than a dozen companies. The likes of GoDaddy, CentralNic, Verisign, ZDNS, Tucows and Nominet would all presumably qualify, along with Identity Digital itself.
If a transition to a new RSP were to happen, it would be the largest TLD back-end migration in history by a considerable margin. The largest to date was the 3.1 million names that moved from Neustar (now GoDaddy) to Afilias (now Identity Digital) in 2018.
The .org migration from Verisign to PIR in 2003 was when .org was substantially smaller, at 2.7 million names.
According to PIR’s most-recent tax return, Afilias was paid $15.6 million in 2021 for registry services.
PIR said in 2021 that it expects to issue the RFP in the second half of 2023.
Identity Digital hit by failure of Silicon Valley Bank
Identity Digital, which runs hundreds of gTLDs, has warned its network of registrars not to send payments to its Silicon Valley Bank account.
SVB, America’s 16th-largest bank, was shut down on Friday by US financial regulators after a run on deposits. The failure has been described as the largest since the 2008 financial crisis.
Identity Digital told registrars yesterday that it was an SVB customer, but said “our exposure is very limited and we remain committed to serving our customers, employees, and vendors without interruption.”
Nevertheless, it asked partners to direct payments instead to its HSBC bank account.
SVB also provided ID, then Donuts, with a $110 million credit facility in 2017, which it used to fund its $213 million acquisition of Rightside.
The failure of SVB was so worrying that US President Joe Biden yesterday morning took to the airwaves to reassure customers that their deposits were safe and the banking system stable.
Identity Digital to launch .watches this month
Identity Digital has announced the launch timetable for its .watches gTLD.
Sunrise will kick off on March 28, running for two months until May 27. This is the period where only registered trademark owners can apply for a name.
The Early Access Program, in which names carry a premium price that decreases every day for a week, will run from May 31 to June 7, immediately after which the gTLD will enter general availability.
Despite the fact that .watches has been live in the DNS since December 2015, there are no registered domains so far.
The original registry was luxury goods maker Richemont, an early proponent of new gTLDs that ultimately lost interest and offloaded its portfolio, including the Chinese version of .watches, over the years.
.watches was sold to Afilias in late 2020, shortly before that company is turn was acquired by Donuts, since rebranded Identity Digital.
IRP panel tells ICANN to stop being so secretive, again
ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.
The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.
This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.
Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.
But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.
Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.
The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.
But Namecheap succeeded on the second count.
The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.
Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”
As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.
ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.
As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.
ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…
ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.
The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.
Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.
The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.
The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.
“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.
Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.
The .org contract was ultimately signed June 30, without a formal board resolution.
(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)
The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.
The panel in conclusion issued a series of “recommendations” to ICANN.
It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.
The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”
Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.
If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.
Finally, the panel wrote:
the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.
ICANN is on the hook to pay the panel’s fees of $841,894.76.
ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.
Recent Comments