Afilias sues India to block $12 million Neustar back-end deal
Afilias has sued the Indian government to prevent it awarding the .in ccTLD back-end registry contract to fierce rival Neustar.
The news emerged in local reports over the weekend and appears to be corroborated by published court documents.
According to Moneycontrol, the National Internet Exchange of India plans to award the technical service provider contract to Neustar, after over a decade under Afilias, but Afilias wants the deal blocked.
The contract would also include some 15 current internationalized domain name ccTLDs, with another seven on the way, in addition to .in.
That’s something Afilias reckons Neustar is not technically capable of, according to reports.
Afilias’ lawsuit reportedly alleges that Neustar “has no experience or technical capability to manage and support IDNs in Indian languages and scripts and neither does it claim to have prior experience in Indian languages”.
Neustar runs plenty of IDN TLDs for its dot-brand customers, but none of them appear to be in Indian scripts.
NIXI’s February request for proposals (pdf) contains the requirement: “Support of IDN TLDs in all twenty two scheduled Indian languages and Indian scripts”.
I suppose it’s debatable what this means. Actual, hands-on, operational experience running Indian-script TLDs at scale would be a hell of a requirement to put in an RFP, essentially locking Afilias into the contract for years to come.
Only Verisign and Public Interest Registry currently run delegated gTLDs that use officially recognized Indian scripts, according to my database. And those TLDs — such as Verisign’s .कॉम (the Devanagari .com) — are basically unused.
Neither Neustar nor Afilias have responded to DI’s requests for comment today.
.in has over 2.2 million domains under management, according to NIXI.
Neustar’s Indian subsidiary undercut its rival with a $0.70 per-domain-year offer, $0.40 cheaper than Afilias’ $1.10, according to Moneycontrol.
That would make the deal worth north of $12 million over five years for Afilias and over $7.7 million for Neustar.
One can’t help but be reminded of the two companies’ battle over Australia’s .au, which Afilias sneaked out from under long-time incumbent Neustar late last year.
That handover, the largest in DNS history, was completed relatively smoothly a couple months ago.
In GDPR case, ICANN ready to fight Tucows to the bitter end
ICANN has appealed its recent court defeat as it attempts to force a Tucows subsidiary to carry on collecting full Whois data from customers.
The org said yesterday that it is taking its lawsuit against Germany-based EPAG to a higher court and has asked it to bounce the case up to the European Court of Justice, as the first test case of the new General Data Protection Regulation.
In its appeal, an English translation (pdf) of which has been published, ICANN argues that the Higher Regional Court of Cologne must provide an interpretation of GDPR in order to rule on its request for an injunction.
And if it does, ICANN says, then it is obliged by the GDPR itself to refer that question to the ECJ, Europe’s highest judicial authority.
The case concerns Tucows’ refusal to carry on collecting contact information about the administrative and technical contacts for each domain name it sells, which it is contractually obliged to do under ICANN’s Whois policy.
These are the Admin-C and Tech-C fields that complement the registrant’s own contact information, which Tucows is of course still collecting.
Tucows says that these extra fields are unnecessary, and that GDPR demands it minimize the amount of data it collects to only that which it strictly needs to execute the registration contact.
It also argues that, if the Admin-C and Tech-C are third parties, it has no business collecting any data on them at all.
According to Tucows legal filings, more than half of its 10 million domains have identical data for all three contacts, and in more than three quarters of cases the registrant and Admin-C are identical.
In its appeal, ICANN argues that the data is “crucial for the objectives of a secure domain name system, including but not limited to the legitimate purposes of consumer protection,
investigation of cybercrime, DNS abuse and intellectual property protection and law enforcement needs”.
ICANN uses Tucows’ own numbers against it, pointing out that if Tucow has 7.5 million domains with shared registrant and Admin-C data, it therefore has 2.5 million domains where the Admin-C is a different person or entity, proving the utility of these records.
It says that registrars must continue to collect the disputed data, at the very least if it has secured consent from the third parties named.
ICANN says that nothing in the Whois policy requires personal data to be collected on “natural persons” — Admin-C and Tech-C could quite easily be legal persons — therefore there is no direct clash with GDPR, which only covers natural persons.
Its appeal, in translation, reads: “the GDPR is irrelevant if no data about natural persons are collected. In this respect, the Defendant is contractually obliged to collect such data, and failure to do so violates its contract with the Applicant.”
It goes on to argue that even if the registrant chooses to provide natural-person data, that’s still perfectly fine as a “legitimate purpose” under GDPR.
ICANN was handed a blow last month after a Bonn-based court refused to give it an injunction obliging EPAG (and, by inference, all registrars) to continue collecting Admin-C and Tech-C.
The lower court had said that registrants would be able to continue to voluntarily provide Admin-C and Tech-C, but ICANN’s appeal points out that this is not true as EPAG is no longer requesting or collecting this data.
In ICANN’s estimation, the lower court declined to comment on the GDPR implications of its decision.
It says the appeals court, referred to in translation as the “Senate”, cannot avoid interpreting GDPR if it has any hope of ruling on the injunction request.
Given the lack of GDPR case law — the regulation has only been in effect for a few weeks — ICANN reckons the German court is obliged by GDPR itself to kick the can up to the ECJ.
It says: “If the Senate is therefore convinced that the outcome of this procedure depends on the interpretation of certain provisions of the GDPR, the Senate must refer these possible questions to the ECJ for a preliminary ruling”.
It adds that should a referral happen it should happen under the ECJ’s “expedited” procedures.
An ECJ ruling has been in ICANN’s sights for some time; late last year CEO Goran Marby was pointing out that a decision from the EU’s top court would probably be the only way full legal clarity on GDPR’s intersection with Whois could be obtained.
It should be pointed out of course that this case is limited to the data collection issue.
The far, far trickier issue of when this data should be released to people who believe they have a legitimate purpose to see it — think: trademark guys — isn’t even up for discussion in the courts.
It will be, of course. Give it time.
All of ICANN’s legal filings, in the original German and unofficial translation, can be found here.
Court denies ICANN’s GDPR injunction against Tucows
A German court has refused ICANN’s request for a GDPR-related injunction against Tucows’ local subsidiary EPAG, throwing a key prong of ICANN’s new Whois policy into chaos.
EPAG now appears to be free to stop collecting contact information for each domain’s administrative and technical contacts — the standard Admin-C and Tech-C fields.
The ruling may even leave the door open for registrars to delete this data from their existing Whois databases, a huge blow to ICANN’s Whois compliance strategy.
According to an ICANN-provided English translation of the ruling (pdf), the Bonn judges (whose names are redacted — another win for GDPR?) decided that the Admin-C and Tech-C records are unnecessary, because they can be (and usually are) the same person as the registrant.
The judges said that if the additional contact names were needed, it would have historically been a condition of registration that three separate people’s data was required.
They wrote that this “is proof that any data beyond the domain holder — different from him — was not previously necessary”.
“Against the background of the principle of data minimization, the Chamber is unable to see why further data sets are needed in addition to the main person responsible,” they wrote.
Data minimization is a core principle of GDPR, the General Data Protection Regulation, which came into force in the EU less than a week ago. Tucows and ICANN have different interpretations on how it should be implemented.
The judges said that the registrant’s contact information should be sufficient for any criminal or security-related investigations, which had been one of ICANN’s key claims.
They also said that ICANN’s attempt to compare Whois to public trademark databases was irrelevant, as no international treaties govern Whois.
If the ruling stands, it means registries and registrar in at least Germany could no longer have to collect Admin-C and Tech-C contacts.
Tucows had also planned to delete this data for its existing EPAG registrations, but had put its plan on hold ahead of the judge’s ruling.
The ruling also gives added weight to the part of ICANN’s registry and registrar agreements that require contracted parties to abide by local laws.
That’s at the expense of the new Temporary Policy governing Whois introduced two weeks ago, which still requires Admin-C and Tech-C data collection.
There was no word in ICANN’s statement on the ruling last night as to the possibility of appealing.
But the org seized on the fact that the ruling does not directly state that EPAG would be breaching GDPR rules by collecting the data. General counsel John Jeffrey is quoted as saying:
While ICANN appreciates the prompt attention the Court paid to this matter, the Court’s ruling today did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings. ICANN is continuing to pursue the ongoing discussions with the European Commission, and WP29 [the Article 29 Working Party], to gain further clarification of the GDPR as it relates to the integrity of WHOIS services.
Tucows has yet to issue a statement on the decision.
It may not be the last time ICANN resorts to the courts in order to seek clarity on matters related to GDPR and its new Temporary Policy.
Million-euro Tucows GDPR lawsuit may not be ICANN’s last
ICANN has filed a lawsuit against a Tucows subsidiary in Germany in an effort to resolve a disagreement about how new European privacy law should be interpreted, and according to ICANN’s top lawyer it may not be the last.
The organization said late Friday that it is taking local registrar EPAG to court in Bonn, asking that the registrar be forced to continue collecting administrative and technical contact information for its Whois database.
According to an English translation of the motion (pdf), and to conversations DI had with ICANN general counsel John Jeffrey and Global Domains Division president Akram Atallah over the weekend, ICANN also wants an injunction preventing Tucows from deleting these fields from current Whois records.
At its core is a disagreement about how the new General Data Protection Regulation should be interpreted.
Tucows plans to continue collecting the registrant’s personal information, but it sees no reason why it should also collect the Admin-C and Tech-C data.
Policy director Graeme Bunton argues that in the vast majority of cases the three records are identical, and in the cases they are not, the registrar has no direct contractual relationship with the named individuals and therefore no business storing their data.
ICANN counters that Admin-C and Tech-C are vital when domain owners need to be contacted about issues such as transfers or cyber-attacks and that the public interest demands such records are kept.
Its new Temporary Policy — which is now a binding contractual commitment on all registries and registrars — requires all this data to be collected, but Tucows feels complying with the policy would force it to break European law.
“Strategically, we wanted to make sure we don’t let the Whois and the pubic interest get harmed in a way that can’t be repaired,” Atallah said.
“The injunction is to actually stop any registrar from not collecting all the data and therefore providing the opportunity for the multistakeholder model to work and come up with a long-term plan for Whois,” he said. “”We don’t want to have a gap.”
Jeffrey said that the suit was also necessary because ICANN has not received sufficient GDPR guidance from data protection authorities in the EU.
EPAG is not the only registrar planning to make the controversial changes to data collection. There are at least two others, at least one of which is based in Germany, according to Jeffrey and Atallah.
The German ccTLD registry, DENIC, is not under ICANN contract but has also said it will no longer collect Admin-C and Tech-C data.
They may have all taken their lead from the playbook (pdf) of German industry group eco, which has been telling ICANN since at least January that admin and tech contacts should no longer be collected under GDPR.
That said, Tucows chief Elliot Noss is a vocal privacy advocate, so I’m not sure how much leading was required. Tucows was also a co-developer (pdf) of the eco model.
The injunction application was filed the same day GDPR came into effect, after eleventh-hour talks between ICANN legal and Tucows leadership including chief legal officer Bret Fausett hit an impasse.
Tucows has agreed to freeze its plan to delete its existing Admin-C and Tech-C stored data, however.
The suit has a nominal million-euro value attached, but I’m convinced ICANN (despite its budget crunch) is not interested in the money here.
It’s my sense that this may not be the last time we see ICANN sue in order to bring clarity to GDPR.
Recently, Jeffrey said that ICANN would not tolerate contracted parties refusing to collect full Whois data, and also that it would not tolerate it when they decline to hand the data over to parties with legitimate interests.
The German lawsuit does not address this second category of non-compliance.
But it seems almost certain to me that intellectual lawyers are just days or weeks away from starting to file compliance tickets with ICANN when they are refused access to this data, which could lead to additional litigation.
“Whether it would result in a lawsuit is yet to be determined,” Jeffrey told DI yesterday. “The normal course would be a compliance action. If people aren’t able to gain access to information they believe that they have a legitimate right to access they will file compliance complaints. Those compliance complaints will be evaluated.”
“If it’s a systematic decision not to provide that access, that would violate the [Temporary Policy],” he said. “If they indicated it was because of their interpretation of the law, then it could result in us asking questions of the DPAs or going to court if that’s the only action available.”
The injunction application is a “one-sided filing”, which Jeffrey tells me is a feature of German law that means the court could issue a ruling without requiring EPAG/Tucows to appear in court or even formally respond.
The dispute therefore could be resolved rather quickly — this week even — by the court of first instance, Jeffrey said, or it could be bounced up to the European Court of Justice.
Given how new GDPR is, and considering the wider implications, the latter option seems like a real possibility.
Famous Four chair pumps $5.4 million into AlpNames to settle COO lawsuit
Famous Four Media chair Iain Roache has bought out his former COO’s stake in AlpNames, its affiliated registrar, settling a lawsuit between the two men.
He’s acquired Charles Melvin’s 20% stake in the company for £3.9 million ($5.4 million), according to a press release.
A spokesperson confirmed that the deal settles a lawsuit in the companies’ home territory of Gibraltar, which we reported on in December.
Roache said in the press release that he has a plan to grow AlpNames into a “Tier 1 registrar”:
“I’ve got a 10 year strategic plan, which includes significant additional investment, to set the business up for future growth and success,” he said. “We’re going to bring the competition to the incumbents!”
AlpNames is basically the registrar arm of Famous Four, over the last few years supporting the gTLD portfolio registry’s strategy of selling domains in the sub-$1 range and racking up huge market share as a result.
But it’s on a bit of a slide, volume-wise, right now, as hundreds of thousands of junk domains are allowed to expire.
According to today’s press release, AlpNames has 794,000 gTLD domains under management. That’s a far cry from its peak of 3.1 million just under a year ago.
Seller Melvin, according to the press release, “has decided to pursue other interests outside of the domain name industry”.
It appears he left his COO job at Famous Four some time last year, and then sued Roache and CEO Geir Rasmussen (also an AlpNames investor) over a financial matter. Previous attempts to buy him out were rebuffed.
Last October, the Gibraltar court ruled that the defendants has supplied the court with “forged documents” in the form of inaccurately dated invoices between the registry and AlpNames.
The pair insisted to the court that the documents were an honest mistake and their lawyer told DI that there was no “forgery” in the usual sense of the word.
But it appears that Melvin’s split from the companies was less than friendly and the £3.9 million buyout should probably be viewed in that light.
Berkens sues Twitter over hacked account
Blogger and high-profile domain investor Mike Berkens of TheDomains.com has sued Twitter for allowing his account to be hacked and failing to rectify the problem.
As industry Twitter users will no doubt already be aware, Berkens’ account @thedomains came under the control of an unknown hacker on Friday last week.
The avatar was changed from the The Domains logo to the face of an East Asian man and tweets from the account began to sound out of character.
Despite the attack being reported to Twitter by Berkens and others (including yours truly), the account does not yet appear to have been returned to its proper owner.
In a complaint filed yesterday in Northern California, Berkens claims Twitter “still has done nothing to substantially acknowledge, investigate or respond to Plaintiffs’ complaint, and restore Plaintiffs’ access to the Account.”
The suit, which also names (as Does) the unknown hackers, has nine counts ranging from computer fraud to trademark infringement to negligence and breach of contract.
Berkens wants his account back, as well as damages. He’s currently tweeting from @thedomainscom as a temporary workaround.
The complaint, kindly donated by George Kirikos, can be read here (pdf).
.africa to finally go live after judge denies injunction
A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.
Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.
The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.
Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.
Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.
Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.
An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.
Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:
The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages
He balanced this against the harm of NOT delegating .africa:
The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.
So what now?
ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”
As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.
Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.
If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.
Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.
While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.
You can read Halm’s ruling here (pdf).
Donuts loses $22.5m .web lawsuit as judge rules gTLD applicants cannot sue
The promise not to sue ICANN that all new gTLD applicants made when they applied is legally enforceable, a California judge has ruled.
Judge Percy Anderson on Monday threw out Donuts’ lawsuit against ICANN over the controversial $135 million .web auction, saying the “covenant not to sue bars Plaintiff’s entire action”.
He wrote that he “does not find persuasive” an earlier and contrary ruling in the case of DotConnectAfrica v ICANN, a case that is still ongoing.
Donuts sued ICANN at first to prevent the .web auction going ahead.
The registry, and other .web applicants, were concerned that ultimately successful bidder Nu Dot Co was being covertly bankrolled by Verisign, which turned out to be completely correct.
Donuts argued that ICANN failed to adequately vet NDC to uncover its secret sugar daddy. It wanted $22.5 million from ICANN — roughly what it would have received if the auction had been privately managed, rather than run by ICANN.
But the judge ruled that Donuts’ covenant not to sue is enforceable. Because of that, he made no judgement on the merits of Donuts’ arguments.
Under the relevant law, Donuts had to show that the applicant contract was “unconscionable” both “procedurally” and “substantively”.
Basically, the question for the judge was: was the contract unfairly one-sided?
The judge ruled (pdf) that it was not substantively unconscionable and “only minimally procedurally unconscionable”. In other words: a bit crap, but not illegal.
He put a lot of weight on the fact that the new gTLD program was designed largely by the ICANN community and on Donuts’ business “sophistication”. He wrote:
Without the covenant not to sue, any frustrated applicant could, through the filing of a lawsuit, derail the entire system developed by ICANN to process applications for gTLDs. ICANN and frustrated applicants do not bear this potential harm equally. This alone establishes the reasonableness of the covenant not to sue.
Donuts VP Jon Nevett said in a statement yesterday that the fight over .web is not over:
Donuts disagrees with the Court’s decision that ICANN’s required covenant not to sue, while being unconscionable, was not sufficiently unconscionable to be struck down as a matter of law. It is unfortunate that the auction process for .WEB was mired in a lack of transparency and anti-competitive behavior. ICANN, in its haste to proceed to auction, performed only a slapdash investigation and deprived the applicants of the right to fairly compete for .WEB in accordance with the very procedures ICANN demanded of applicants. Donuts will continue to utilize the tools at its disposal to address this procedural failure.
It looks rather like we could be looking at an Independent Review Process filing, possibly the first to be filed under ICANN’s new post-transition rules.
Donuts and ICANN are already in the Cooperative Engagement Process — the mediation phase that usually precedes an IRP — with regards .web.
Second-placed bidder Afilias is also putting pressure on ICANN to overturn the results of the auction, resulting in a bit of a public bunfight with Verisign.
TL;DR — don’t expect to be able to buy .web domains for quite a while to come.
Judge says IANA transition suit unlikely to succeed
A Texas judge refused demands for a temporary restraining order preventing the IANA transition going ahead last weekend because the suing state attorneys general were unlikely to succeed at trial.
That was one of several reasons Judge George Hanks refused the TRO, which had been requested by the Republican AGs of Texas, Arizona, Oklahoma and Nevada.
Hanks’ order on the motion, which was published last night (pdf), said the AGs:
have not shown that there is a substantial likelihood that they will prevail on the merits of this case. Nor have they shown that there is a substantial threat that an irreparable injury will be suffered. Nor have they shown that the threated injury outweighs the threatened harm to the United States. Finally, they have not shown that granting the injunction will not disserve the public interest.
The lawsuit claims that the IANA transition, which involves the US government removing itself from its oversight roles of ICANN and DNS root zone management, represents a threat to free speech and to the stability of the .mil and .gov TLDs.
The eleventh-hour complaint was filed on Thursday, after attempts by Senator Ted Cruz and his allies to block the transition via a Congressional funding bill failed.
But Hanks ruled that the AGs claims about potential future harms amounted to no more than “speculation” and “hearsay”.
He wrote: “counsel’s statements of what ‘might’ or ‘could’ happen are insufficient to support the extraordinary relief sought in this case.”
He also pointed to one significant logical inconsistency in their argument:
Even if the Court were to find that some past harm or bad acts by the Internet Corporation for Assigned Names and Numbers (“ICANN”) impacted the interests of the States in their respective websites and alleged rights at interest, the Court notes that these past harms happened under the exact regulatory and oversight scheme that the States now seek to preserve. This, along with the lack of evidence regarding any predictable or substantially likely events, greatly undermines the States’ request for they relief they seek.
The AGs are reportedly considering their options following the ruling, and may appeal.
But another school of thought holds that the suit was largely a political gesture designed to creating talking points for the Republican party ahead of next month’s presidential election, and could be allowed to fade away.
ICANN handover in jeopardy as Texas leads lawsuit against US government
The state attorneys general of Texas, Arizona, Nevada and Oklahoma have sued the US Federal government to stop tomorrow’s planned IANA transition.
The 11th-hour suit seeks a court declaration that the transition would be unconstitutional and a temporary restraining order forcing the National Telecommunications and Information Administration to continue its oversight role.
It’s rooted in the conspiracy theories championed by the likes of Texas Senator Ted Cruz, who holds that allowing the NTIA to stop authorizing DNS root modifications is akin to handing broad internet censorship powers to Russia, China and Iran.
“Trusting authoritarian regimes to ensure the continued freedom of the internet is lunacy,” Texas Attorney General Ken Paxton said in a press release, losing about a thousand credibility points.
“The president does not have the authority to simply give away America’s pioneering role in ensuring that the internet remains a place where free expression can flourish,” he said.
The AGs reckon the remaining root zone partners, ICANN and Verisign, which are not bound by the First Amendment, could crack down on free speech.
The complaint states:
NTIA intends to delegate its approval authority over changes to the root zone file to ICANN and Verisign, and give these companies unbridled discretion to make changes to that file, with no substantive constraints on their decisions to grant or deny requests to alter the file that effectively enable or prohibit speech on the Internet.
Without the federal government approval authority, ICANN and Verisign have complete discretion to engage in this type of discrimination, and because these entities are private, citizens and States will not be able to use the democratic process
Citing the Property Clause of the U.S. Constitution, the AGs claim that the government does not have the authority to legally remove itself from oversight of the DNS root zone.
The DNS root is US property that cannot be disposed of without an act of Congress, the complaint alleges:
The Authoritative Root Zone File, the Internet Domain Name System as a whole, the exclusive right to approve changes to the root zone file, and the contracts NTIA administers in exercising control over them are property of the United States
The US Government Accountability Office told Cruz earlier this month that it was “doubtful” that it the transition requires the disposal of any US government property, in this report (pdf).
The AGs also reckon that if the US is no longer involved in root zone management, ICANN could delete .mil and .gov or transfer them to third parties.
The IANA contract between ICANN and NTIA is due to expire tomorrow night, ushering in a new era in which the global internet community becomes the back-stop preventing ICANN abusing its powers for Evil.
Cruz has been fighting against the transition for reasons best known to himself for months.
Most recently, he led an attempt to have a block on the transition included in a US federal funding bill, which wound up being passed yesterday with no such clause attached.
The four-state AG complaint can be read here (pdf).
Recent Comments