Group to seek .io TLD takeover after OECD human rights ruling
A group composed of displaced Chagossians will ask ICANN to redelegate the increasingly popular .io top-level domain, according to the group’s lawyer.
The move, still in its very early stages, follows a recent ruling under the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which mildly chastised the current registry, Identity Digital.
“The next move is domain reassignment,” lawyer Jonathan Levy, who brought the OECD complaint on behalf of the Chagos Refugees Group UK, told us. The proposed beneficiary would be “a group composed of Chagossians” he said.
.io is the ccTLD for the archipelago currently known as the British Indian Ocean Territory. It’s one of those Postel-era “Just Some Guy” developing-world delegations that pre-date ICANN.
But BIOT is a controversial territory. Originally the Chagos Archipelago, the few thousand original inhabitants were forced out by the UK government in the 1970s so the US military could build a base on Diego Garcia, the largest island.
Most of the surviving Chagossians and their descendants live in Mauritius, but have been fighting for their right to return for decades. In 2019, the UN ruled the UK’s current administration of BIOT is unlawful.
In recent years, since .io became popular, the ccTLD has become part of the fight.
The original and technically still-current registry for .io is a UK company called Internet Computer Bureau. ICB was acquired by Afilias in 2017 for $70 million. Afilias was subsequently acquired by Donuts, which is now called Identity Digital.
Corporate accounts filed by ICB name its ultimate owner as Beignet DTLD Holdings of Delaware, which appears to be a part of $2.21 billion private equity firm Ethos Capital, Identity Digital’s owner, which is co-managed by former ICANN CEO Fadi Chehadé.
None of these companies have a connection to BIOT beyond paying a local company called Sure (Diego Garcia) Limited for a mail-forwarding service. The only people believed to reside in the territory at all are US and UK military and contractors.
Levy, on behalf of the Chagossian refugees and a group of victims of cryptocurrency scams operated from .io domains, filed a complaint with the Ireland National Contact Point for the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct — basically a mediation service operated by the Irish government — seeking a share of the money from .io sales and/or redelegation.
According to its most-recent public accounts, ICB had turnover of £16.4 million ($19.8 million) in 2021, up from £12.8 million ($15.5 million) in 2020, but also had absolutely horrible gross margins for a registry with only one employee.
The company had cost of sales of £15.8 million and a gross margin of 3.58%. It pays no ICANN fees and the UK government receives no cut beyond the regular corporate tax ICB pays (about £26,000 in 2021).
The OECD’s Guidelines are voluntary guidelines that countries sign up to that are meant to guide how multinational companies behave with regards human rights and so on. Enforcement seems to be relatively toothless, with national NCPs only having the power to “recommend” actions.
In fact, Afilias declined to participate in mediation and appears to have received only a mild finger-wagging in the Irish NCP’s decision (pdf), which was published in September. One of its recommendations reads:
The NCP recommends that in cases in which a product, including a digital asset, is associated with long-running disputes regarding human rights, multinational enterprises should be able to demonstrate that they have carried out human rights due diligence
Levy thinks the NCP’s decision is a big deal, saying it means the OECD has validated the Chagossians’ concerns. Coupled with the UN sanction on the UK related to BIOT, he reckons it could play in their favor in a future redelegation request.
.io domain owners shouldn’t be too worried right now, however. Redelegation takes a very long time even when the losing party agrees, and it doesn’t tend to happen without the consent of the incumbent.
“Crimes against humanity” claims against Afilias
Donuts subsidiary Afilias has been accused of participating in “crimes against humanity” and imperialist “apartheid”, due to its management of the contested .io ccTLD.
A London-based lawyer has filed a complaint with the Organization for Economic Cooperation and Development, seeking either the redelegation of .io or a big chunk of its profits.
The complaint was filed on behalf of Crypto Currency Resolution Trust (CCRT), representing people allegedly ripped off by cryptocurrency scams on .io domains, and the Chagos Refugees Group UK (CRG UK).
The latter group represents some of the people forcibly deported from the Chagos Islands in the 1970s, when the British government evicted the entire native population to make way for a US military base on Diego Garcia, the largest island.
The islands were renamed the British Indian Ocean Territory and, in the early days of the DNS, became eligible for the ccTLD .io
The TLD was delegated by IANA to Paul Kane’s London-based outfit Internet Computer Bureau in 1997, in the pre-ICANN days when such decisions were made without very much oversight.
ICB was quietly bought by Afilias for $70 million in 2017, as I broke the following year.
In 2019, the International Court of Justice ruled that the UK’s continued administration of BIOT is unlawful, and that the territory should be returned to the Chagossians, but the current Conservative UK government has shown no indication that it plans to abide by that ruling.
The lawyer for the Chagossians, Jonathan Levy, now claims in his OECD complaint that for Afilias to continue to run .io — which he reckons brings in over €10 million a year — amounts to a human rights abuse in violation of OECD guidelines.
The complaint states:
The British military occupation of the Chagos Archipelago has been severe and resulted in the Chagossians wandering the globe as a displaced people deported from their homeland in a forcible exile reminiscent of British tactics also used on Irish home rule advocates in the 19th Century. It is just simply an outrage that an Irish multinational company is deliberately complicit in crimes against humanity and apartheid on behalf of one of last vestiges of British imperialism and apartheid.
While Levy recognizes on his blog that Afilias has been acquired by US-based Donuts, only Afilias and its subsidiaries in the UK and Ireland are named as respondents.
In a second prong of the attack, Levy claims that Afilias is somehow complicit in cryptocurrency frauds carried out using .io domains.
Blaming a registry for the actions of its registrants is pretty tenuous. Imagine if Verisign got blamed for every nefarious action carried out with a .com domain — there would not be enough lawyers in the world to handle that workload.
But Levy reckons .io is a special case because BIOT lacks law enforcement and because Afilias promotes .io as the best TLD for tech companies “knowing full well” it is often used for crypto fraud. The complaint reads:
Complaina[n]ts submit that while other general purpose domains like GLTD .com may have as much or even more crypto fraud, ccTLD .io is an exception because it represents a political entity with no permanent population and no companies law and no law enforcement. Consequently, unlike ccTLD .com or .net where US authorities may seize websites; .io criminals have little to fear as BIOT has no civil police force nor financial intelligence unit. ICB has promoted ccTLD .io to the tech community knowing full well it will be misused by a significant criminal element specializing in crypto assets.
This still feels pretty tenuous to me. You cannot evade the long arm of the law simply by registering on offshore domain.
Still, Levy’s asking for restitution in the form of a percentage of the ICB acquisition price, ongoing and backdated royalties from the sale of .io domains and, failing that, redelegation of the ccTLD to the Chagossian people.
While I think the notion of Donuts/Afilias actively abusing human rights is pretty weak, there’s no denying it’s the beneficiary of an historical wrong. Imagine how many credibility points it could earn by voluntarily negotiating a profit-share with the displaced Chagossians.
Most US presidential hopefuls use Whois privacy despite begging for cash
More than half of the remaining US presidential candidates could have risked losing their official campaign web sites under proposed Whois privacy rules.
Today I carried out Whois queries on all 18 candidates to discover that 10, or over 55%, use a Whois privacy service.
Of the three remaining Democrat candidates, only Bernie Sanders uses privacy. Martin O’Malley and Hillary Clinton do not.
Here’s a table of the Republican candidates and their chosen privacy services. N/A means their campaigns are using what appears to be genuine contact information.
[table id=38 /]
The results are interesting because rules under discussion at ICANN earlier this year — which are apparently still on the table in other international fora — would have banned the use of privacy services for commercial web sites that allow financial transactions.
All 18 candidates — even Trump — solicit donations on their campaign sites, and many sell T-shirts, bumper stickers and such.
Back in May, a minority of ICANN’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) were in favor of banning privacy for such registrants.
The rationale was that criminals, such as those selling counterfeit drugs, should not be allowed to mask their Whois details.
Judging by a working group report at the ICANN meeting in Dublin last month, the proposed new rules have been killed off by the PPSAI after a deluge of comments — around 22,000 — that were solicited by registrars and civil rights groups.
However, according to the Electronic Frontier Foundation, at the exact same time as the PPSAI was revealing its change of heart, the US government was pushing for virtually identical policy at a meeting of the OECD, the Organization for Economic Cooperation and Development.
The EFF says the proposed OECD Recommendation “would require domain name registration information to be made publicly available for websites that are promoting or engaged in commercial transactions with consumers.”
It’s remarkable that the US government is apparently pushing for rules that are being violated by most of its own hopeful commanders-in-chief as part of the democratic process.
Clearly, fake pharmacies are not the only class of crook to find value in privacy.
Recent Comments