Verisign just released an overview of their proposed “Anti-Abuse Domain Use Policy” Under ICANN’s Registry Services Evaluation Process. The program’s chief aim is to provide a takedown mechanism of malicious websites distributing malware. In itself, not a bad thing, considering some registrars are unresponsive toward abuse or network stability issues.
However, lumped in with the conditions under which Verisign can invoke their takedown capabilities are some troubling “add ons”, as quoted below:
“The new anti-abuse policy, would be implemented though a change to the .com. ,net and .name Registry Registrar Agreements and would allow the denial, cancellation or transfer of any registration or transaction or the placement of any domain name on registry lock, hold or similar status as necessary:
(a) to protect the integrity, security and stability of the DNS;
(b) to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process;
(c) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees;
(d) per the terms of the registration agreement,
(e) to respond to or protect against any form of malware (defined to include, without limitation, malicious code or software that might affect the operation of the Internet),
(f) to comply with specifications adopted by any industry group generally recognized as authoritative with respect to the Internet (e.g., RFCs),
(g) to correct mistakes made by Verisign or any Registrar in connection with a domain name registration, or
(h) for the non-payment of fees to Verisign. Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute;
The main problem here is Section (b), which let’s Verisign takedown any domain that is inimical toward a government “requirement” or at the “request” of a law enforcement or other governmental or quasi-governmental agency.
What does this mean?
It means domains can be taken down without judicial process and in the absence of any overt network abuse. I refer anybody who thinks the possibility of abuse of this policy is remote to the actions of Senate Committee on Homeland Security and Governmental Affairs Chairman Joe Lieberman, last December regarding Wikileaks – an entity which has still never been charged with any offence in any jurisdiction and which continues to operate in a perfectly legal manner. (Lieberman called on “any company or organization that is hosting Wikileaks to immediately terminate its relationship with them.” – Which sounds like a “request” to me.)
What Wikileaks did was expose bad actions of the various governments themselves, some of those – illegal. It can be assumed that governments that are acting against the interests of their constituents or committing actual crimes have a “requirement” that everybody shuts up about it. Thus any whistleblower, journalist or egregious truth-teller using a domain under .com or .net to bringing light on issues such as these could find themselves with their domain unplugged under this policy.
In the case of Wikileaks, Lieberman’s staff telephoned various web services providers and demanded that they sever ties and cease providing services. Next time all they would have to do is call Verisign and tell them that the government “requires” them to takedown their domain. (Of course, Wikileaks is under .org, not .com or .net, but next time it may not be Wikileaks. Maybe it’ll be Zerohedge. Maybe it’ll be easyDNS. Maybe it’ll be you.)
Under the proposed rules, it’s not just the government that could initiate takedowns but even “quasi” governmental agencies. What’s a quasi-governmental agency? It’s a government created entity that undertakes commercial activities on behalf of the government. That would mean entities like Fannie Mae and Freddie Mac or the Federal Crop Insurance Corporation could takedown any .com or .net domain based on having a “requirement” or making a “request” to do so.
Section (c) is also troublesome: providing that Verisign can takedown any domain to avoid liability to themselves. So if other avenues of removing a troublesome domain fail, you could just simply sue, or threaten to sue Versign and they can unplug the underlying domain.
Last year the US Department of Homeland Security (Immigration and Customs Enforcement) began a series of domain takedowns intended to enforce copyright violations. In one case they seized a third-level domain provider (mooo.com) which resulted in the takedown of over 84,000 unrelated and innocent websites.
Since the ICE takedowns were arbitrary and widening in scope, there became a perceived benefit to using non-US based Registrars for domain registration, as the takedowns were being implemented via court orders to those US-based registrars.
If this policy goes into effect, there are no safer jurisdictions for any .com or .net domain anywhere in the world. They all come under US government, quasi-governmental and law enforcement agency “requirements”.
The Verisign proposal concedes that:
“ Registrants may be concerned about an improper takedown of a legitimate website. Verisign will be offering a protest procedure to support restoring a domain name to the zone. “
Which is not very comforting. What is the “protest procedure” and how long will it take? Will a contested takedown put the domain in an online or offline state while the procedure is implemented, and how long does that take?
If this is to move forward, our recommendations are as follows:
- Section b should be stricken, and the current model that government inspired domain takedowns be requested via the Registrar of record be retained.
- In cases of court-ordered takedowns, Verisign should only intercede in the case of a non-responsive Registrar and again, under a court order.
- Section c should be stricken. Verisign already insulates itself from liability in its Agreements with Registrars and under the various Registrant Agreements already in place. This should not be a back-door method into taking down a domain.
- If a Registrar feels a false-positive takedown has occurred, there needs to be a mechanism to bring the domain back online immediately pending the outcome of a challenge or disputed takedown.
Editorial Add-on by Frank Michlick
I completely agree with the comments by Mark, but I’d like to one step further and comment on the plan to pro-actively scan the domain registration base for malware sites as highlighted in the Domain Name Wire article on the same topic. While I am not a lawyer, I think it is very dangerous grounds for a registry operator to start actively monitoring registered domain names for their content and its compliance with laws. Once a registry does this as a pro-active service, it could imply that the registry becomes liable for sites that it misses in its scans, since it should be aware of the content of the sites for the domains registered through them. I think that a registry should act as a technology provider and facilitator the registry should not be active in developing the policy that decides what is illegal and what isn’t.
(c) 2011 DomainNameNews.com (1)
Tap into the most comprehensive Whois database
on the planet: Discover the details of a domain’s current ownership,
learn a domain’s pedigree and find all the domains ever owned by a
specific company or individual by accessing historical information from DomainTools.com.
The market for catching dropping .UK domains is overrun by many companies, thus making it often a matter of luck who catches the released names. The reason for this is apparently the drop times and order picked at random by the registry along with the low fees for becoming a .UK registrar.
The registry just sent a message to one of it’s mailing lists soliciting feedback from stakeholders for a potential reform of how expired domain names are treated. Nominet also published a document (PDF) that explains the context of the request. The summary mentions and explains issues like expired domain tasting by the registrar, expired domain auctions and drop catching.
The main questions asked by the registry operator are:
- What should the principles of the expired period be?
- What should Nominet’s and the registrar’s obligations be to the registrant in the renewal of domain names?
- Many registrars will have provisions in their terms and conditions which outline what the registrar will do when a domain name expires. What type of notice and level of transparency should registrants reasonably expect where specific practices are undertaken in the expired period?
- In the context of encouraging innovation within the industry, how should Nominet’s policies support the development of new business models whilst ensuring registrants’ expectations are met?
- What further background information would it be helpful for Nominet to provide to the issue group members to assist their discussions?
Instructions on how to participate can be found on the Nominet Website. Participation is open to all interested parties.
(c) 2011 DomainNameNews.com (6)
DomainConvergence 2011, May 12-13, Montreal, Canada
Earlier today the policy staff at ICANN gave a briefing on upcoming policy issues to be discussed at the organisation’s meeting in Cartagena next month.
Here is a brief summary, listed in order of importance to business with added commentary and background. You can also download the presentation [pdf] given by ICANN staff.
1. New generic top-level domains (gTLDs)
Why this is important: New gTLDs will radically reshape the Internet name space. Not only does this open up new opportunities (particularly in the new field of “dot-brand” extensions), but will also have significant legal and marketing implications. The issue should be discussed at top management levels.
New gTLDs will be the dominant topic for the Cartagena meeting, with nearly five years of work coming to a close. The ICANN Board has made clear its intention to finalise the “Applicant Guidebook” containing the rules to apply for a new Internet extension. However, the broader community – which has seen the program delayed several times in the past – remains skeptical that sufficient agreement can be reached given continued disagreement over several sub-issues. Most significant are:
- Vertical Integration: This is the imposed market separation between registries (running an extension) and registrars (selling domains on extensions). The Board surprised many by taking a strong stance on the subject after a year of continued disagreement. It voted for a liberalisation of the current situation, removing ownership rules, at a recent meeting in November. Although that should settle the matter, there will still be argument over how the broad decision is implemented in the rules.
- Trademark protections: The most bitterly fought-over aspect of the new gTLD program. Trademark holders remain worried that a large expansion in the Internet namespace will cause a jump in infringement of trademarks. A long series of compromises have been reached between liberalisation and innovation, and protection of trademark rights. While this issue is of supreme importance to companies, it is unlikely that further impact on the rules is possible at this stage following years of lobbying and many hours of patient policy work and discussions.
- Morality and Public Order: A clause intended to stand in the way of applications for offensive names. Since the subject matter is controversial; so too is the proposed solution. That has been alot of back-and-forth on this issue, mostly between free speech advocates and governments (an explanatory memo [pdf] has been produced outlining the arguments). An entire session has been dedicated to the issue at the meeting. In the end, it is likely that the Board will stick with the most recent iteration (or a very slightly modified form) on this subject contained in the final version of the Applicant Guidebook.
2. Dot-xxx and accountability
Why this is important: The possible approval of the controversial top-level domain ‘.xxx’, specifically for adult websites, will likely bring the issue of ICANN and Internet extensions into a mainstream spotlight. The case also highlights issues surrounding the accountability of the organisation and the influence of governments on it.
Dot-xxx was not raised by ICANN staff on the policy call, mostly because the issue is now a matter for high-level political decision-making rather than staff-aided debate. Most recently (October), the Board resolved that it should have a dialogue with the Governmental Advisory Committee (GAC) about its concerns over the application, specifically noting however that such a discussion should end before the Cartagena meeting.
It is difficult to discern what the end result of this latest twist in a long and ongoing saga will be, but current predictions are that the GAC will not explicitly condemn dot-xxx (it will be hard to do so when many governments have free-speech obligations), which leaves the way open for the ICANN Board to approve the extension and put an end to a highly damaging situation for the organisation.
The issue of dot-xxx is important in a larger sense because if it is approved, it will be the first time that the ICANN Board has reversed a prior decision through its own accountability mechanisms. The issue of accountability has long been a problem for ICANN and has undermined confidence in its ability to manage the domain name system objectively.
The process has also helped define a grey area of decision-making with respect to the role of governments. If approved, governments would, by their own actions, acknowledge that they serve an advisory role and need to justify their decisions in a broader context, rather than possess an implicit veto. The result of that has broader implications for Internet governance and policy in general.
3. Changes to the Registrar Accreditation Agreement (RAA)
Why this is important: If you are considering registering your own Internet extension (see above), this agreement will determine the framework in which your domains are provided. Otherwise, the RAA also creates the legal structure through domain names are registered – and so also abuse of registration policies.
The RAA is the contract between ICANN and domain registrars (those who sell domains). Following the collapse of a registrar a few years ago, during which thousands lost control of their domain names, significant pressure was exerted on this contract which was liberally drawn up back in 1999 in order to help develop the nascent registrar market. The RAA was revised after a 12-month consultation but only introduced modest proposals in return for fast introduction. Since then, a longer process has developed a series of further changes, most designed at either providing greater rights to the registrant, or forcing greater compliance to agreed standards and norms by registrars.
At Cartagena, a final report with various recommendations will be discussed by ICANN’s main policy body, the GNSO. The GNSO will then have to decide what to do with the report – an issue made more complex by the fact that registrars are, naturally, resistant to changes being drawn up that affect their business. The registrars also form a part of the GNSO and will argue that the process used to arrive at the latest recommendations was not sufficiently thorough to result in contractual changes. At the last ICANN meeting in July, registrars complained (with some justification) that a series of suggested changes to their contract drawn up law enforcement and subsequently supported by governments, was putting them into an impossible situation.
The issue of changes to the RAA is a highly charged and political one. Do not expect much movement, especially while the gTLD process remains such a priority.
4. Registration abuse policies
Why this is important: The registration and renewal of domain names is increasingly important and increasingly valuable, particularly for businesses (imagine if your website suddenly disappeared and was replaced by someone else’s). Efforts to prevent abuse of the systems is hampered by the fact there are no universally agreed standards or procedures.
A final report on this issue, which covers cybersquatting, “Whois” access, and contract uniformity was produced in May and the group that authored it was asked to come back with suggestions for implementing its recommendations. The result of that work [pdf] will be discussed in Cartagena. Broadly speaking, the suggested changes that found unanimous agreement and are easiest to implement are being pushed heaviest.
Issues include: greater reporting on the use of “Whois” (registration data); prevention of fake renewal notices; standard procedures for suspending domains; standard procedures for identifying stolen identities and information; and so on. Expect some movement on the “low-hanging fruit”.
5. Whois internationalisation
Why this is important: If you register domain names for subsidiaries in non-English speaking markets, or possibly if you register domains with registries not based in English-speaking countries, you may soon be able (or obliged) to provide your registration details in different languages.
With the introduction of “internationalised domain names” which allow for Internet extension to be represented in different languages, and with the growing global use and multilingual nature of the Internet, it has become inevitable that ICANN needs to allow for registrants to provide their details in languages other than English.
A working group has produced some initial work and ideas that will be discussed and moved forward during the Cartagena meeting. There are also a series of related Whois discussions (the latest in a 10-year effort to improve the current system) that are worth observing.
ICANN is holding a policy call on 22 November just prior to its meeting in Cartagena in December.
The Cartagena meeting will be defined by the likely approval of the “Applicant Guidebook” for new Internet extensions – the sum of five years work. There are however a number of other significant Internet issues to be discussed. This policy briefing will cover them.
It is a teleconference. There is also an online meeting room (run through Adobe’s Connect software). There are two in order to reach people from across the world and the full details are provided below:
Date: Monday 22 November 2010 at 14:00 and 20:00 UTC
14:00 UTC = 06:00 PST, 09:00 EST, 15:00 CET, 19:00 Karachi, 22:00 Hong Kong, 01:00 Sydney (23.11)
20:00 UTC = 12:00 PST, 15:00 EST, 21:00 CET, 07:00 Sydney (23.11), 09:00 Auckland (23.11)
Online meeting room: http://icann.na3.acrobat.com/update
Dial-in passcode: Policy
Country Toll Numbers Freephone/Toll Free Number
AUSTRALIA ADELAIDE: 61-8-8121-4842 1-800-657-260
AUSTRALIA BRISBANE: 61-7-3102-0944 1-800-657-260
AUSTRALIA CANBERRA: 61-2-6100-1944 1-800-657-260
AUSTRALIA MELBOURNE: 61-3-9010-7713 1-800-657-260
AUSTRALIA PERTH: 61-8-9467-5223 1-800-657-260
AUSTRALIA SYDNEY: 61-2-8205-8129 1-800-657-260
AUSTRIA 43-1-92-81-113 0800-005-259
BELGIUM 32-2-400-9861 0800-3-8795
CHINA CHINA A: 86-400-810-4789 10800-712-1670
CHINA CHINA B: 86-400-810-4789 10800-120-1670
CZECH REPUBLIC 420-2-25-98-56-64 800-700-177
DENMARK 45-7014-0284 8088-8324
FINLAND Land Line: 106-33-203 0-800-9-14610
FINLAND Mobile: 09-106-33-203 0-800-9-14610
FRANCE LYON: 33-4-26-69-12-85 080-511-1496
FRANCE MARSEILLE: 33-4-86-06-00-85 080-511-1496
FRANCE PARIS: 33-1-70-70-60-72 080-511-1496
GERMANY 49-69-2222-20362 0800-664-4247
GREECE 30-80-1-100-0687 00800-12-7312
HONG KONG 852-3001-3863 800-962-856
IRELAND 353-1-246-7646 1800-992-368
ITALY 39-02-3600-6007 800-986-383
JAPAN OSAKA: 81-6-7739-4799 0066-33-132439
JAPAN TOKYO: 81-3-5539-5191 0066-33-132439
NETHERLANDS 31-20-718-8588 0800-023-4378
NEW ZEALAND 64-9-970-4771 0800-447-722
NORWAY 47-21-590-062 800-15157
SINGAPORE 65-6883-9230 800-120-4663
SLOVAK REPUBLIC 421-2-322-422-25
SOUTH AFRICA 080-09-80414
SOUTH KOREA 82-2-6744-1083 00798-14800-7352
SPAIN 34-91-414-25-33 800-300-053
SWEDEN 46-8-566-19-348 0200-884-622
SWITZERLAND 41-44-580-6398 0800-120-032
TAIWAN 886-2-2795-7379 00801-137-797
UNITED KINGDOM BIRMINGHAM: 44-121-210-9025 0808-238-6029
UNITED KINGDOM GLASGOW: 44-141-202-3225 0808-238-6029
UNITED KINGDOM LEEDS: 44-113-301-2125 0808-238-6029
UNITED KINGDOM LONDON: 44-20-7108-6370 0808-238-6029
UNITED KINGDOM MANCHESTER: 44-161-601-1425 0808-238-6029
USA 1-517-345-9004 866-692-5726
For a new TLD applicant who is creating a community application or standard application, obtaining the general support (or lack of objection resulting from consultation) from primary groups in the relevant community or stakeholders is a smart play. Many applicants have devised some constructive and mutually beneficial plans to grow broad support, often in equity or some entitlement to a pool of names in advance of the general availability to the public (if and when that comes).
I noticed what I think to be a very well executed and thoughtful execution of this with one of the applicants for a .MLS Top Level Domain.
The following press release came from the MLS Domains Association on August 10th, 2010, which I will narrate.
MLS Domains Association membership grows as special Founder claim period nears an end
Tempe, AZ – August 10, 2010 – MLS Domains Association now counts among its members the MLSs representing more than 511,000 of the nation’s MLS real estate brokers and agents. According to Bob Bemis, chairman of the board of directors of the organization, “We’re delighted with this response. Interest in our effort has grown continually over the summer. The industry is clearly ready to Take Back ‘MLS’!” Meanwhile, Founder members of the Association have claimed more than 70 domains on the ‘.MLS’ top-level domain during a special Founder claim period that ends on August 15.
Call to action + what does this have to do with me? Done. (Nicely played).
The MLS Domains Association is a not-for-profit membership association formed for the purpose of acquiring the ‘.MLS’ top-level domain. “Although we formed the Association with 15 of the leading large MLS in the country, our membership grew slowly at first,” Bemis said. “We have used the last few months to educate MLSs about our effort, and to help MLS executives lay out the value proposition with their boards of directors,” he continued. “Unfortunately, many of those boards meet only sporadically in the summer months,” he explained. In the last two weeks, the Association has welcomed new members such as Metrolist (CA, Founder member), Consolidated MLS (SC, Founder member), Sandicor (CA, general member), Great Plains REALTORS® MLS (NE, general member), and Florida Keys MLS (general member).
Hilight Non-Profit Status. Done.
Explain Hurdles to Membership Growth. Done.
Illustrate Momentum by mentioning at least 3-4 members. Done.
The Association is accepting all levels of members now, but Founder members are currently able to claim domains during a special claim period reserved for them. “Our Founder-level membership is attractive to MLSs that wish to claim a domain name that others may want or that wish to reserve several domain names,” said consultant Brian Larson, who is advising the Association. The Founder fee gives a member the same governance rights as the MLSs that formed the Association; includes a credit to claim up to 12 domains on the ‘.MLS’ top-level domain; and permits Founders to claim up to 10 domains now, during a special claim period, before general members are able to make claims. MLSs can join as Founders and claim domains during the special Founder claim period until 11:59 p.m. CDT on August 15.
Describe how to join in. Done.
Offer First Dibs on 12 Domain Names if you do join. Done.
Entice immediate action with Incentive : 10 extra domains. Done.
Organizations like the Midwest Real Estate Data LLC (MRED) have reserved a variety of names, like ChicagoHomes.mls, ChicagoMetro.mls, ChicagoRentals.mls, and ChicagoRentals.mls.
Another member mention to further illustrate ‘traction’. Done.
Mention some specific domains so that the concept of the attraction is clear and the potential member starts to think about what they will grab in their list of 22 domains before anyone else. Done.
General members will be able to claim domains during a “General Landrush” running from September 1 through October 15. To claim a domain, an MLS must join the Association – annual dues vary based on MLS size. The MLS then pays a “claim fee” for each domain it wishes to claim. “The General Landrush will be attractive to smaller and medium-sized MLSs that want to secure their internet identities with only one or two addresses,” said Larson.
Prove it is real by stating dates.Done.
Just a personal note but this is a very slippery slope. ICANN has ceased communicating any static dates. Yes, this is necessary for getting any support or investment, but I and many others have been both embarrassed and unemployed as a result of expectations placed upon the communication of dates. Tread lightly.
Show reduced but still worthwhile benefits should someone join in some capacity other than founder. Done.
Identify membership is required to participate in TLD. Done.
Promote General Landrush. Done.
Identify Sunrise Process where intellectual property interests are addressed. X
Point out that you are “small” if you do not participate immediately. Done.
Further information is available on the MLS Domains Association Website, MLSDomainsAssociation.org.
Promote website. Done.
Further information is available on the MLS Domains Association Website, MLSDomainsAssociation.org.
Promote website. Done.
Community and ICANN system may be overwhelmed by quantity of policy issues.
As I write this, there are currently 30 open or recently concluded comment periods at ICANN. You can comment on anything from “Interim Paper on Policy Aspects Regarding Introduction of Single Character IDN TLDs” to “Proposed Bylaws Amendment to Add Voting Director from the At-Large Community to the ICANN Board of Directors”. You just missed your opportunity to comment on “Revised Process for Selection of Sites for ICANN International Public Meeting”.
Only one group commented on that last topic.
Is this policy overload? Are little things creating noise and obscuring important policy? Some people in the ICANN community feel the system is broken. Issues without a quantifiable problem can be introduced to the flow, which slow down the process for more important issues.
“There’s a rise and fall of everything, and we might be at a high point [of policy issues] right now, which is why people might be overwhelmed,” ICANN Vice President of Policy Development David Olive responded in an interview with Domain Name Wire yesterday.
There are certainly a number of pressing issues, and the introduction of new top level domain names is adding to the number of hot-button issues.
But what exactly is “pressing”? For Olive, who just came to ICANN this year, he mostly has to take what the various councils (such as Generic Names Supporting Organization, or GNSO) bring to him. He then assigns staff to manage the process of collecting community feedback, and managing the issues until they become policy or are abandoned (if they ever are abandoned). And some issues have been under consideration for years.
A large part of the burden for deciding what’s important falls on these various councils. In fact, the GNSO is currently working on a new way to decide what deserves a Policy Development Process (PDP). Yes, you can comment on that process to determine the process as well.
The Registrar Stakeholder Group commented on GNSO’s plans, noting:
Over the past one to two years, the RrSG has grown concerned about an increasingly overtaxed community and ICANN staff and believes it’s important to both refine the PDP and find a responsible way to prioritize the GNSO’s work…
PDPs should be based on responsibly documented evidence of an issue to be addressed. Anecdotal evidence is insufficient. A reasonable data-driven threshold for introduction of a PDP is a necessary step to concentrating community resources on PDPs where there is evidence to justify a PDPs initiation.
An example of a solution that may be wanting a problem is the recent Inter-Registrar Transfer Policy initiative. None of its proponents knows (or will publicly say) how big of an issue it is.
As long as these councils send policy up the chain, Olive’s team must act on it, no matter how many policies are under consideration at any one time.
“It’s one of our core values and it’s of course part of the bylaws to employ open and transparent mechanisms,” explained Olive.
But to help with overload, his group wants to make the information easier to consume.
“Many of our documents are long, and we’re trying to reduce the complexity with executive summaries so the community can more easily digest important points and figure out if they need to comment,” he said.
They’re also looking at organizing comment periods by dividing them by type (i.e. just public notice, part of ongoing PDP, etc.)
In the mean time, Olive’s team is working with what it has.
“Ideally I’d like to say ‘I’d like to have more staff and resources’, but in the short term that can’t just magically happen,” Olive said.
Another common complaint, at least in domainer circles, is how much weight is given to comments. Olive says that, in his short experience at ICANN, he believes comments are taken very seriously. For example, in the Draft Applicant Guidebook v3, the staff compiled all comments by section and analyzed them, explaining what changes were made as a result of the feedback.
So if you do want to make your voice heard about “Proposed Bylaws Amendment to Add Voting Director from the At-Large Community to the ICANN Board of Directors”, head on over to ICANN’s web site. Someone is listening.
© DomainNameWire.com 2010.
Get Certified Parking Stats at DNW Certified Stats.
- ICANN Hires New VP of Policy Development and Why it Matters
- ICANN Moves Forward on .XXX
- Colombia Faces Uphill Battle to Host ICANN Meeting in December