News and Updates

Most Employees in Rural America Can't Work From Home Due to Lack of Required Broadband Speeds

Domain industry news - Thu, 2020-03-12 16:06

One of the hottest topics in the news related to coronavirus is working from home. Companies of all sizes are telling employees to work from home as a way to help curb the spread of the virus. Companies without work-at-home policies are scrambling to define how to make this work to minimize disruption to their business.

Allowing employees to work at home is not a new phenomenon. Most large corporations have some portion of the workforce working at home at least part-time. Studies have shown that home-based employees are often more productive than those working in the office. Those working at home enjoy big savings, both in dollars and time, from not commuting to an office.

There are a few communities around the country that have offered incentives to attract employees who work from home. The first such program I heard of was in 2018, where Vermont offered a cash incentive of between $5,000 and $10,000 for families with a home-worker to relocated to the state. The state has an aging population and wanted to attract families with good incomes to help energize the local economy. The state recognized that the long-term local benefits to the state from attracting high-paying jobs is worth a lot more than the cash incentive they are offering.

Since then, other communities have tried the same thing. I recently read about a similar effort in Tulsa, Oklahoma, which has been watching its population drop since 2016. In Tulsa, a foundation is fronting the $10,000 payments used to attract home workers to the community. There is a similar program in Topeka, Kansas and northwest Alabama.

I've been working from home for twenty years, and during that time, I've seen a big shift in the work-from-home movement. When I first worked from home, I didn't know anybody else who was doing so. Over time that has changed, and in my current neighborhood, over a third of the homes on my block include at least one adult working from home. According to Bloomberg, about 4% of the full-time workforce, not counting self-employed people, now work from home. Adding in self-employed people means that work-from-home is a major segment of the economy.

Wall Street seems to have recognized the value of working at home. As I write this article the Dow Jones average has dropped over 11% since February 14th. During that same time, the stock price of Zoom, a company that facilitates remote meetings, has climbed over 27%.

I'm sure that most of the people being sent home to work are going to eventually return to the office. However, this current crisis is likely to make many companies reexamine their work-from-home philosophy and policies. Companies that allow people to work from home, at least part-time, are going to be the least disrupted by future economic upheavals.

If you read my blog regulatory, you knew what's coming next. The one group of people who can't work from home are those who can't get a decent home broadband connection. Huge numbers of rural homes in the country still have no broadband option or can only buy broadband that is not sufficient for working from home. Most corporations test the home broadband connection before letting employees work from home, and homes can be disqualified due to poor download speed, poor upload speed, or poor latency. A home broadband connection that meets the FCC definition of broadband at 25/3 Mbps might still be deemed by a corporation to be inadequate for working from home.

My consulting firm CCG talked to a homeowner this week who moved to a rural area looking for an improved lifestyle. The wife works from home, and before they bought the new home, they were assured that the broadband there was fast enough to support work at home. It turns out the home is served by a WISP that is delivering less than the advertised speed, and that working from home is impossible in the new home. This family is now facing a crisis caused by lack of good broadband — and there may be no solution for their problem.

Sadly, a whole lot of America is losing economically by not being able to attract and support good-paying jobs from those working at home. If a city like Tulsa is willing to pay $10,000 to attract one work-from-home employee, imagine the negative impact on rural counties where nobody can work from home.

Written by Doug Dawson, President at CCG Consulting

Follow CircleID on Twitter

More under: Access Providers, Broadband, Policy & Regulation, Telecom

Categories: News and Updates

Highlights from ICANN67 Public Forum – Community Dialogue on Proposed Transfer of PIR Ownership

Domain industry news - Thu, 2020-03-12 02:32

Ethos CEO Erik Brooks and I are grateful to ICANN for hosting this important community dialogue on the future of PIR and .ORG earlier this week, and we listened intently to the questions posed.

To echo what John Jeffrey said in his opening remarks, we are very interested in the community's input. We appreciate the openness and candor that was expressed during the Public Forum, and we would like to take this opportunity to recap a few of the overarching themes and questions asked. We look forward to continuing to engage with interested members of the .ORG community and to respond to questions in the coming days and weeks.

First, we heard recurring questions about the role of ICANN and its policies in general. Questions and comments included asking ICANN to identify the criteria that it will apply in evaluating the request for a change in indirect control of PIR, the process by which it will evaluate those criteria, and the role it plans to play — more broadly — in pricing with respect to gTLD registries beyond PIR.

We also heard several people express their support for the actions Ethos has taken with respect to our voluntarily proposing to undertake a legally-binding Public Interest Commitment ("PIC"). One participant noted that "the PIC has a potential to bring us into actually a somewhat better space than the presale PIR . . ." This is exactly what Ethos is striving for — a stronger PIR that maintains the very principles and values that differentiate .ORG from every other registry. The PIC, in our view, represents a clear path forward for PIR, with greater and more specific enforceability mechanisms than currently exist under PIR's the Registry Agreement, and that would not exist at all had Ethos not taken this action. We will continue to engage with the community about what the PIC means in practice for the future of PIR and .ORG.

We were pleased to hear a number of questions asked about the composition of the Stewardship Council. This is an important body that will play a powerful role in influencing PIR's decision-making moving forward, and will be instrumental in ensuring that the needs of all .ORG registrants and users remain central to PIR. As noted in the Council's Charter, five of the inaugural Council members will initially be appointed by the PIR Board, a common practice when new organizations are formed. The remaining two members — and all subsequent members — will be selected through an independent nomination process administered by the Council. The Council will have tremendous enforcement authority as it will have veto power to ensure commitments in PIR's legally binding PIC are upheld. We look forward to unveiling several of the initial Stewardship Council members in the near future.

Some participants posed questions about freedom of expression, and it is therefore important to recall that PIR has one of the strongest and most transparent anti-abuse policies in the industry. It is because of this that we have given the Stewardship Council veto power to reject any attempt to change such policies. To be clear, PIR's anti-abuse program focuses almost exclusively on DNS abuse — things like phishing, malware and botnets. A small fraction of PIR's anti-abuse practices has to do with website content that is so egregiously illegal that it would demand action. To put this in perspective, in 2019, PIR suspended over 41,000 domain names for technical abuse, while the total number of domains suspended for content issues was ten; of these ten, seven were for child sexual abuse materials, and three were for online distribution of opioids. While we recognize that certain organizations may have differing views on this topic more broadly, we stand with the vast majority of the .ORG community in supporting PIR's practices that certain limited restrictions — namely ensuring that child sexual abuse material and other similarly egregious harmful activity has no place on .ORG. Any suggestions that PIR would become an Internet censor of any kind is simply wrong.

Another important topic raised was the enforceability of PICs, and what ICANN's role is when it comes to holding Ethos accountable to the commitments we have made. This is a very important topic, which is why Ethos' legal advisor Allen Grogan and PIR's General Counsel Brian Cimbolic recently hosted a community discussion on this subject. You can find the transcript from that discussion here, and follow-up posts from Allen and Brian here. At a high level, the PIC will be enforceable directly by ICANN and also by members of the community through the Public Interest Commitments Dispute Resolution Procedure, known as "PICDRP." As noted above, we are proud of the actions we have taken to cement certain enforcement and accountability measures for PIR that do not exist today.

As Herb Waye stated at the outset, "[e]motional reactions fueled by issues and unsettled fundamental core values and beliefs can easily cause people to do and say things that are not in their — or others — best interests." We understand that some people may have strong opinions about this transaction, but it is vital that these views be grounded in the facts.

We fundamentally believe that mutual respect and the willingness to hear all sides are essential to maintaining a constructive dialogue around the future of PIR and .ORG. While there may be differing perspectives about certain topics, the feedback and questions we heard during the Public Forum have made one thing clear — we all are passionate about what .ORG represents for the mission-driven people and organizations seeking to do good around the world.

I want to remind everyone to please visit https://www.keypointsabout.org/public-engagement to participate in our public engagement process through March 13. We are continuing to listen and look forward to your thoughts and questions.

Written by Nora Abusitta-Ouri, Chief Purpose Officer at Ethos Capital

Follow CircleID on Twitter

More under: Domain Names, ICANN, Registry Services

Categories: News and Updates

Non .Coms Take 8 of the Top 10 Spots on This Week's Chart + $8 Million Sale from 2019 Uncovered!

DN Journal - Thu, 2020-03-12 01:38
This has been one of the most extraordinary domain sales weeks we've ever seen. The Top 20 has been turned upside down and a huge 2019 sale uncovered.
Categories: News and Updates

Political Email Placement or, You're Not Special

Domain industry news - Wed, 2020-03-11 22:02

A recent piece in The Markup called Swinging the Vote? attempts to figure out how Google decides where to deliver political e-mail. They were startled to discover that only a small fraction of it was delivered into the main inbox, and a fair amount was classed as spam. They shouldn't have been.

This is an example of the fallacy We're so nice that the rules don't apply to us, which is far too common among non-profit and political mailers.

Every mail sender believes that their mail is extremely important and that the recipients urgently want it. In nearly every case, they are wrong. (In my case, the only senders in that category are my wife and my daughter.) For the rest of the mail, specifically including bulk mail I've signed up for, I don't mind getting it, and I will generally get around to reading it when I have time. This definitely includes mail from political candidates, some of which can get rather repetitive around contribution reporting time.

Gmail divides mail into tabs intended to describe the kind of mail it is, which is not the same as describing who sent it. In my experience, they do a pretty good job of sorting mail into the Updates, Promotions, Social, and Forums tab. Promotions describe its content fairly well — messages that promote something. Political campaigns object that they're not commercial, they're not selling anything. That is true, but they sure are promoting the candidate or the cause. "Promotions'' is exactly where they belong.

Some of the political mail went into the spam folder. That's not surprising, either. Political mail may not be subject to the same legal rules as commercial mail, but it's subject to the same sorting rules at every mail provider I know. The mail practices at political campaigns vary from excellent to dreadful with a lot toward the dreadful side. While it's certainly legal to take a list from one campaign and use it in an adjacent district, or for a later campaign for a different candidate, that doesn't mean anyone on the list wants the mail. The recipients will mark a lot of it as spam and mail providers will treat it accordingly.

For the first few pieces of bulk mail sent to someone, the recipient mail system has no way to tell whether it's something the recipient signed up for, or if the sender bought a spam list. Mail systems sort that mail based on how other recipients have treated it. So even if you signed up for that particular mail, if they've been sending spam to other people, it'll go into the spam folder. (What else can they do? They can't give every sender a free pass on the first mail they send someone, since spammers would instantly game it.)

I see no reason to believe that any of the widely varying mail placement that The Markup saw was due to anything other than Gmail treating mail the way their users want.

There's no great secret to getting bulk mail delivered. Send it only to people who want it, don't send it more often than they want, stop when they tell you to stop. This is no different for political mailers than for commercial ones.

So, in short, mail providers handle political bulk mail the same way they handle any other bulk mail. If you send mail that people are willing to get, it will get delivered. It probably won't show up ahead of the mail they actively want (personal mail from their friends), but that is reality. You're not special.

Written by John Levine, Author, Consultant & Speaker

Follow CircleID on Twitter

More under: Email, Policy & Regulation, Spam

Categories: News and Updates

The Sad Story of Private Public Interest Commitments (PICs)

Domain industry news - Wed, 2020-03-11 20:09

The voluntary Public Interest Commitments (PIC) have a long and sad history at ICANN. They were a process never created or evaluated by the Multistakeholder process, thrown together for one purpose and allowed to morph into a mechanism for an almost unlimited number of un-reviewed other purposes. Disputes are delegated to a resolution process which itself was never evaluated for a) its appropriateness to the task at hand, b) its inability to throw out inappropriate claims or ridiculous private commitments, and c) and was entirely unvetted for the human rights, free expression, privacy and related issues that might come its way.

Private (voluntary) PICs and the associated PIC dispute resolution process (PICDRP) is not even a half-baked idea; it's an unbaked idea. Although private PICs have been called "voluntary nonsense" and "voluntary garbage" (see below), they are still included in new gTLD registry agreements, and clearly being embraced and encouraged by Ethos Capital and PIR as part of their .ORG contract. The leaders and advisors of Ethos and PIR — Fadi Chehadé, Allen Grogan and Jon Nevett — urge us to "trust them" and use private PIC commitments and processes as the basis of all protections for .ORG registrants (and the .ORG community that relies on them). I'm sorry, but there is little to trust in the PIC process.

Based on the history of the private PICs, it strains credibility to believe that we would entrust the protection of the cradle of noncommercial speech online — .ORG domain names — to the mess of policies and procedures these individuals helped to create in 2013 and 2014. In this piece, I lay out the deeply concerning history of private PICs and the PICDRP. I also submit that private PICs are not the best way to protect the .ORG registrants and community, but the most self-serving way for PIR and Ethos to move forward — there are clearer, stronger, and more straightforward ways to protect .ORG registrants and members of the .ORG community. If this transaction is to move forward, it is these options we need to incorporate. I describe them at the end.

(Note: I write this piece as part of the group that founded ICANN and a member of ICANN multistakeholder teams that drafted well-defined & well-scoped rules for domain name dispute processes for the Uniform Dispute Resolution Policy (UDRP) and Uniform Rapid Suspension system (URS); I am co-chair of the working group now reviewing these dispute processes. I am a former director of policy for the Public Interest Registry who found working with .ORG registrants and .ORG community to be an honor and privilege every day; it is the only gTLD I know where registrants regularly risk their lives, and those of their families, to share information about dictatorships and corruption, misuse and fraud, and to fight for freedom, news, education and information. Although unusual for a blog piece, I use endnotes to document my sources.)

Here are key factors of concern:

1. PICs were never created by the ICANN Multistakeholder process.

If you go back to the New gTLD Applicant Guidebook — the rules of the road for applying for New gTLDs — there is no mention of "public interest commitments" and no Specification 11 in the "base registry agreement" — the common contract written by ICANN Org (another term for ICANN Staff) for new gTLD applicants to sign once approved and ready to be "delegated" a top-level domain. [1]

Drafted by ICANN Org, this base registry agreement had some review by the ICANN Community, including by a committee of the Registries Stakeholder Group on which I served. Some edits and tweaks were accepted, but mostly, ICANN Legal knew exactly what it wanted in these contracts and drafted accordingly. [2]

2. An Outpouring of Concerns from the Internet Community and ICANN's Government Advisory Committee led to a new section of the contract — "Mandatory Public Interest Commitments" (Mandatory PICs).

Upon review of the new gTLD applications in 2012, a hue and cry quickly arose in two categories. The first was that gTLD categories that some thought were limited and "regulated" were open to all — .BROKERS, .DOCTOR, .ENGINEER. The second was that gTLDs that many thought should be open - or at least open to all in a given industry or business — were proposed to be locked and closed, e.g., generic terms such as .BABY, .CLOUD, .SEARCH, .BOOK, .MOBILE, .BEAUTY.

On November 20, 2012, governments in ICANN's Government Advisory Committee (GAC) issued 242 new gTLD "Early Warnings" on these and other issues. [3] Ultimately, the GAC consolidated its "advice" in the famous GAC Beijing Communique, April 11, 2013. The GAC advised ICANN to create procedures to protect two categories of new gTLD strings. The first was "Category 1: Consumer Protection, Sensitive Strings, and Regulated Markets" in which the GAC expressed concern on dozens of new gTLD applications, including .GREEN, .FITNESS and .CHARITY. The second was "Category 2: Restricted Registration Policies" which included "Exclusive Access" gTLDs and expressed concern about applicants "proposing to provide exclusive registry access" (only to themselves) for generic words of business and industry, including .BLOG, .APP and .CARS. [4]

On July 8, 2013, ICANN's Board, after hearing persuasive concerns from the ICANN community, opened up a proceeding to better understand the anticompetitive risks posed by "closed generics." The proceeding drew businesses and associations to ICANN from across the world, including the Booksellers Association of Bizkaia and Spain, Swedish Booksellers Association, Asia Cloud Computing Association, Consumer Watchdog and many more. [5]

Acting on concerns heard from governments, booksellers, emerging cloud providers, and others, ICANN created a new section of the Base Registry Agreement — "Mandatory PICs," a few new contractual terms to be embedded in a new appendix titled "Specification 11." All new gTLD registries would now need to sign their contracts with the new terms of the "Mandatory PICs," including agreements to enforce banking and other certifications prior to allowing domain name registration in a highly-regulated gTLD, and banning Closed Generics, that is not limiting to a "single person or entity" (e.g., the applicant) exclusive access to domain name registrations in gTLD strings which describe "a general class of goods, services, groups...". [6]

3. But a funny thing happened on the way to Mandatory PICs. ICANN CEO Fadi Chehadé and his Chief Contract Officer Allen Grogan allowed private PICs — a dumping ground for anything a New gTLD Registry might want to throw into its contract

For reasons no one seems to understand, ICANN CEO Fadi Chehadé and his Chief Contract Officer Allen Grogan (who joined ICANN in May 2013) not only requested that specific new gTLD applicants sign on to the Mandatory PICs of the new Specification 11, but allowed any applicant registry to add any other terms it wanted. But there were no guidelines for review, no conditions or limitations for what might be submitted, no definitions of scope and acceptability. It turned out that whatever registrants threw in, ICANN accepted into the contract. [7]

The new terms, put into the new Specification 11, "below the line" of the Mandatory PICs, were called "voluntary" or "private" public interest commitments, but this was a misnomer. Many of these private PICs (discussed below) were one-sided, self-serving, unfair and imbalanced for the registry applicants; many of them exposed registrants to a loss of domain names for reasons far short of due process or legal decisions.

Becky Burr, then and still an ICANN Board member, speaking in her personal capacity at an event at American University Washington College of Law in February 2019, ICANN and New gTLDs, stated about the private PIC process: "I hope we never see any like that [again]", "the process by which that happened was appalling," "and most registries and registrars were appalled by that process as well." "A subset of… registry applicants came in and made ... commitments that were like, literally, everything in the kitchen sink." [8]

But no one in ICANN Org seemed to care — and under the oversight of Fadi and Allen, the registry agreements with private PICs were duly signed. [9]

4. Many Private PICs damaged the rights of registrants, allowed new gTLDs registries to engage in content regulation, and gave registries unilateral power to remove domain names based on allegations far short of legal findings.

Fadi and Allen did nothing about the "kitchen sink" that went into the private PICs, or that many terms eliminated traditional rights for future registrants of these domain names. Until these new gTLD agreements (and for years after), Verisign and the Public Interest Registry did not engage actively in content monitoring or takedown of domain names in .com, .org and .net (Verisign is still contractually barred from doing so).

Certainly, malware and botnets (dangers to Internet infrastructure) were investigated and, if appropriate, taken down, but these legacy registries did not unilaterally investigate and remove alleged illegal content. They defended due process and responded to court orders of infringement — leaving to a judicial body the weighing of arguments including copyright infringement versus fair use, whether advertisers may name competitors in their ads (legal in some countries not in others), and whether law enforcement requests for takedowns should be performed.

But Donuts had no such qualms. Co-founder, General Counsel and then EVP of Donuts, Jon Nevett inserted the same private PICs into virtually all of Donuts and its subsidiaries' applications. This gave Donuts nearly unlimited control over domain names and the unilateral right to strip them away from registrants. Under the terms of the Donuts private PICs and across the 200+ gTLDs which it would ultimately register or purchase, the terms include:

"Registry Operator reserves the right, at its sole discretion and at any time and without limitation, to deny, suspend, cancel, or transfer any registration or transaction, or place any domain name(s) on registry lock, hold, or similar status as it determines necessary for any of the following reasons" which were wide-ranging and included:

"… to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process" and

"… infringement of any copyright or trademark." [10]

Unlike the domain name dispute provisions developed through ICANN's Multistakeholder process, the UDRP and URS, there was a) no required notice to the registrants of allegations against their content and domain names, b) no clear opportunity for registrant response, c) no clear standards for evaluation, grant and dismissal, and d) no court or independent third party dispute resolution provider hearing both sides.
Although ICANN, by its own structure, precedents and new bylaws, does not engage in content regulation, Donuts stripped future registrants of virtually all of their due process rights in new gTLDs across its portfolio.

5. Donuts also monetized the PICs.

At the same time, Donuts and Jon monetized private PICs by selling broad trademark rights to trademark owners — including proposals rejected by ICANN's Multistakeholder community.

One, a "block list," requested by Intellectual Property Constituency leaders asked ICANN to block certain trademarks from registration across all new gTLDs. While the ICANN Community accepted many of the intellectual property community's requests, this one was rejected by the multistakeholder process. The reasoning was that the basic redundancy of words and names is protected by language and trademark law, and no one has exclusive rights to common words and names.

While McDonald's Corporation and Time Warner may use common last names such as McDonald or words such as "people," "money," and "fortune" for fast food and magazines, these names and words can be used by others in a) their noncommercial sense and b) non-infringing commercial ways. Across the wide array of new gTLDs, there are many legal opportunities for redundant uses of words.

But Jon and Donuts, through the private PICs, created the Domains Protected Marks List (DPML) and sold the expanded protection (rejected by ICANN's ICANN Multistakeholder process) to trademark owners across 200+ new gTLDs. [11]

But not to worry, Jon made PICs voluntary, so they could be revoked unilaterally at any time:

"Registry Operator, in its sole discretion and upon written notice to ICANN, may elect at that time to discontinue any of such public interest commitments in the case of a substantial and compelling business need." [12]

6. ICANN, under Fadi and Allen, then created a completely upside-down process: a "dispute resolution procedure" to protect the PICs, but not to allow challenges to those that were one-sided, self-serving, unfair and imbalanced.

Certainly, the Mandatory PICs needed enforcement. If General Motors were to be the registry of .AUTOMOBILE and refuses to sell domain names to Ford or Toyota that is a problem that a cheap, rapid and low-overhead arbitration, along the lines of the well-proven UDRP, might rapidly resolve.

But in December 2013, Fadi and Allen allowed an arbitration procedure to be applied to the private PICs that was fundamentally flawed because the dispute process had no mandate to review the content of a private PIC, to moderate or limit private PICs, or to remove their abusive elements. The only thing the Public Interest Commitment Dispute Resolution Procedure (PICDRP) would handle was non-compliance with a PIC. [13]

Thus, under Fadi and Allen, in an utterly strange twist, ICANN:

  • Did not allow Registrants to challenge private PICs as outside ICANN's "no content" scope;
  • Did not allow Registrants to challenge the unreasonableness or one-sidedness of private PICs or their lack of due process; and
  • Did not require registries to tell a registrant even why a domain name was being taken down.

PICDRP exists only as mechanism to see how far already-privileged parties can go in enforcing their private privileges. Unlike UDRP or URS, it does not even have a third-party forum that vouches for and oversees its processes — such as WIPO or The Forum.

Further, not a single panelist lists human rights as an area of expertise, and only one lists privacy or free speech. That may come as no surprise because these types of issues are ill-suited for arbitration and certainly not an arbitration process where the only rules are what the registry drafted in its own (or a few stakeholders') self-interest. [14] No ICANN Multistakeholder Process reviewed the PICDRP for its scope, guidelines, rules, limits or ability to handle the wide array of free speech, privacy and other fundamental rights issues that might arise.

(Note: In every other dispute mechanism designed by the ICANN Community, the rules were carefully considered, fairness carefully weighed, notice provided, response periods included, and forums carefully chosen and (currently) being reviewed.

But no ICANN multistakeholder process created clear rules for the PICDRP, reviewed PICDRP policies and procedures, or checked the background of PICDRP panelists for the range of free speech, due process, jurisdiction, government rights, competition and privacy laws (as a sample) that might arise given the arbitrariness and wide-ranging nature of the private PICs.

ICANN does not know how the PICDRP will handle the natural strains and stresses of overseeing key questions of content online — and how it will protect active (and exposed) users seeking to reveal problems with the very governments, law enforcement agencies, and corporations who would be using the private PICs to demand private "takedowns" of their domain names and their content and communication attached.)

7. Now the creators and users of Voluntary PICs process ask us to "trust them" with .ORG registrants and the .ORG Community.

Overall, Fadi and Allen created private PICs and the PICDRP process in the tornado of activity of the new gTLD roll-out. They allowed the devastation of any boundaries of protection for future new gTLD registrants. No one cared about registrants.

These very men, albeit in different hats, now ask us to trust that they will protect some of the most important registrants, some of the most vulnerable organizations, some of the most sensitive, powerful, community and country-changing speech on the Internet.

But what they did, private PICs, the worst process ever to take place in ICANN, destroyed the faith that many of us had in the ICANN process. No one needs to spend years negotiating "fair and balanced processes" across multistakeholder groups when they can be undermined in a matter of moments by private PICs thrown into a contract unilaterally, which no one has the ability to remove — no matter how unfair.

Now Fadi, Allen, Jon, Ethos and PIR come to the ICANN Community and tell us that their PICs will be fair and that the PICDRP process will be good enough. People far brighter than I are critiquing the proposed .ORG private PICs and many of these critiques show them to be just as one-sided, self-serving and limiting of registrant rights as other private PICs. It makes sense; there's a history.

8. Ethos and PIR could give us real structural changes and real rights and protections for .ORG registrants and the .ORG community.

Ethos and PIR could present real, substantive structural changes that allow the .ORG registrants and community a real vested, voting and veto interest in .ORG on significant issues (see Professor Benjamin Leff's piece here in CircleID, posted 2/27,). They could build their commitments into the Articles of Incorporation with clear, detailed public benefit LLC statements (as a part of our obligations).

They could revert to the old .ORG contract (of eight months ago) with its clear contractual commitments to ICANN of limited price increases and no content removal.

They could embody all of their obligations and promises in a clear Addendum to their registry agreement — one which ICANN Org has real responsibilities to monitor and protect.

But no, Allen, Fadi and Jon want us to "trust them" and want to give .ORG registrants (present and future) the barest scraps from the .ORG table of rights and privileges with a few PICs, limited in scope and only weakly enforceable through a PICDRP, untested and unscoped for this purpose.

No, I'm afraid this new, private .ORG PIC process is appalling too.

9. Voluntary PICs would be a horrible thing in which to entrust the cradle of nonprofit organizations and the podium of noncommercial speech.

For over 30 years, speakers have used .ORG to speak truth to power with little fear of takedown (note: NSI, Verisign, ISOC & PIR until this summer, were all bound by "do not regulate content" rules and customs for.ORG domain names). Dot Org has been the gTLD where groups flocked to decry corruption, reveal the dangers of dictatorship, show abuse of private and public forums and, yes, seek the overthrow of tyranny — sometimes at the risk of their own freedom or that of their families, but not at the risk of their domain names.

The public accessed .ORG domain names to learn about their rights, to find groups to provide them protections, to register to vote, and to read about corruption in their countries — often bypassing state-controlled media which provided no insight.

Many who worked for and volunteered with .ORG over three decades dedicated themselves to the task of protecting this cradle of free speech. In protecting this special gTLD, we want full protection, not scraps from a discredited system of voluntary PICs that serve only those who write them.

* * *

SPECIFICATION 11 AND ENDNOTES

Specification 11

PUBLIC INTEREST COMMITMENTS

1. Registry Operator will use only ICANN accredited registrars that are party to the Registrar Accreditation Agreement approved by the ICANN Board of Directors on 27 June 2013 in registering domain names. A list of such registrars shall be maintained by ICANN on ICANN's website.

2. Registry Operator will operate the registry for the TLD in compliance with all commitments, statements of intent and business plans stated in the following sections of Registry Operator's application to ICANN for the TLD, which commitments, statements of intent and business plans are hereby incorporated by reference into this Agreement. Registry Operator's obligations pursuant to this paragraph shall be enforceable by ICANN and through the Public Interest Commitment Dispute Resolution Process established by ICANN (posted at http://www.icann.org/en/resources/registries/picdrp), which may be revised in immaterial respects by ICANN from time to time (the "PICDRP"). Registry Operator shall comply with the PICDRP. Registry Operator agrees to implement and adhere to any remedies ICANN imposes (which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement) following a determination by any PICDRP panel and to be bound by any such determination

[Registry Operator to insert specific application sections here, if applicable]

3. Registry Operator agrees to perform the following specific public interest commitments, which commitments shall be enforceable by ICANN and through the Public Interest Commitment Dispute Resolution Process established by ICANN (posted at http://www.icann.org/en/resources/registries/picdrp), which may be revised in immaterial respects by ICANN from time to time (the "PICDRP."). Registry Operator shall comply with the PICDRP. Registry Operator agrees to implement and adhere to any remedies ICANN imposes (which may include any reasonable remedy, including for the avoidance of doubt, the termination of the Registry Agreement pursuant to Section 4.3(e) of the Agreement) following a determination by any PICDRP panel and to be bound by any such determination.

a. Registry Operator will include a provision in its Registry-Registrar Agreement that requires Registrars to include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.

b. Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.

c. Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.

d. Registry Operator of a "Generic String" TLD may not impose eligibility criteria for registering names in the TLD that limit registrations exclusively to a single person or entity and/or that person's or entity's "Affiliates" (as defined in Section 2.9(c) of the Registry Agreement). "Generic String" means a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.

Endnotes

[1] 2012, New gTLD Applicant Guidebook, See Module 5, Base Agreement & Specifications, https://newgtlds.icann.org/en/applicants/agb.

[2] Personal experience; I worked to convene the Registries Stakeholders Committee which reviewed the draft base registry agreement.

[3] GAC Early Warnings, https://gac.icann.org/activity/gac-early-warnings

[4] GAC Beijing Communique, 11 April 2013, https://gac.icann.org/contentMigrated/icann46-beijing-communique

[5] https://www.icann.org/en/system/files/files/report-comments-closed-generic-08jul13-en.pdf

[6] Specification 11, Public Interest Commitments, pp. 98-99, https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-redline-31jul17-en.pdf

[7] https://newgtlds.icann.org/en/announcements-and-media/announcement-06mar13-en

[8] Panel 2, https://www.wcl.american.edu/impact/initiatives-programs/pijip/events/icann-and-the-new-top-level-domains/

[9] See e.g., .LAND, https://www.icann.org/sites/default/files/tlds/land/land-agmt-html-redline-10sep13-en.htm

[10] See e.g., .LAND contract, Specification 11, 4(d), https://www.icann.org/sites/default/files/tlds/land/land-agmt-html-redline-10sep13-en.htm

[11] See e.g., .LAND, above, Specification 11, 4(c).

[12] See e.g., .LAND, above, Specification 11, end of private PIC.

[13] Revised PICDRP (review the "redline" to see the 2013 version), https://www.icann.org/resources/pages/picdrp-2014-01-09-en

[14] See e.g, Matthew J. Stanford, Diminution Doctrine: Arbitration's First Amendment Problem, 52 UC Davis Law Review Online 73 (2018).

Written by Kathy Kleiman, American University Washington College of Law

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Registry Services

Categories: News and Updates

Cyberspace Solarium Commission Report

Domain industry news - Wed, 2020-03-11 18:20

The Cyberspace Solarium Report released today is another, in an endless string of reports, that disgorge from Washington committees dealing with the eternal mantra of "defending American interests and values in cyberspace." The challenges (and many reports) here trace back 170 years when transnational telecommunication internets emerged. The dialogue and reports scaled in the 1920s with the emergence of radio internets and cyber threats, then again in the early 1980s with the deployment of data internets, and yet again in the mid-1990s with the Clinton-Gore Administration forcing the TCP/IP platform into public network infrastructure without even minimum security regulation, and abandoning related international agreements. As the effects of that disastrous decision have manifested themselves, the cyber reports have become more frequent. Now it is Solarium revisited. (Solarium is the name given to a 1953 Cold War strategic defence initiative that met in the solarium on top of the White House.)

The gist of the Solarium Report and its 80+ recommendations are not significantly different than those seen countless times before — even as it professes the threats are greater. However, the recommendations are not much different than those produced 25 years ago when NSA's legendary Press Winter pulled together the nuclear cold warriors who had funded TCP/IP — for them to atone for their sins as they would say — by creating the CRISP initiative at Stanford and engaged the National Labs. DARPA's Emeritus Director Steve Lukasik who ran much of the work spent the next 20 years cranking out one Andy Marshall or DTRA report after another predicting almost every impending TCP/IP internet disaster and recommending mitigation strategies.

So here we are in 2020. Most of the same observations and mitigations are now bundled under "six key pillars." Even if well-meaning, the pillars and most subtending recommendations have been seen many times before. They are standard Beltway mantras. The only especially critical new concerns relate to U.S. elections and cloud data centres.

What was especially telling about the report is found as part of its rollout explanatory panel on The International Impact a few days ago. The most interesting part of the panel was the probing questions of The Washington Post's Ellen Nakasima who kept asking the question how this report is different from the countless others. The only mind-boggling answer to the question at the end seemed to be more people and an ambassador slot at the State Department for "dealing with 5G." What they probably didn't know was that it was ironically exactly what Diana Dougan did almost 40 years ago when she came to Washington with the Reagan Administration and landed in the State Department.

The report utterly fails to deal with the major foundational problems under the pillars — as it probably inherently could not.

  1. The US shift from its highly-integrated public-private model with strong private-sector R&D in the 1990s to promote the TCP/IP internet political-economic strategy of the time has proven a disaster. The esteemed groundbreaking research laboratories combined with dedicated experts collaborating with their peers in global standards bodies just disappeared. NSA's groundbreaking cybersecurity programs and public leadership disappeared. Other countries — particularly in Asia — took a more cautious approach and instead emulated what was a U.S. success story. The result has gutted the ability of the U.S. — especially the ability to participate effectively internationally.
  2. The TCP/IP internet itself — together with its institutions which are still propped up — has proven an even greater disaster. It was regarded at the time as a vulnerability nightmare — which has become ever worse over the years, as predicted. Now — as networks and services worldwide shift to 5G entirely and move to better protocols — the U.S. is facing challenges in shedding the old baggage and adapting.
  3. Just when effective global multilateral instruments and forums are most needed to deal with global cyber problems of its own making, the U.S. has basically zero credibility from abandoning them in 1990, and effectively killing what was left by the current Administration. The White House, "Elephant in the Room," is impossible to ignore. The most the report offers on international is working with a dozen friendly nations with those new hires at State. Good luck with that one.

Although the report likes to blame the rest of the world for cybersecurity challenges, it ignores the rather embarrassing reality that the U.S. TCP/IP infrastructure itself has long been the source of most of the world's cyber attacks and malware as well as the most targeted — even if the perpetrators are abroad. This reality produces a significant skepticism abroad when yet another report emerges that fails to deal with the problems extant in the nation's own back yard. Even as the FBI warns against zero trust digital certificates being churned out by Silicon Valley and exacerbating cybersecurity incidents, Washington does nothing. What Washington should be doing as one of its pillars is studying how other countries are protecting themselves from the cyber threats emanating from the U.S.

The Solarium Report's comment on page 18 about "losing the international standards race" is so utterly bereft of reality that it underscores the challenge being faced in Washington — its inability (or unwillingness) to understand what is occurring. On page 74 of the report, it asks, "can the 5G deployment be made fundamentally secure? Although nothing can be made fundamentally secure, the risks can be significantly reduced, and the very activity to accomplish this in multiple international bodies has long been underway and the report's authors seem utterly unaware of it. Even the idea of a security certification is moving towards implementation, but will the U.S. participate?

Fortunately, the real participants in the 5G security arena met virtually all of last week and advanced an array of essential capabilities, including supply chain assurance — reviewing and reaching agreement on more than 450 input contributions from 35 different companies and organizations treating 30 5G security work items and proposing 14 new critical security studies and specifications. These were some of the real experts who collaborated and reached consensus decisions via 604 emails. No inputs from any USG sources, but five registered from the national security community to watch, and one lone NIST person expressed a view on an esoteric development. Although a small step, it is a giant leap for an insular Washington. Fourteen U.S. companies and organizations actively participated. These activities are fairly transparent, and the rest of the world outside of Washington can see what is actually occurring here rather than the xenophobic nonsense in the report.

Notwithstanding the foibles of the report, it deserves praise for assembling a broad array of needed actions and beginning to focus on the security of cloud data centres in section 4.5, which — as noted in the report — Europe is already pursuing. The U.S. based Center for Internet Security has already worked with cloud platform providers to instantiate Critical Security Controls capabilities in cloud operating system images, and contributed its specifications for that action via the ETSI global standards profiles that are being used for certification. Section 4.6 also raises the possibility of national data security legislation — which many other nations already have accomplished. The report also expresses long-due concern over the serious negative consequences of end-to-end encryption — for which ETSI has already developed standardized platforms for meeting the diverse needs.

Washington's biggest cybersecurity challenge is itself. It exists in a bubble of non-stop, self-similar chat-boxes that have minimal knowledge or apparent interest in the history, the actual underlying technologies and ongoing activities, or its own culpabilities in the global cybersecurity ecosystem. The internet myths are truly ludicrous. As someone who spends almost all his time in international venues or analyzing them, it is plain that almost no US government agencies and only a handful of companies even engage in the relevant activities anymore. As a result, anything in the report concerning international developments lacks credibility.

What the U.S. should consider is analyzing at how other nations are developing successful strategies, analyzing what is actually occurring, and beginning to engage again in the international venues and activities it has largely abandoned — to the extent that is still possible. Although this is recommended in section 2.1.2 of the report, what is there reveals a lack of understanding of the topic and has no substance. A few people at State is not going to cut it. The only real expertise around Washington is at NSA (as it has been for the past hundred years) and with their peer organizations in every other country. Without NSA significantly, publicly engaged in domestic and international venues, there is no U.S. cyber credibility.

The sad truth is the U.S. has the resources to be a global leader in this space with others, but seems as a nation to be incapable of shedding its internet political illusions and myths, understand the fundamental technological changes in play, and organize and facilitate the available resources effectively. Today, we have yet another cyber commission producing still more pillars. The hope is that it will be something more than just a blueprint for program funding, agency turf, regulation avoidance, Washington institutional aggrandizement, and lobbying prominence — that have nothing to do with any meaningful 5G security or global leadership.

Written by Anthony Rutkowski, Principal, Netmagic Associates LLC

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cyberattack, Cybersecurity, Internet Governance, Policy & Regulation, Wireless

Categories: News and Updates

NGO Community Urges ICANN to Exercise Independent Judgment as It Reviews the .ORG Sale

Domain industry news - Wed, 2020-03-11 18:13

ICANN is reviewing the Internet Society's proposed sale of Public Interest Registry, the .ORG registry operator, to private equity firm Ethos Capital. ICANN effectively has the power to stop the sale by terminating PIR's Registry Agreement. The Electronic Frontier Foundation, NTEN, Consumer Reports, Americans for Financial Reform and several other organizations joined Monday's Public Forum at ICANN67 to ask questions about how ICANN plans to review the change of control of the .ORG registry to protect noncommercial users' interests.

To date, over 25,000 people and 839 organizations have signed a letter demanding a stop to the sale, which would let Ethos Capital raise domain registration fees and implement new enforcement mechanisms that could be used to censor NGOs. Unfortunately, the ICANN staff and board did not answer any of our questions at yesterday's Public Forum, but we hope to hear from them in the coming days.

Public Interest Commitments Won't Adequately Protect Users

As EFF and NTEN recently explained, Ethos Capital's attempt to address criticism by forming a Stewardship Council doesn't resolve the NGO sector's concerns. PIR's ability to veto council members ensures that the council will stay in lockstep with PIR. As I asked in today's meeting:

PIR has proposed to create a Stewardship Council whose initial members will be selected by the PIR Board. PIR's Board will retain a veto over any new members. And any three members of the Stewardship Council can uphold any decision by PIR's board and management, whatever its effect on freedom of expression. Does ICANN consider PIR's proposal sufficient to safeguard the interests of .ORG registrants?

Today's meeting made it clearer than ever that Ethos Capital is ill-equipped to manage the .ORG registry on behalf of the NGO sector.

Ethos also unveiled new Public Interest Commitments (PICs), additions to the .ORG RA that Ethos says will keep the registry from raising prices above a certain rate and establish the Stewardship Council. In two recent webinars, Ethos stressed that revising or revoking the PICs would require amending the RA, framing this as insurance that the PICs will continue to bind PIR and any subsequent owners of the .ORG registry. But that overstates the difficulty of amending the RA, which can be negotiated at any time by the registry owner and ICANN, even in the face of overwhelming public opposition.  In fact, that's exactly what happened last year when the .ORG RA was revised to diminish registrants' rights and remove price caps. As my colleague Cara Gagliano asked:

Can Public Interest Commitments in a registry agreement later be revised or revoked through bilateral negotiation between the registry operator and ICANN staff, as ICANN has stated is the case for other contractual terms?

Because one of the PICs deals with registration fees, a topic that ICANN has signaled it is no longer interested in overseeing, National Council of Nonprofits' Rick Cohen asked whether PICs are an appropriate method for limiting price increases at all:

In 2019, ICANN indicated its interest in exiting the role of price regulation, but the PIC proposed by Ethos would place ICANN back in that role. Because ICANN would be the only body empowered to enforce the proposed PIC, is this a role ICANN is willing to play? And what commitments to the .ORG community to uphold the PIC will ICANN make?

A For-Profit Registry Is Not Well Positioned to Defend Nonprofits

PIR and Ethos Capital have repeatedly distanced themselves from statements PIR and ICANN made in 2002 when PIR was first formed. From the beginning, PIR's connection to the global NGO sector was seen as essential to its management of .ORG. ISOC's then President and CEO Lynn St. Amour promised that .ORG would continue to be driven by the NGO community — in her words, PIR would "draw upon the resources of ISOC's extended global network to drive policy and management."

PIR, Ethos Capital, and their various spokespeople have downplayed the significant change that will come with transitioning PIR to a for-profit, private equity-owned company. Particularly given the significant amount of debt that Ethos' investors plan to impose on PIR, NGOs are right to ask what corners a for-profit PIR would cut in order for Ethos to recoup its investment. As Elliot Harmon, EFF's Activism Director asked,

"What relevance, if any, does ICANN believe the 2002 criteria for the redelegation of the .ORG domain, and ISOC's commitments, hold today?"

Americans for Financial Reform's Patrick Woodall expanded on the financial picture surrounding the proposed sale of PIR, raising serious questions about what changes Ethos will make to .ORG in order to make a profit:

PIR has said that the transaction will maintain its financial viability because it generates $50 million in operating revenue and its annual interest-only loan payments are only about $20 to $25 million. Using PIR's generous $50 million income assessment (which is higher than any prior year), and assuming the 10% annual price increases, PIR will still only generate $380 million in revenue over the term of the loan but will owe over $480 million (about $120 million in interest payments and $360 million in principal). How will PIR repay the $360 million principal when it comes due without compromising the stability of PIR or imposing additional costs on its users?

ICANN Must Ensure Real Public Oversight of the .ORG Sale

Several speakers demanded that ICANN play a more active role in leading a public discussion on the change of ownership and how it will affect NGOs. While Ethos has taken some steps to lead a public engagement process, it can't do so neutrally. As EFF's Elliot Harmon said:

Since the Internet Society announced the sale of PIR, Ethos and PIR's communication with the public has been largely one-directional. Ethos and PIR have now hosted several webinars, but they've consistently failed to adequately respond to most of the questions and concerns raised by leaders in the NGO sector.

As the steward for the TLD system, ICANN itself should lead public engagement on the issue of the PIR sale. It should be leading engagement with global NGO sector leaders and listening to their feedback before it approves the transfer of ownership of the registry.
This public forum is a good start, and I hope that ICANN thinks of it as a start, not a conclusion. ICANN, not PIR itself, should be collecting and evaluating written public comment on this issue.

Consumer Reports' Katie McInnis asked a pointed question of the ICANN board: can it lead that process if board members haven't disclosed their own financial connection to the sale?

Some members of this Board have current or past business relationships with contracted parties or other companies in the domain name industry. Does any member of this Board stand to gain financially from the sale of PIR and its future operation by Ethos Capital?

Yesterday's meeting made it clearer than ever that Ethos Capital is ill-equipped to manage the .ORG registry on behalf of the NGO sector. ICANN must intervene to stop the sale.

Written by Mitch Stoltz, Senior Staff Attorney at Electronic Frontier Foundation

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Registry Services

Categories: News and Updates

Russian firm found to have tried reverse domain name hijacking

Domain Name Wire - Wed, 2020-03-11 18:09

Company filed cybersquatting complaint against domain name registered prior to its trademark rights.

A World Intellectual Property Forum panelist has determined that Kontsern Radioelektronnye Tehnologii tried reverse domain name hijacking the domain name KRET.org.

The Russian electronics manufacturer filed the dispute against Titan Networks, which registered the domain name in 2007.

Titan argued that it registered the domain name because of its value as a short domain name and was not aware of the Complainant. It registered the domain name before the Complainant had any trademark rights in the term KRET.

The Complainant tried to argue retroactive bad faith, as was argued in an oft-cited case involving Octogen Pharmacal Company. That case has been leveraged by many Complainants who otherwise don’t have a case, but has been widely rejected by panels.

In finding reverse domain name hijacking, panelist Adam Taylor wrote:

1. The Complainant has failed by a large margin. In the Panel’s opinion, the Complainant knew or at least should have known that it could not prove one of the essential UDRP elements. The Complainant’s representatives quoted extensively from UDRP case law and the Panel thinks it unlikely that they were unaware of the current overwhelming view of UDRP panelists as to the need to prove registration as well as use in bad faith and that the 10-year old cases cited are no longer “good law”.

2. The Complaint lacks candour in that it makes no mention of the fact that the Complainant has traded under the name “KRET” only since 2014 and not from when it was established in 2009. In the event the distinction is not material to the case but it could have been if the Respondent had acquired the disputed domain name after the Complainant was established.

Post link: Russian firm found to have tried reverse domain name hijacking

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Lotto Sport Italia tried reverse domain name hijacking, court rules

Domain Name Wire - Wed, 2020-03-11 17:15

Company tried to take two ‘lotto’ domain names away from Canadian man.

Italian sportswear maker tried to get ‘lotto’ domain names from online gaming professional.

A Canadian man who registered LottoStore.com and LottoWorks.com has prevailed in a legal dispute with Lotto Sport Italia, with the court granting his motion for summary judgment (pdf).

The judge ruled that David Dent can keep the two domain names, and the judge entered judgment in favor of Dent on his reverse domain name hijacking claim.

Lotto Sport Italia S.p.A. filed a UDRP with World Intellectual Property Organization in 2016, shortly after Dent acquired the two domain names from third parties for over $11,000. Dent said he registered the domain names for online gaming, which is his background. Lotto Sport, on the other hand, is a sportswear manufacturer with no business relating to gaming.

But his UDRP defense seemed to be poorly argued and he lost. He subsequently filed a lawsuit in U.S. court.

The court ruled that Dent’s registration of the domains did not violate the Anticybersquatting Consumer Protection Act (ACPA).

Among other things, the court considered the original registration dates of the domains as the pertinent dates rather than the Dent’s acquisition of the domains in 2016. UDRP panelists consider the date a registrant acquires a domain as the date of registration; under ACPA, courts tend to look at the original registration date.

Dent will now file for attorneys’ fees and liability for reverse domain name hijacking.

He was represented by Jeff Johnson of Schmeiser Olsen & Watts with the help of John Berryhill. Berryhill suffered a heart attack during the case, and Berryhill told Domain Name Wire that Jeff “took the ball and ran it 80 yards to the touchdown.”

Marc Randazza represented Lotto Sport.

Post link: Lotto Sport Italia tried reverse domain name hijacking, court rules

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Reverse domain name hijacking in HUG.com case
  2. Screen-It Graphics attempted to Reverse Domain Name Hijack Grandstand.com
  3. Weeds.com owner fights back, asks for damages for reverse domain name hijacking
Categories: News and Updates

2019 Ended With Over 362 Million Domains Registered Worldwide - .Com Outperformed Market but .Net Continued Slide

DN Journal - Wed, 2020-03-11 16:50
Verisign has released their latest quarterly Domain Name Industry Brief. Total registrations worldwide grew nearly 4% over the past year.
Categories: News and Updates

Rob Monster sues after losing UDRP for BC30.com

Domain Name Wire - Wed, 2020-03-11 16:10

Monster chose to blast WIPO rather than respond to the three elements of UDRP.

Rob Monster has filed a lawsuit after losing a UDRP for BC30.com.

Rob Monster, the CEO of domain name registrar Epik, has filed a lawsuit after losing the domain name BC30.com in a UDRP.

Ganeden Biotech, Inc. filed a UDRP with World Intellectual Property Organization (WIPO) against the domain name in December.

Instead of formally responding to the UDRP, Monster sent an email that the WIPO panelist characterized as “needless derogatory remarks (and threats) about the UDRP and the Center.”

While the UDRP does not detail Monster’s message, he posted it publicly on domain name forum NamePros. The email stated that Monster would publicly critique the decision should he lose the case.

Panelist John Swinson wasn’t amused, and he also didn’t have affirmative defenses to the Complainant’s submissions. He found in favor of the Complainant.

Now Monster has filed a lawsuit (pdf) to stay the transfer. He’s also asking for damages.

Monster filed it in U.S. District Court in Washington, where both he and his registrar are located. Monster is representing himself in the lawsuit.

 

Post link: Rob Monster sues after losing UDRP for BC30.com

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. WorldWide Media Sues to Retain SmoothMove.com
  2. Why BuyDomains’ lawsuit over FACI.com makes sense
  3. Mrs Jello sues to block Camilla.com transfer
Categories: News and Updates

.Com rankings: Google tops 3 million .com domains

Domain Name Wire - Wed, 2020-03-11 13:35

Google hits a milestone.

ICANN has published the latest official data from Verisign (NASDAQ: VRSN) about the .com namespace. This registrar-by-registrar report covers November 2019.

Google’s domain name registrar hit the 3 million .com domain milestone. It continues to add over 100,000 domains a month with few outbound transfers, so this number will continue to climb.

As has been the case in recent months, there was a lot of shakeup on the monthly leaderboard. I believe this is due to promotions that Verisign offers that are, in turn, sometimes passed on to registrar consumers.

Website builder Wix managed to make the top 10 list this month. Not because its registrations increased, but because the bar to be in the top 10 dropped. Dynadot and Web.com, which had a surge in registrations the prior month, reverted and Wix took their spot.

When the report for March 2020 comes out, expect a surge at Dynadot. It’s offering $5.99 domains this month with a coupon.

Here’s how registrars did in terms of new .com registrations:

1. GoDaddy.com* (NYSE: GDDY) 946,270 (867,828 in October)
2. Tucows** (NASDAQ:TCX) 182,250 (189,005)
3. Alibaba (HiChina) 163,419 (121,623)
4. Namecheap Inc. 163,141 (170,249)
5. Google Inc. (NASDAQ: GOOGL) 136,518 (146,747)
6. Endurance+ (NASDAQ: EIGI) 127,219 (130,428)
7. GMO 86,969
8. Xin Net 72,991 (128,049)
9. NameSilo 69,171 (76,139)
10. Wix (NASDAQ: WIX) 62,712

Here’s the leaderboard of the top registrars in terms of total .com registrations as of the end of November 2019.

1. GoDaddy* 51,629,563 (51,365,334 in October)
2. Tucows** 12,910,915 (12,969,022)
3. Web.com++ 7,096,388 (7,101,250)
4. Endurance+ 6,817,113 (6,863,214)
5. Alibaba 6,013,715 (6,032,936)
6. United Internet^ 5,526,648 (5,547,495)
7. Namecheap 5,182,418 (5,125,801)
8. Xin Net Technology Corporation 4,433,678 (4,508,653)
9. Google 3,032,888 (2,939,902)
10. GMO 2,253,907 (2,209,814)

Many domain companies have multiple accreditations and I’ve tried to capture the largest ones. See the notes below.

* Includes GoDaddy, Wild West Domains and 123 Reg
** Includes Tucows, Enom, Ascio and EPAG
+ Includes PDR, Domain.com, FastDomain and Bigrock. There are other Endurance registrars, but these are the biggest.
++ Includes Network Solutions, Register.com, and Crazy Domains
^ Includes 1&1, PSI, Cronon, United-Domains, Arsys and world4you

Post link: .Com rankings: Google tops 3 million .com domains

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. New .Com Winners & Losers
  2. Dynadot jumps into top 10
  3. .Com Winners & Losers: A strong month for NameSilo
Categories: News and Updates

When Proxy Services Enable Abuse

Domain industry news - Wed, 2020-03-11 03:06

This post was co-authored by Russell Pangborn and Syed Abedi of Seed IP Law Group

People are growing increasingly alarmed by recent examples of bad actors abusing proxy services offered by registrars. While proxy services are designed to protect the privacy of legitimate domain name users — they do the opposite when abused by cybercriminals. Responsible Proxy providers play a key role in mitigating abuse. When they don't act responsibly — it's clear they contribute to the problem. In a twist of irony, ICANN, the custodian of the internet domain name system, recently learned that no one is immune from these cyberscammers when ICANN itself was spoofed in a phishing attack. With over 90 million domain names covered by these types of services, facilitating abuse can have far-reaching consequences, as Microsoft and Facebook have demonstrated in pursuit of Iranian hackers and DNS abusers. Unfortunately, they had to turn to litigation to address the attacks. This is why ICANN needs to reverse course and immediately resume implementation of the privacy/proxy accreditation policy, originally adopted over three years ago, to better regulate these services. Requiring the victims of DNS abuse to turn to litigation is not the answer ... and neither is non-action.

Phishing ICANN

Despite years of delay, no urgency is being exhibited by the ICANN staff or Board to implement the approved privacy/proxy accreditation policy. All implementation efforts remain on hold until ICANN's expedited policy development process (acronym-ized as the "EPDP") relating to publication of Whois records is completed, approved, and implemented. The real-world effect of this: ICANN — the custodian of the Internet's domain name system — embarrassingly learned that fraudsters do not discriminate among rights holders, even ICANN. In January, a company registered the domain name, icannservice.com, with the registrar GoDaddy and its identity was masked by GoDaddy's privacy service, Domains by Proxy. A phishing attack followed. The deceptive domain was used in furtherance of a search engine submission scam where a spam email was sent from mail servers using the @icannservice.com email address, and used the "ICANN Domain Service" branding in the body of the email, along with other misleading uses of well-known brands like GOOGLE, BING, YAHOO!, VERISIGN, and others:

The targeting of ICANN's good name in a phishing attack should shine a bright light on the need for quick access to registrant data for legitimate purposes, including data hidden by privacy and proxy services for these acts. This is a problem faced by countless businesses, law enforcement officials, brand owners, and other users of the Internet.

Iranian Hackers Use Privacy Service

Given that phishing attacks generally last a few hours only, the harm can have far-reaching consequences when obstructive registrars refuse to disclose registrant data in view of blatant abuse, and demand that rights holders obtain a court-ordered subpoena by expending significant resource to unmask cybercriminals hiding behind privacy/proxy services. Last year, Iranian hackers operating under the alias Phosphorous engaged in a highly sophisticated scheme to carry out phishing attacks on Microsoft users. The targeted Microsoft users included political dissidents, activist leaders, journalists, and employees from multiple government agencies, including individuals protesting oppressive regimes in the Middle East. The scheme involved, among other things, sending links to victims leading them to fake webmail login pages, which mimicked Microsoft Outlook login pages. The stolen credentials were used to hack into the victims' computers. Unsurprisingly, the overwhelming majority of domains were masked by privacy/proxy services including, Domain ID Shield Service, Domain Protection Services, and Domains by Proxy. (See, complaint at Appendix A). As noted below, the "Domain ID Shield" is the same privacy/proxy service that is the subject of the lawsuit filed by Facebook against OnlineNIC, and was overwhelmingly used to hide the identity of the Iranian hackers.

Microsoft had to file a lawsuit in the U.S. District Court for Washington DC, seek emergency relief and send subpoenas to registrars and registries to unmask the hidden registrant information. Ultimately, Microsoft was able to take control of these domains after months of litigation. While some major corporations may have the sophistication and resources to pursue legal action to protect themselves from such egregious attacks, this should be a stark reminder that others lacking such financial resources and/or technical savvy may not be as fortunate.

Obstructive Registrars Facilitate Abuse

Recent lawsuits filed against obstructive registrars and their privacy/proxy service alter egos highlight how challenging it has become to protect consumers targeted by bad actors. In late 2019, Facebook sued OnlineNIC and its alter ego privacy/proxy service, ID Shield, in an attempt to stop them from registering domain names that were used to impersonate Facebook services and deceive people through phishing and other malicious activity. Multiple requests for registrant information of the perpetrators were unsuccessful, leaving suing OnlineNIC as the only meaningful alternative.

More recently, Facebook filed a lawsuit against another registrar, this time Namecheap and its own proxy service, Whoisguard, in order to protect its customers against ongoing scams and attacks. Yet again, multiple requests to unmask the identities of the perpetrators of cybercrimes using infringing domains for phishing and hacking scams, were unsuccessful.

Namecheap responded that it will not unhide registrant information "without a court-ordered subpoena." Of course, a court-ordered subpoena first requires filing a lawsuit in court, running legal costs in the thousands. In other words, Namecheap expects an average consumer or a small business whose rights are being violated to expend a significant amount of its limited resources to protect its rights. Namecheap claims that: "Namecheap takes every fraud and abuse allegation seriously, and diligently investigates each reported case of abuse. We actively remove any evidence-based abuse of our services on a daily basis.” This is hard to believe since as the complaint notes, in the case of every domain name at issue in the lawsuit a notice was given to Namecheap and ignored. Coupled with an "F" rating from the Better Business Bureau for failing to investigate 76 consumer complaints, including several related to fraud and abuse, these claims miss the mark entirely.

Perhaps this reaction isn't surprising as Namecheap is no stranger to facilitating abuse. It has been on the losing side of numerous UDRP actions, including some of the most famous brands spanning the alphabet: ACCENTURE, BLOOMBERG, CALVIN KLEIN, DIRECTV, ELI LILLY, FACEBOOK, GAP, HUGO BOSS, KMART, LEGO, MASTERCARD, NIKE, RED BULL, SAMSUNG, TINDER, VOLKSWAGEN, WALMART, XEROX, YSL, and ZAPPOS.

Namecheap also tries to downplay its conduct by arguing that it is protecting personal private data. Namecheap again misses the point. Cybersquatters who register blatantly infringing and abusive domains such as "download-whatsapp.online," "hackanyinstagram.com," "facebooksupport.email," and others, are using its privacy/proxy service to dupe private individuals and businesses alike into divulging sensitive, private, and financial information. So the very claim of protecting data privacy of its offending customer, serves to prolong the stealing of private information of the many customers and users being duped.

Protecting such cybersquatters and phishers as Namecheap and OnlineNIC do, ends up compromising personal private data of thousands of people whose computers and phones get attacked by phishing and other online scams. One would think, now that its own customers have been targeted by abuse, ICANN would exhibit a renewed impetus to resolving privacy/proxy accreditation and legitimate access to underlying registrant data. Unfortunately, ICANN still awaits its "expedited” procedure that is nearly two years in the making with no end in sight. Is waiting many more years to address the problem of legitimate access to masked registrant data of abusers really the right approach?

Written by Russell Pangborn, Partner at Seed IP

Follow CircleID on Twitter

More under: Cybercrime, Domain Management, DNS, Domain Names, ICANN, Privacy

Categories: News and Updates

Website Security: Are Quantum Computers Going to Hack My Website?

Domain industry news - Tue, 2020-03-10 23:42

No. Now, thank you for your attention.

Last year, some security researchers were discussing a doomsday scenario, that without investing in quantum encryption, there would soon be no way to feel secure over the Internet. (I would add, that a feeling of security over the Internet is misleading at best.) Allow me to break down some of these security peculiarities, which could be worrisome.

So, what's the buzz?

Let's approach this from the very beginning. At the basis of modern encryption algorithms lies a so-called Diffie-Hellman key exchange [1]. It's there at HTTPS when you submit a payment request, and when you send a personal email too.

A lot of boring math happens in there, but at the end of the day, all we have to know is that the only reason a third-party can't guess the shared secret key is because classical computers struggle with factoring integers. Even last year, when a classical computer took a stab at it, it took at least 700 core-years for RSA-240 [2]. For RSA-1024 (that we don't even consider secure enough for the Internet) it would take hundreds of times longer. This is why we use them. With a few simple steps, these algorithms work like a charm and bring safety and security for everyone involved. But are they really secure? Enter quantum computers.

Peter Shor, an American professor at MIT, devised an algorithm that solves this factoring problem in "polynomial time" on a quantum computer. That's a deal-breaker. When compared to the thousands of years of computation on a classical computer, this means that on a quantum computer, it is actually possible to find the shared key that two machines have agreed upon in a secure key exchange, in a reasonable amount of time.

So, what you're saying is, we're doomed?

Not necessarily. Let's remember that everything hinges on the fact that we use integer factorizations to encrypt things. But classical encryption isn't limited to that! RLWE-KEX key exchange, for example, doesn't need those numbers at all, since it's operating on a completely different principle, namely ring polynomials with errors. And there are many other algorithms currently proposed and being considered that are also quantum-proof.

The elephant in the room, of course, is that there is no known quantum computer today that can execute Shor's algorithm. Long live TLS-RSA. (At least for quantum. We are still looking for bugs in there too, but that's a topic for another day.)

So, what you're saying is, we're not doomed?

Not necessarily. Let's look at the past issues. Remember moving from MD5 to SHA-1? Then from SHA-1 to SHA-2? Now imagine the same scenario on steroids. Half of the companies would not be prepared for the inevitable revolution, after listening to people like me who think that there is no way to resolve the decoherence in a quantum computer, and the other half would buy into things that people would be selling as "quantum safe" while being the opposite of that.

And let's not forget about the myriad IoT devices that would be left open in the wild due to their outdated tech. Si vis pacem, para bellum. We are safe right now, but who knows what's lurking in the depths of high-tech corporate laboratories.

The biggest issue is, not a single one of the proposed classical quantum-safe algorithms can currently provide the same level of combined speed and security that are necessary for an Internet user to feel good.

So, are quantum computers such a force of evil?

Necessarily not! True quantum cryptography is theoretically unbreakable! This means that in a perfect world, where no one accidentally leaves a laptop open at the corner cafe, and no one has access to the proverbial "$5 wrench used for key extraction directly from a human", the communication is perfectly secret. Quantum key distribution is based on fundamental laws of physics and guarantees that no one shall ever be able to eavesdrop in transport. And if they do, well, the quantum information is simply destroyed and vanished forever.

[1] Diffie-Hellman Key Agreement Method: https://tools.ietf.org/html/rfc2631

[2] 795-bit factoring and discrete logarithms: https://lists.gforge.inria.fr/pipermail/cado-nfs-discuss/2019-December/001139.html

Written by Igor Bielopolskyi

Follow CircleID on Twitter

More under: Cybersecurity

Categories: News and Updates

Top domain name stories and podcasts

Domain Name Wire - Tue, 2020-03-10 17:31

Here’s what trended in February.

These were the top stories on Domain Name Wire in February, ranked by the number of views:

GoDaddy acquires Uniregistry and Frank Schilling’s domain portfolio – Frank Schilling has cashed out of the domain name business, save for his registry business. He was paid less than $200 million.

Two insurance companies drop their top level domain names – Esurance and Scor drop their dot-brand domain names.

Your choice of top level domain can impact site performance – Some have faster DNS response times than others, test finds.

These companies upgraded their domain names – From dropping ‘my’ to moving to shorter domains, some of these companies bought improved domain names.

L’Oreal sells four top level domains to XYZ – XYZ has stocked up its beauty department by acquiring four top level domain names from L’Oreal.

Miss a podcast? Listen now:

#261: NamesCon Roundup Listen

#262: California AG looks into ICANN (EFF interview) Listen

#263: How a lawyer turned his business around with new domain Listen

#264: Should you get your own TLD? Listen

Post link: Top domain name stories and podcasts

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Top 5 Domain Name Wire stories for November
  2. Top 10 Domain Name Wire Stories of 2008
  3. How much it costs to run a domain name registry
Categories: News and Updates

Are Bernie Sanders supporters this stupid?

Domain Name Wire - Tue, 2020-03-10 16:03

This reaction to a simple domain name forward is all too common.

If you type in BernieSander.com you’ll land on a donation page for Joe Biden. Anyone could have set that up.

My headline is purposely inflammatory and isn’t fair. This post is more a commentary on the state of knee-jerk reactions and associations. More on that later.

If you type BernieSander.com (missing the last ‘s’) in your browser, it will forward to a donation page for Joe Biden.

Bernie Sanders supporters on Reddit flipped out about this, saying it is a sneaky tactic by the Biden campaign.

And Fox News picked up on it, only admitting at the end of its story that the Biden campaign might not actually own the domain.

In fact, it looks unlikely that the campaign owns it. Historical Whois records show that the domain was owned by someone in Houston for a long time. It actually forwarded to BernieSanders.com during at least some of that time. Then, someone in California acquired the domain before adding Whois privacy to the domain name.

But I suppose that doesn’t matter. In this knee-jerk world, Bernie supporters blamed Biden.

Now, back to that headline. I’ve noticed is that whenever someone that supports a political party or candidate does or says something stupid, their competitors often associate every one of their followers with this. So, saying Bernie Sanders supporters are stupid because of their reaction to this domain name forward is wrong. It’s just some of the supporters.

I see a lot of “liberals think this” or “conservatives think this”, often because one person who says they speak for liberals or conservatives says something. Just because one person who identifies as liberal or conservative (or Democrat or Republican) says or does something, doesn’t mean everyone in that camp agrees.

I wish people would just think for a second before jumping to snap judgments.

OK, that’s the end of my soapbox.

[Update: someone has been trying to sell the domain name on NamePros, adding further evidence that the Biden campaign doesn’t own the domain.]

 

Post link: Are Bernie Sanders supporters this stupid?

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

It’s time for domain name renewals beyond 10 years

Domain Name Wire - Tue, 2020-03-10 15:37

The arbitrary 10-year limit should be increased.

Domain name renewal prices are going up.

They’ve been going up for a while, and they’re soon likely to go up in the two most important generic top level domain names:

.Com prices will likely be 70% higher at the end of this decade.

.Org prices will likely more than double in price in eight years.

ICANN has built-in an added “protection” for domain name owners in the event of a price increase. Assuming they are aware of the impending price increase, registrants can renew their domains for up to ten years at current prices.

So, if you have the cash available and don’t mind paying for a service a decade in advance, you can lock-in today’s prices.

Even though they lose out on the increases, registries tend to like this provision. It guarantees 10 years of renewals and all of it is paid upfront.

So why 10 years? It’s a seemingly arbitrary number.

Given the importance of domain names and the risk of loss if a domain expires or becomes too expensive, it’s time for ICANN to increase this cap. And since ICANN treats top level domains as assets now, allowing registries to offer domains for over a decade doesn’t present the complications it would if it put contracts out to bid.

There are three possible registration terms that make sense.

One would be to double the maximum renewal to 20 years. It’s still arbitrary but is substantial.

Another is to offer 99-year terms. This is common in all sorts of leasing, including land leasing. It’s a long time.

The final would be to offer forever registrations. Once you pay for the domain, you effectively own it forever.

Domain name registrar Epik has offered “forever registrations” and I applaud the registrar for the idea. But this can’t take place solely at the registrar level. It has to be at the registry level because, eventually, the registrar will be squeezed by price or might close down. (Epik’s terms allow the company to return the registration fee and cancel future renewals.)

Corporations would be the first to take advantage of longer-term registrations. But I would do it for many of my domains that I never intend to let go, too. I currently register some of my most important domains for many years in advance.

It’s time for the arbitrary registration limit to be removed.

Post link: It’s time for domain name renewals beyond 10 years

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Latest domain name scam spoofs ICANN, worse than domain renewal scam
Categories: News and Updates

.ORG Stewardship Council Will Ensure .ORG's Commitment to Freedom of Expression Continues

Domain industry news - Tue, 2020-03-10 14:05

[The .ORG] Stewardship Council is, in a lot of ways, a natural progression or evolution from our current PIR Advisory Council. The Advisory Council is made up of independent .ORG community members from around the world that provide advice to PIR on policy issues affecting them. The "AC," or the Advisory Council, has been a key part of PIR's work since its inception.

The AC is a very dedicated and reliable body for PIR and has been over the years. That said, it was always a purely advisory body and it had a comparatively narrow remit. The Stewardship Council, by contrast, will have binding authority and a broader scope.

Ethos and PIR believe that the community needs to have a strong voice in shaping .ORG's future. That's why the .ORG Stewardship Council will play a powerful role in influencing PIR's decision-making moving forward. The Council will be instrumental in ensuring that the needs of all .ORG registrants and users remain central to PIR. It will determine how PIR invests in a bigger future for .ORG, and how to invest in philanthropic initiatives to benefit nonprofits and the overall .ORG community.

In addition to clarifying the role of the .ORG Stewardship Council within this PIC, Ethos also publicly released the .ORG Stewardship Council Charter, outlining concrete principles and protocols that will govern the administration and operation of the Council. This includes overseeing a Community Enablement Fund, which is expected to receive a minimum of $10 million over the remaining life of the current Registry Agreement. That will finance existing and new initiatives serving the .ORG community, including the .ORG Impact Awards and other meaningful educational and outreach programs.

Members of the Council will be authorities knowledgeable in fields of mission-driven, charitable and nonprofit organization management, social entrepreneurship, community development, economic empowerment, social advocacy, human rights, philanthropy and related subjects of concern to the .ORG community. We want it to be a cross-section of the .ORG community and .ORG stakeholders.

The Stewardship Council will have authority to provide independent advice, and a binding right to veto modifications proposed by PIR to PIR policies regarding free expression.

We should make something clear — PIR has no interest in censorship as a service. We won't do it. We've always taken our responsibility over .ORG very seriously. We've published our anti-abuse principles that set forth the framework with which we assess DNS abuse, or domain name system abuse, and website content issues. Our anti-abuse program focuses almost exclusively on DNS abuse: things like phishing, malware and bot nets. Those are domain name system issues, so domain name system operators like registries should act to address them.

There [are] also some categories of website content that are so egregious we feel compelled to act. Notably, for child sexual abuse materials, distribution of opioids online, human trafficking, and credible and specific threats to safety.

We've partnered with incredible organizations like the National Center for Missing and Exploited Children and the Internet Watch Foundation to proactively find and root out child abuse imagery on .ORG. We're also working with the U.S. Food and Drug Administration to address domain names that are established specifically in order to distribute opioids online.

To put the abuse question into perspective, however, in 2019 we suspended over 41,000 domain names for DNS or technical abuse. That number is juxtaposed against the total number of domains that we suspended for content issues: ten. Forty-one thousand for domain name system abuse and ten for website content issues.

Of those ten domains, seven were for child sex abuse materials and three were for distribution of opioids online. So while we do act on these egregious categories of content, it's a small fraction of a fraction of our overall anti-abuse practices, which do focus on DNS abuse.

We've never acted to suspend a domain name under our anti-abuse policy for any sort of political speech or political dissent, and we never will. We're very transparent about our anti-abuse activities. We publish our policies and our principles, as well as our statistics on suspensions. So once a quarter we update those numbers. You can find them on our website.

We're proud of what we're doing in this space… The Stewardship Council is a guardrail to ensure that we continue to act responsibly on these issues.

Brian Cimbolic is the General Counsel of Public Interest Registry. Read the full transcript of the March 3, 2020 Community Engagement at www.keypointsabout.org/events

Written by Brian Cimbolic, Vice President, General Counsel at PIR

Follow CircleID on Twitter

More under: Domain Names, Internet Governance, Registry Services

Categories: News and Updates

The Legal Enforceability of PIR's Public Interest Commitment

Domain industry news - Tue, 2020-03-10 14:00

Excerpts from Allen Grogan's March 3, 2020 .ORG Community Engagement

Since Ethos announced its investment in PIR last fall, Ethos has welcomed the opportunity to engage with .ORG registrants and users to hear their ideas and answer their questions. We listened to concerns expressed in the community, and we worked to address them. We announced a number of voluntary commitments that Ethos is prepared to make, and then we listened to feedback from the community on the scope of those commitments, as well as on the enforceability of those commitments.

One of the recurring themes that we heard loud and clear is that key commitments should be legally enforceable, should not be subject to unilateral modification by PIR, and that the community should have some ability to enforce those commitments.

Another recurring theme that we heard was that the community should have input on key policies. As a result of this dialogue, about ten days ago we announced that we would embody these Public Interest commitments in the form of a PIC, a Public Interest Commitment, that would become a legally binding amendment to PIR's Registry Agreement for .ORG and be enforceable, both directly by ICANN and by members of the community through the PIC Dispute Resolution Procedure.

We had previously talked about embedding some of these commitments in the Certificate of Formation of a Public Benefit LLC, but we heard from critics who said it would be too easy for PIR to change those Public Benefit LLC commitments in the future, and that those commitments might not be binding if, in the future, someone else takes over the operation of .ORG. So we wanted a mechanism where PIR could not unilaterally change these commitments, and where these commitments would continue to be binding upon future operators of .ORG.

The PIC, the Public Interest Commitment in the form of an amendment to the PIR Registry Agreement with ICANN, meets the key criteria that the community said were important. First, it's legally binding on PIR. It's legally enforceable by ICANN. It's also legally enforceable by the community through the PIC Dispute Resolution Procedure.

Second, because it's part of the Registry Agreement, it is not subject to unilateral modification by PIR. Any change would constitute an amendment to the Registry Agreement. That's a process that currently requires ICANN's consent, public comment and ICANN Board approval.

And importantly, because these commitments are part of the Registry Agreement with ICANN, they will continue to apply to .ORG regardless of who operates .ORG in the future. Ethos fully intends to stand by the commitments it makes, and we believe that a Public Interest Commitment that becomes part of the Registry Agreement with ICANN meets the criteria that were demanded by the community.

Public Interest Commitments become part of a legally binding amendment to the Registry Agreement with ICANN. These commitments can be enforced in two ways: by ICANN itself, because they're part of a contract between ICANN and PIR, and also by members of the community through an ICANN procedure known as the PICDRP, the Public Interest Commitment Dispute Resolution Procedure.

Under ICANN policies, these legally binding commitments cannot be unilaterally modified by PIR, and they will apply to .ORG regardless of who operates .ORG in the future.

The commitments that would be built into the ICANN Registry Agreement and become legally binding are, first, for a period of eight years from the effective date of the current Registry Agreement, fees charged to registrars for initial or renewal registration of a .ORG domain name would not increase by more than 10% a year on average.

This is pursuant to a precise formula. At no point in time would the average increase exceed 10%. Front loading of price increases would not be permitted. To be clear, this is not to say that PIR will increase prices 10% each year on average. It only means that if PIR does decide to increase the price, it won't exceed that limit. Furthermore, .ORG pricing is always constrained by the competitive marketplace of registrars and registrants.

This eight-year price commitment is longer than the contractual limitations on prices in the only other TLDs that are currently subject to price caps, which are .COM and .NET. And, as noted, in reality .ORG pricing is constrained now and in the future by the competitive market of registrars and registrants, and also by the growing market for many other new domains such as .FOUNDATION and .CHARITY. In addition, registrants always have the protection that they can renew their domain names for up to ten years before any price increase would go into effect, should there be an increase.

The .ORG community will be able to judge us by our track record over the next eight years, and we believe our performance will demonstrate to everyone that claims that have been put forward of wild and indiscriminate price increases will prove to be unfounded.

In addition to these price commitments, PIR would make the following additional commitments in the PIC, which would have no expiration date. PIR would commit to form a Stewardship Council that would have specific authority to veto PIR's policies regarding freedom of expression and protection of customer information. PIR would establish and fund a Community Enablement Fund to help support the financing of initiatives undertaken in support of .ORG registrants. And PIR would commit to publish an annual report assessing its compliance with the PIC and the ways in which PIR has pursued activities for the benefit of .ORG registrants during the preceding year.

Enforceability by ICANN comes about because ICANN has a contractual compliance department. If the ICANN compliance department learns of potential non-compliance with a PIC or receives a complaint, which can be submitted by anybody in the world, ICANN's compliance team will investigate. And if PIR is found to have breached the PIC and fails to cure that breach, ICANN can pursue various remedies, up to and including termination of the Registry Agreement.

Enforceability by community members comes about through this PICDRP process, the Public Interest Commitment Dispute Resolution Procedure. Anyone who believes that PIR has failed to comply with a PIC, and that they've been harmed as a result, can report the alleged non-compliance to ICANN for review and investigation. It can be referred by ICANN to a PICDRP panel, which you can think of as being kind of analogous to an arbitration proceeding, and the conclusions of that panel would be binding on PIR.

We heard from community members who said they wanted a direct enforcement mechanism, we listened, and we responded with a PIC that offers this to the community.

Allen Grogan is a legal advisor to Ethos Capital. Read the full transcript of the March 3, 2020 Community Engagement at www.keypointsabout.org/events

Written by Allen Grogan, Independent Business Owner

Follow CircleID on Twitter

More under: Domain Names, Registry Services

Categories: News and Updates

What domains the Top 100 internet companies in China prefer

Domain Name Wire - Tue, 2020-03-10 13:22

Chinese internet companies like these types of domain names.

I like to study domains used by Chinese internet companies because they are leaders of corporate China in the age of an internet-based society. Their preference will have great influence on other companies in the choice of domains.

Two years ago, I analyzed the 2018 Top 100 Chinese Internet Companies Report. In this article, I’ll use data from the latest report published in August 2019. For each company in the Top 100 list, I used Baidu search to locate its corporate domain.

First of all, .com still rules corporate China. Other extensions are .tv in 2018 and .net and .fm in 2019.

Extension 2018 2019 com 86% 84% cn 13% 14% Others 1% 2%

“Short” is the key as 98% of the domains are 10 characters or less (with the median being 6 characters) excluding the extension. This is more or less the same as 2018.

In terms of domain type, Pinyin leads and is in the uptrend, suggesting more emphasis on the local market. English domains are those made up of English words or English-like words, such as Alibaba.com, Ctrip.com, and Neusoft.com.

Type 2018 2019 Pinyin 37% 43% English 36% 30% Numeric 7% 7% Acronym 10% 9% Mixed 10% 11%

Going deeper into Pinyin domains, 2-pin remains most popular despite a slight decrease.

Pinyin 2018 2019 1-pin 5.4% 7.0% 2-pin 78.4% 76.7% 3-pin 10.8% 11.6% 4-pin 5.4% 4.7%

Among numeric domains, 1N (6.cn) has gone and is replaced with 5N (71360.com). 2N, 3N, and 4N are equally important.

Numeric 2018 2019 1N 14.3% 0.0% 2N 28.6% 28.6% 3N 28.6% 28.6% 4N 28.6% 28.6% 5N 0.0% 14.3%

Among acronym domains, it appears that 3L is emerging as the new leader. We’ll know if this is becoming a trend when we have the 2020 data ready for comparison.

Acronym 2018 2019 1L 0.0% 0.0% 2L 40.0% 33.3% 3L 30.0% 44.4% 4L 30.0% 22.2%

Finally, let’s look at the issue of brand-matching domains. In both reports, 15% of the domains do not exactly match their brands.

Brand-matching? 2018 2019 Yes 85% 85% No 15% 15%

The existence of domains not matching their brands creates selling opportunities for domain investors, and below is the 2019 list of companies where domain upgrade is possible.

Brand Curent Possible Upgrade Ant Financial (蚂蚁金服) Antfin.com Ant.com Giant Network (巨人网络) Ga-me.com Giant.com Qian Cheng Wu You (前程无忧) 51job.com QCWY.com Ying Ke (映客) Inke.cn Yingke.com Sheng Qu (盛趣) SDO.com ShengQu.com or SQ.com Shun Wang (顺网) SWjoy.com ShunWang.com or SW.com Fang Duo Duo (房多多) Fangdd.com FDD.com TAL (好未来) 100tal.com Tal.com Trueland (珍岛) 71360.com Trueland.com Jing Wang (竞网) HNjing.com JingWang.com or JW.com 263 (二六三) Net263.com 263.com Loyo (乐游) Loyo.net Loyo.com Yun Man Man (运满满) YMM56.com YMM.com Xiang Tong (翔通) Xiangtone.com XiangTong.com or XT.com Hai Kan (海看) SDTV.cn Haikan.com or HK.com

In summary, if you want to sell to corporate users in China, focus on short .com domains. Both Pinyin and English names are fine. For acronym and numeric domains, try not to exceed 4L or 4N (even though there is a 5N in the 2019 list).

Post link: What domains the Top 100 internet companies in China prefer

© DomainNameWire.com 2020. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

No related posts.

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer