PIR’s Diaz to leave domain industry
Public Interest Registry is losing its long-serving policy veep Paul Diaz, who will leave the company and domain industry later this year.
Currently VP of industry affairs, Diaz has been with the .org registry for 12 years, and had 12 years at Network Solutions before that.
A quarter-century in the domain industry should be enough for anyone, and PIR said in a blog post that Diaz “will be retiring from the industry” when he leaves PIR in July.
With his policy role, Diaz has held leadership positions in various ICANN committees, stakeholder groups and working groups over the years.
No excuses! PIR to pay for ALL registries to tackle child abuse
Public Interest Registry has announced that it will pay for all domain registries to receive alerts when child sexual abuse material shows up in their TLDs.
The non-profit .org operator said today that it will sponsor any registry — gTLD or ccTLD — that wants to sign up to receive the Domain Alerts service from the Internet Watch Foundation, the UK-based charity that tracks CSAM on the internet.
According to the IWF, only a dozen registries currently receive the service, PIR said.
“Our sponsorship will extend access to Domain Alerts to over a thousand TLDs at no cost enabling any interested registry to help prevent the display of criminal, abusive content on their domains,” the company said.
PIR didn’t say how much this is likely to cost it. IWF doesn’t publish its prices, but it seems only paying members usually receive the service. Its membership fees range from £1,000 ($1,259) to £90,000 ($113,372) a year, based on company size.
The partnership also means all registries will have free access to the IWF TLD Hopping List, which tracks CSAM “brands” as they move between TLDs whenever they are taken down by registries in a given jurisdiction.
IWF says that in 2022 it found 255,000 web pages hosting CSAM, spread across 5,416 domains. PIR says it has removed 5,700 instances of CSAM across its portfolio of TLDs over the last five years.
Namecheap sues ICANN over .org price caps
Namecheap has sued ICANN in California, asking a court to force the Org to revisit its decision to lift price caps on .org and .info domain names five years ago.
Registrar CEO Richard Kirkendall announced the suit on Twitter this afternoon:
Today we filed suit against @ICANN. After a previous ruling via a mediation process they have taken little action towards the recommendations of that ruling and so our hand has been forced to take this action. We feel that ICANN is in direct violation of their mandate and…
— Richard Kirkendall (@NamecheapCEO) February 5, 2024
The lawsuit follows an Independent Review Process case that Namecheap partially won in December 2022, where the panel said ICANN should hire an economist to look at whether price caps are a good idea before revisiting its decision to scrap them.
The panel found that the ICANN board of directors had shirked its duties to make the decision itself and had failed to act as transparently as its bylaws mandate.
Namecheap says that over a year after that decision was delivered, ICANN has not implemented the IRP panel’s recommendations, so now it wants the Superior Court in Los Angeles to hand down an injunction forcing ICANN to do so.
Before 2019, .org was limited to 10% price increases every year, but the cap was lifted, along with caps in .info and .biz, when ICANN renewed, standardized and updated the respective registries’ Registry Agreements.
After the decision was made to scrap .org price caps, despite huge public outrage, Namecheap rounded up its lawyers almost immediately.
The caps decision led to the ulimtately unsuccessful attempt by Ethos Capital to acquire Public Interest Registry, which runs .org.
Namecheap’s new lawsuit wants the judge to issue “an order directing ICANN to comply with the recommendations of the IRP Panel”.
That means ICANN’s board would be told to consider approaching PIR and .info registry Identity Digital to talk about reintroducing price caps, to hire the economist, and to modify its procedures to avoid any future transparency missteps.
Identity Digital keeps .org back-end deal
Public Interest Registry is to keep Identity Digital as its back-end registry services provider following a competitive RFP process, the organization announced today.
The deal’s highlight TLD is of course .org, with its 11 million domains, but it also includes the much smaller .charity, .foundation, .gives, .giving, .ngo, .ong, .орг, .संगठन , and .机构.
Identity Digital inherited the contract when it acquired Afilias a few years back. PIR announced the RFP back in March.
There’s no word on whether Identity Digital is taking a pay cut as a result of the competitive process, but it should become clear when non-profit PIR eventually publishes its tax returns.
Red Cross gets takedown powers over .org domains
Public Interest Registry has inked a first-of-its kind domain takedown partnership with the American Red Cross.
The deal gives the Red Cross a “trusted notifier” status, meaning it will have a special channel to report fraudulent fundraising sites with domains, which PIR can then suspend at the registry level.
It’s designed mainly to quickly tackle fraud sites that spring up to exploit people’s good will in the aftermath of natural disasters to which the Red Cross would typically respond to.
It’s particularly relevant not only due to the size of PIR’s flagship .org, but also due to its recent takeovers of gTLDs including .charity and .giving.
PIR said the partnership is only for such cases, and would not permit the Red Cross to take down criticism or satire. It also said there’s an appeals process for registrants whose names are suspended.
Trusted notifier schemes are not uncommon among the larger registries, but they typically focus on Big Copyright and organizations that fight child sexual abuse material online.
.org back-end contract up for grabs
Public Interest Registry has started vetting potential registry service provider replacements for Identity Digital, ahead of a formal request for proposals later this year.
The company said this week that in order to run .org’s back-end, which would have to support almost 11 million domains, an RSP would have to hit a list of high-end criteria.
Candidates will have to have seven years experience running an RSP across multiple TLDs, with at least three registry clients, over 500,000 domains, and at least 25 ICANN-accredited registrars on its books, among other items.
That narrows the field down to probably fewer than a dozen companies. The likes of GoDaddy, CentralNic, Verisign, ZDNS, Tucows and Nominet would all presumably qualify, along with Identity Digital itself.
If a transition to a new RSP were to happen, it would be the largest TLD back-end migration in history by a considerable margin. The largest to date was the 3.1 million names that moved from Neustar (now GoDaddy) to Afilias (now Identity Digital) in 2018.
The .org migration from Verisign to PIR in 2003 was when .org was substantially smaller, at 2.7 million names.
According to PIR’s most-recent tax return, Afilias was paid $15.6 million in 2021 for registry services.
PIR said in 2021 that it expects to issue the RFP in the second half of 2023.
IRP panel tells ICANN to stop being so secretive, again
ICANN’s dismal record of adverse Independent Review Process decisions continued last week, with a panel of arbitrators telling the Org to shape up its transparency and decision-making processes.
The panel has essentially ruled that ICANN did everything it could to be a secretive as possible when it decided to remove price controls from its .org and .info registry contracts in 2019.
This violated its bylaws commitments to transparency, the IRP panel found, at the end of a legal campaign by Namecheap commenced over three years ago.
Namecheap wanted the agreements with the two registries “annulled”, but the panel did not go that far, instead merely recommending that ICANN review its decision and possibly enter talks to put the price caps back.
But the decision contains some scathing criticisms of ICANN’s practice of operating without sufficient public scrutiny.
Namecheap had argued that ICANN broke its bylaws by not only not applying its policies in a non-discriminatory manner, but also by failing to adequately consult with the community and explain its decision-making.
The registrar failed on the first count, with the IRP panel ruling that ICANN had treated registry contract renegotiations consistently over the last 10 years — basically trying to push legacy gTLDs onto the 2012-round base Registry Agreement.
But Namecheap succeeded on the second count.
The panel ruled that ICANN overused attorney-client privilege to avoid scrutiny, failed to explain why it ignored thousands of negative public comments, and let the Org make the price cap decision to avoid the transparency obligations of a board vote.
Notably, the panel unanimously found that: “ICANN appears to be overusing the attorney-client privilege to shield its internal communications and deliberations.”
As one example, senior staffers would copy in the legal team on internal communications about the price cap decision in order to trigger privilege, meaning the messages could not be disclosed in future, the decision says.
ICANN created “numerous documents” about the thinking that went in to the price cap decision, but disclosed “almost none” of them to the IRP due to its “overly aggressive” assertion of privilege, the panel says.
As another example, staffers discussed cutting back ICANN’s explanation of price caps when it opened the subject to public comment, in order to not give too much attention to what they feared was a “hot” and “sensitive” topic.
ICANN’s failure to provide an open and transparent explanation of its reasons for rejecting public comments opposing the removal of price controls was exacerbated by ICANN’s assertion of attorney-client privilege with respect to most of the documents evidencing ICANN’s deliberations…
ICANN provided a fairly detailed summary of the key concerns about removing price caps, but then failed to explain why ICANN decided to remove price caps despite those concerns. Instead, ICANN essentially repeated the explanation it gave before receiving the public comments.
The panel, which found similar criticisms in the earlier IRP of Dot Registry v ICANN, nevertheless decided against instructing ICANN to check its privilege (to coin a phrase) in future, so the Org will presumably be free to carry on being as secretive as normal in future.
Namecheap also claimed that ICANN deliberately avoided scrutiny by allowing Org to remove the price caps without a formal board of directors resolution, and the panel agreed.
The Panel finds that of the removal of price controls for .ORG, .INFO, and .BIZ was not a routine matter of “day-to-day operations,” as ICANN has asserted. The Price Cap Decision was a policy matter that required Board action.
The panel notes that prior to the renewal of .org, .info and .biz in 2019, all other legacy gTLD contracts that had been renewed — including .pro, which also removed price caps — had been subject to a board vote.
“ICANN’s action transitioning a legacy gTLD, especially one of the three original gTLDs (.ORG), pursuant to staff action without a Board resolution was unprecedented,” the panel writes.
Quite why the board never made a formal resolution on the .org contract is a bit of a mystery, even to the IRP panel, which cites lots of evidence that ICANN Org was expecting the deal to go before the board as late as May 13, 2019, a month before the anticipated board vote.
The .org contract was ultimately signed June 30, without a formal board resolution.
(Probably just a coincidence, but Ethos Capital — which went on unsuccessfully to try to acquire .org registry Public Interest Registry from ISOC later that year — was formed May 14, 2019.)
The IRP panel notes that by avoiding a formal board vote, ICANN avoided the associated transparency requirements such as a published rationale and meeting minutes.
The panel in conclusion issued a series of “recommendations” to ICANN.
It says the ICANN board should “analyze and discuss what steps to take to remedy both the specific violations found by the Panel, and to improve its overall decisionmaking process to ensure that similar violations do not occur in the future”.
The board “should consider creating and implementing a process to conduct further analysis of whether including price caps in the Registry Agreements for .ORG and .INFO is in the global public interest”
Part of that process should involve an independent expert report into whether price caps are appropriate in .info and especially .org.
If it concludes that price controls are good, ICANN should try to amend the two registry agreements to restore the caps. If it does not conduct the study, it should ask the two registries if they want to voluntarily restore them.
Finally, the panel wrote:
the Panel recommends that the Board consider revisions to ICANN’s decision-making process to reduce the risk of similar procedural violations in the future. For example, the Board could adopt guidelines for determining what decisions involve policy matters for the Board to decide, or what are the issues on which public comments should be obtained.
ICANN is on the hook to pay the panel’s fees of $841,894.76.
ICANN said in a statement that it is “is in the process of reviewing and evaluating” the decision and that the board “will consider the final declaration as soon as feasible”.
Namecheap says it won legal fight over .org price caps
Namecheap claims to have won a fight against ICANN over the lifting of contractual price caps in .org and .info back in 2019.
The two parties have been battling it out for almost three years in an Independent Review Process case over ICANN’s decision to allow the .info and .org registries to increase their prices by as much as they want.
Namecheap now claims the decision has been delivered and “the IRP panel decided that ICANN had, indeed, violated its Bylaws and Articles of Incorporation and that ICANN’s decision to remove the price caps was invalid.”
The registrar also says it failed in its attempt to have a similar ruling with regrds the .biz TLD, but it’s not clear why.
Neither party has yet published the decision in full (ICANN is likely redacting it for publication as I type), and ICANN has yet to make a statement, so we only have Namecheap’s interpretation to go on.
It seems the IRP panel disagreed with ICANN that it was within its staff’s delegated powers to renegotiate the price provisions of the contracts without input from the board of directors.
Rather, there should be a open and transparent process, involving other stakeholders, for making such changes, the panel said according to Namecheap.
What the panel does not appear to have said is that the price caps can be unilaterally restored to the contracts. Rather, it seems to suggest a combination of voluntary reinstatements, expert competition reviews, and bilateral renegotiations.
The decision also seems to say that price controls are more important in .org than .info, due to its not-for-profit nature, which flies in the face of ICANN’s long-term push to standardize its contracts to the greatest extent possible.
The row over .org pricing emerged shortly before the ultimately unsuccessful takeover attempt of Public Interest Registry by for-profit private equity firm Ethos Capital was announced. Ethos had planned to raise prices, but PIR, still a non-profit owned by the Internet Society, to date has not.
Namecheap’s IRP claims related to ICANN’s handling of that acquisition attempt were thrown out in 2021.
.info was an Afilias TLD when the IRP was filed but is now Ethos-owned Identity Digital’s biggest gTLD following consolidation.
I’ll have more on this story after the full decision is made public.
PIR will launch .giving next month with unusual landrush rules
Public Interest Registry has revealed the launch dates for its recently acquired gTLD .giving, and it seems the former registry will also play a prominent role.
PIR has told ICANN it will run .giving’s sunrise period from October 13 to December 13. It’s an “end date” sunrise, where domains are only allocated at the end of the period, but the criteria for resolving competing claims is first-come-first-served.
The landrush period will run from December 20 to January 20, but there’s an unusual twist requiring registrants to buy, or at least “evaluate”, an e-commerce service:
As a condition to registering a domain name in the .GIVING during Landrush (December 20, 2022 through January 20, 2023), you agree that by registering your domain name, you represent and warrant that: (a) you currently use one of Blackbaud’s digital giving solutions or will evaluate the free Giving Checkout solution offered by JustGiving from Blackbaud available at this link and (b) you acknowledge and agree that the Registry or the registrar can cancel the registration of the domain name if your warranty is found to be untrue, incomplete, incorrect, or misleading.
Blackbaud is the company that operates JustGiving, a fund-raising web site chiefly popular in the UK. It was also the original registry for .giving, although of course it never actually launched the TLD.
PIR says general availability will begin January 20. It appears there will be six premium-price tiers, but renewals will be at the regular fee.
DNSAI to name most-abused registries, registrars
The DNS Abuse Institute is to start publishing monthly reports that name the registries and TLDs with the highest level of abuse.
The organization’s Intelligence service is expected to land in September, a little later than was previously expected, according to a blog post from director of policy and programs Rowena Schoo.
DNSAI has partnered with Kor Labs, a project out of the Grenoble Institute of Technology, to supply the data, which will cover phishing and malware domains and differentiate between malicious registrations and compromised sites.
The Institute doesn’t consider spam DNS abuse unless it is used as a delivery mechanism for other types of abuse, in line with ICANN’s definition.
The decision to actually name (and in some cases, we should assume, shame) registries and registrars is an unusual one. Other, similar efforts tend to keep the data anonymous.
“We want to understand abuse persistence and whether it has been appropriately mitigated by registrars,” Schoo wrote.
DNSAI is a project primarily backed by .org manager Public Interest Registry.
Recent Comments