First registry gets breach notice over new abuse rules
.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.
ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.
The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.
The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.
As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.
Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.
The registry “blatantly and repeatedly violated” these rules, according to ICANN.
.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.
The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.
Honey Salt stops responding to .sucks cybersquatting complaints
.sucks cybersquatter Honey Salt has stopped responding to UDRP and URS complaints related to the affiliated Everything.sucks web site.
Three UDRP decisions and one URS decisions resolved since early April have stated that the shadowy Turks & Caicos company defaulted or did not respond to the complaints.
It lost all four cases, all on pretty much the same grounds, losing its domains or having them suspended as a result.
Panelists concluded that while Everything.sucks presents itself as a grassroots free-speech wiki populated by user-generated content, in reality it’s just stuffed with undated, anonymous, context-free comments scraped from third-party web sites and designed to pressure brand owners into buying their .sucks domains.
Honey Salt has been hit with 19 UDPR and URS complaints covering 27 .sucks domains since last September. It’s lost all bar one of those that have been decided, an early UDRP in which the panelist bought its free-speech defense.
With the precedent that Everything.sucks is a cybersquatting enterprise pretty solidly set, it presumably doesn’t make much sense for Honey Salt to pay expensive lawyers to put up a defense any more.
In earlier cases, when Honey Salt was still responding, the company was represented by Orrick, Herrington & Sutcliffe, the US law firm that has also worked for .sucks registry Vox Populi.
PIR thinks 20-year domain regs are a good idea
Want to lock in the price of a .org domain for 20 years? Public Interest Registry thinks that might be a good idea.
In a blog post, head of policy Paul Diaz wrote:
PIR supports the ICANN community conducting policy work that could extend the maximum allowable registration term to 20 years. We’d look to ICANN to support the community’s policy work and, if consensus is reached, to change the longstanding ICANN policy that currently limits registration to 10 years uniformly across all registries.
Extending the maximum permitted reg/renewal to 20 years was suggested last week by ICANN’s Non-Commercial Stakeholders Group as one of a few ideas to protect registrants following PIR’s acquisition by for-profit investor Ethos Capital.
It’s worth drawing the distinction here that PIR is only saying it would support consensus policy work to introduce the new limit across all gTLDs, not just .org.
And it might be a bit of a pipe-dream anyway, at least in the short term.
ICANN’s volunteer community still languishes under its perpetual workload/burnout problems, and I doubt there’s a massive appetite to open up yet another Policy Development Process right now, particularly one with potentially significant technical and business model implications.
If a PDP were to open, why would the output limit regs to just 20 years? Why not 100? Why not make the limit arbitrary?
Diaz was less committal on NCSG’s suggestion that the Uniform Rapid Suspension process be removed from the .org contract, saying merely that PIR would comply with (not necessarily support) a consensus policy emerge removing URS from all gTLDs.
On NCSG’s demand that PIR/Ethos commit itself to freedom of speech in .org, Diaz noted that PIR has suspended 36,000 .org domains this year, almost all of which were due to technical abuse such as malware distribution, botnets and phishing.
Ten domains were suspended based on content, he wrote. Eight of those were publishing child abuse material and two were illegally selling opioids.
ICANN throws out second .org appeal, so URS stays
The Uniform Rapid Suspension process is to stay in .org, after the ICANN board of directors rejected an appeal from the Electronic Frontier Foundation.
The EFF had challenged the inclusion of URS in the recently renegotiated .org Registry Agreement, on the basis that the anti-cybersquatting system was designed for post-2012 new gTLDs and was never supposed to be deployed in legacy gTLDs such as .org.
In a Request for Reconsideration, the EFF had argued that ICANN had ignored the many commenters opposed to its inclusion in the contract, and that the board had shirked its duties by delegating the renegotiation to ICANN’s executive leadership.
But the board disagreed on both of these counts, saying in its resolution and accompanying 36-page analysis (pdf) that at no point had the organization broken its bylaws.
ICANN did not ignore the anti-URS comments, the board said, it simply decided that on balance the public interest was better served by having URS in the contract.
The Requestor has not demonstrated that ICANN Staff failed to seek or support broad participation, ascertain the global public interest, or act for the public benefit. To the contrary, ICANN org’s transparent processes reflect the Staff’s continuous efforts to ascertain and pursue the global public interest by migrating the legacy gTLDs to the Base RA.
Additionally, the board was well within its rights to delegate negotiation and approval of the RA to the CEO, the board decided. The fact that the EFF disagrees with that position does not amount to a basis of reconsideration, it found.
Since the EFF filed its RfR back in August, we’ve had the news of the $1.135 billion acquisition of .org manager Public Interest Registry by Ethos Capital, which will see it convert from a non-profit to a for-profit concern.
The EFF has since had the chance to put allegations to ICANN that its staff was aware of the deal before it was announced, and that the acquisition should have factored into its consideration of the RA renewal.
But ICANN flatly denies that it knew about the deal, which was announced four months after the renewal:
Since neither the Board nor ICANN Staff were aware of the PIR acquisition when the decision to renew the .ORG RA was made, there was no material information not considered, and therefore this is not a proper basis for reconsideration.
…
The Ethos Capital acquisition of PIR, which was announced more than four months after the execution of the .ORG Renewed RA, did not impact ICANN Staff’s determination that ICANN’s Mission and Core Values were best served by migrating the .ORG RA to the Base RA.
In conclusion, like almost all filers of RfRs, the EFF is SOL.
Another RfR, filed by the registrar NameCheap and related primary to .org pricing, was similarly rejected by ICANN’s board a few weeks ago.
ICANN is, however, currently quizzing Ethos and PIR seller ISOC for more details about the acquisition before it approves the change of contractor.
EFF becomes second to appeal new .org contract
The Electronic Frontier Foundation has appealed ICANN’s decision to add stronger trademark protection rules to .org.
The civil liberties organization has filed a Request for Reconsideration with ICANN, saying that the new .org contract should not oblige Public Interest Registry to implement the Uniform Rapid Suspension policy.
URS is a swifter, cheaper version of the anti-cybersquatting UDRP policy. It can lead to clear-cut cases of trademark-infringing domains being relatively quickly suspended, but not transferred.
But the EFF is worried that it could be abused to curtail free speech.
It said URS is “particularly dangerous for the many .org registrants who are engaged in an array of noncommercial work, including criticism of governments and corporations”.
URS was created via ICANN’s bottom-up, community-led policy-making process to apply to new gTLDs applied for in 2012, not legacy gTLDs such as .org, EFF argues,
Adding more rights protection to a legacy gTLD “should be initiated, if at all, through the multistakeholder policy development process, not in bilateral negotiations between a registry operator and ICANN staff”, the RfR states.
The EFF is also concerned that the new contract allows PIR to unilaterally create its own additional rights protection mechanisms.
I don’t think this is a new power, however. Remember when PIR proposed a “Copyright UDRP” a couple of years ago, evidently as a way to turf out The Pirate Bay? That plan was swiftly killed off after protests from, among others, the EFF.
The EFF’s reconsideration request (pdf) does not address the issue of price increase caps, which were removed in the new contract.
That more-controversial provision is already the subject of an RfR, filed by NameCheap last month.
Both RfRs will be dealt with by ICANN’s Board Accountability Mechanisms Committee before being passed to the full board.
Will ICANN take a bigger slice of the .com pie, or will .domainers get URS?
Will ICANN try to get its paws on some of Verisign’s .com windfall? Or might domainers get a second slap in the face by seeing URS imposed in .com?
With Verisign set to receive hundreds of millions of extra dollars due to the imminent lifting of .com price caps, it’s been suggested that ICANN may also financially benefit from the arrangement.
In a couple of blog posts Friday, filthy domain scalper Andrew Allemann said that ICANN will likely demand higher fees from Verisign in the new .com registry agreement.
Will it though? I guess it’s not impossible, but I wouldn’t say it’s a certainty by any means.
Verisign currently pays ICANN $0.25 per transaction, the same as almost all other gTLDs. Technically, there’s no reason this could not be renegotiated.
Putting aside some of the legacy gTLD contracts, I can only think of two significant cases of ICANN imposing higher fees on a registry.
The first was .xxx, which was signed in 2011. That called for ICM Registry, now part of MMX, to pay $2 per transaction, eight times the norm.
The rationale for this was that ICANN thought (or at least said it thought) that .xxx was going to be a legal and compliance minefield. It said it envisaged higher costs for overseeing the then-controversial TLD.
There was a school of thought that ICANN was just interested in opportunistically boosting its own coffers, given that ICM was due to charge over $60 per domain per year — at the time a ludicrously high amount.
But risk largely failed to materialize, and the two parties last year renegotiated the fees down to $0.25.
The second instance was .sucks, another controversial TLD. In that case, ICANN charged registry Vox Populi a $100,000 upfront fee and per-transaction fees of $1 per domain for the first 900,000 transactions, four times more than the norm.
While some saw this as a repeat of the .xxx legal arse-covering tactic, ICANN said it was actually in place to recoup a bunch of money that Vox Pop owner Momentous still owed when it let a bunch of its drop-catch registrars go out of business a couple years earlier.
While the .sucks example clearly doesn’t apply to Verisign, one could make the case that the .xxx example might.
It’s possible, I guess, that ICANN could make the case that Verisign’s newly regained ability to raise prices opens it up to litigation risk — something I reckon is certainly true — and that it needs to increase its fees to cover that risk.
It might be tempting. ICANN has a bit of a budget crunch at the moment, and a bottomless cash pit like Verisign would be an easy source of funds. A transaction fee increase of four cents would have been enough to cover the $5 million budget shortfall it had to deal with earlier this year.
On the other hand, it could be argued that ICANN demanding more money from Verisign would unlevel the playing field, inviting endless litigation from Verisign itself.
ICANN’s track record with legacy gTLDs has been to reduce, rather than increase, their transaction fees.
Pre-2012 gTLDs such as .mobi, .jobs, .cat and .travel have all seen their fees reduced to the $0.25 baseline in recent years, sometimes from as high as $2.
In each of these cases, the registries concerned had to adopt many provisions of the standard 2012 new gTLD registry agreement including, controversially, the Uniform Rapid Suspension service.
Domainers hate the URS, which gives trademark owners greater powers to take away their domains, and the Internet Commerce Association (under the previous stewardship of general counsel Phil Corwin, since hired by Verisign) unsuccessfully fought against URS being added to .mobi et al over the last several years, on the basis that eventually it could worm its way into .com.
I’m not suggesting for a moment that ICANN might reduce Verisign’s fees, but what if URS is the price the registry has to pay for its massive .com windfall?
It’s not as if Verisign has any love for domainers, despite the substantial contribution they make to its top line.
Since the NTIA deal was announced, it’s already calling them “scalpers” and driving them crazy.
ICA lost the .com price freeze fight last week, could it also be about to lose the URS fight?
.museum soon could be open to all (no haters please)
The 15-year-old .museum gTLD could soon be open to a great many more potential registrants, following an ICANN contract renewal.
The registry, MuseDoma, has negotiated a new Registry Agreement that rewrites eligibility rules to the extent that soon basically anyone should be able to register a name.
Since the gTLD went live back in 2002, it has been tightly restricted to legitimate museums and museum associations, as well as verifiable museum workers such as curators.
But the new proposed contract expands eligibility to “individuals with an interest or a link with museum profession and/or activity” and “bona fide museum users”.
It’s not at all clear how one proves they are a “bona fide museum user”, but the language suggests to me that the registry is likely to take registrants at their word and enforce some kind of post-registration review of how the domains are being used.
Indeed, the new contract contains the following new restriction:
Registration implies compliance with a fair use that only allows a use harmless to the image of museums and the community. Non-compliance will result in suspension or termination of the domain name.
So if you are fundamentally opposed to the idea of museums and want to set up a .museum web site trashing the entire concept, you probably won’t be allowed to.
Even though .museum was part of the “test-bed” application round from 2000, the proposed new contract has acquired chunks of the standard new gTLD RA from 2012.
As such, MuseDoma has agreed to take on the Uniform Rapid Suspension rights protection mechanism. This may prove somewhat controversial among those opposed to URS being “forced” on legacy gTLD registries before it has been approved as full ICANN policy.
The way ICANN fees are calculated — .museum’s flat fees are much lower — has not changed.
.museum has had a fairly steady 450 to 600 domains under management for the entirety of its existence.
The contract is open for public comment until October 3.
Verisign to keep price increase power under new .net contract
The wholesale price of a .net domain is likely to top $15 by 2023, under a proposed renewal of its ICANN contract revealed today.
ICANN-imposed price caps are staying in the new Registry Agreement, but Verisign retains the right to increase its fees by 10% in each of the six years of the deal’s lifespan.
But domain investors do have at least one reason to be cheerful — while the contract adds many features of the standard new gTLD registry agreement, it does not include a commitment to implement the Uniform Rapid Suspension anti-cybersquatting procedure.
The current .net annual fee charged to registrars is $8.95 — $8.20 for Verisign, $0.75 for ICANN — but Verisign will continue to be allowed to increase its portion by up to 10% a year.
That means the cost of a .net could hit $15.27 wholesale (including the $0.75 ICANN fee) by the time the proposed contract expires in 2023.
Verisign has form when it comes to utilizing its price-raising powers. It exercised all six options under its current contract, raising its share of the fee from $4.65 in 2011.
On the bright side for volume .net holders, the prices increases continue to be predictable. ICANN has not removed the price caps.
Also likely to cheer up domainers is the fact that there are no new intellectual property protection mechanisms in the proposed contract.
Several post-2000 legacy gTLDs have agreed to incorporate the URS into their new contracts, leading to outrage from domainer organization the Internet Commerce Association.
ICA is worried that URS will one day wind up in .com without a proper ICANN community consensus, opening its members up to more risk of losing valuable domains.
The fact that URS is not being slipped into the .net contract makes it much less likely to be forced on .com too.
But Verisign has agreed to several mostly technical provisions that bring it more into line with the standard 2012-round new gTLD RA.
For example, it appears that daily .net zone files will become accessible via ICANN’s Centralized Zone Data Service before the end of the year.
Verisign has also agreed to standardize the format of its data escrow, Whois and monthly transaction reports.
The company has also agreed to start discussions about handing .net over to an emergency back-end operator in the event it files for bankruptcy.
The current contract is due to expire at the end of June and the proposed new deal would kick in July 1.
It’s now open for public comment until June 13.
.xxx has its ICANN fees slashed and adopts URS
ICM Registry is to see its .xxx ICANN registry fees hugely reduced in contractual amendments approved by ICANN last week.
The changes also mean that .xxx will now become subject to the Uniform Rapid Suspension anti-cybersquatting mechanism, despite it being a pre-2012 gTLD.
.xxx becomes the latest pre-2012 gTLD to move to a contract more closely aligned with the standard Registry Agreement from the new gTLD program.
Under the complex new deal, its per-transaction fee could be reduced from $2 to $0.25 by mid-2018.
Its quarterly fixed fee will go up from $2,500 to $6,250.
ICM has also agreed to take on many aspects of the standard new gTLD Registry Agreement, the most controversial of which is the URS.
The domainer group the Internet Commerce Association was fiercely critical of this addition to the contract, as it has been when URS was brought to .jobs, .travel, .cat, .pro and .mobi.
ICA is largely concerned that URS will also be pushed upon Verisign’s .net, which is up for contract renewal this year, and eventually .com.
GNSO faces off with governments over IGO cybersquatting
A defiant ICANN working group looking at cybersquatting rules for intergovernmental organizations is sticking to its guns in an ongoing face-off with the Governmental Advisory Committee.
In a report published for public comment this week, the GNSO working group recommended that IGOs should be given the right to use the UDRP and URS rights protection mechanisms, despite not being trademark owners.
But the recommendations conflict with the advice of the GAC, which wants ICANN to create entirely new mechanisms to deal with IGO rights.
I explored a lot of the back story of this argument in two posts a few months ago, which I will not rehash here.
The latest development is the publication of the proposed initial report of the GNSO IGO-INGO Access to Curative Rights Protection Mechanisms Initial Report (pdf) for comment.
The WG was tasked with deciding whether changes should be made to UDRP and URS to help protect the names and acronyms of IGOs and INGOs (international non-governmental organizations).
For INGOs, including the special cases of the International Olympic Committee and the Red Cross/Red Crescent, it decided no changes and no new mechanisms are required, concluding:
Many INGOs already have, and do, enforce their trademark rights. There is no perceivable barrier to other INGOs obtaining trademark rights in their names and/or acronyms and subsequently utilizing those rights as the basis for standing in the existing dispute resolution procedures (DRPs) created and offered by ICANN as a faster and lower cost alternative to litigation. For UDRP and URS purposes they have the same standing as any other private party.
The case with IGOs is different, because using UDRP and URS requires complainants to agree that the panel’s decisions can be challenge in court, and IGOs by their nature have a special legal status that allows them to claim jurisdictional immunity.
The WG recommends that these groups should be allowed access to UDRP and URS if they have protection under Article 6ter of the Paris Convention, a longstanding international intellectual property treaty.
This rule would actually extend UDRP and URS to hundreds more IGO names and acronyms than the GAC has requested protection for, which is just a few hundred. WIPO’s 6ter database by contrast currently lists 925 names and 399 abbreviations.
To deal with the jurisdictional immunity problem, the WG report recommends that IGOs should be allowed to file cybersquatting complaints via a third-party “assignee, agent or licensee”.
It further recommends that if an IGO manages to persuade a court it has special jurisdictional immunity, having been sued by a UDRP-losing registrant, that the UDRP decision be either disregarded or sent back to the arbitration for another decision.
The recommendations with regard IGOs are in conflict with the recommendations (pdf) of the so-called “small group” — a collection of governments, IGOs, INGOs and ICANN directors that worked quietly and controversially in parallel with the WG to come up with alternative solutions.
The small group wants ICANN to create separate but “functionally equivalent” copies of the UDRP and URS to deal with cybersquatting on IGO name and acronyms.
These copied processes would be free for IGOs to use and, to account for the immunity issue, would not be founded in trademark law.
The WG recommendations are now open for public comment and are expected to be the subject of some debate at the March ICANN meeting in Copenhagen.
Recent Comments