Another ICANN Sham Review of Public Comments

ICANN has posted their Public Comment Summary Report of the Proposed Renewal of the Registry Agreement for .NET. Once again, it is another sham review of the submissions of the public.

Not only do they dismiss comments and concerns relating to the changes in the RRA, which we wrote about extensively. ICANN staff went even further, and LIED about past comment submissions! At the bottom of page 13, they wrote:

Continue reading “Another ICANN Sham Review of Public Comments”

Our Comments to ICANN Opposing the Dot-NET Registry Agreement Renewal With Verisign

On April 19, 2023, I highlighted negative aspects of the proposed .NET Registry Agreement between ICANN and Verisign.

The public comment period ends on Thursday May 25, 2023 at 23:59 UTC (i.e. tomorrow), and I just submitted my company’s final comments.

I encourage others who care about the rights of registrants to do the same.

Others, including the Internet Commerce Association and TurnCommerce have submitted substantial comments. All of the public comments can be read here.

Red Alert: ICANN and Verisign Proposal Would Allow Any Government In The World To Seize Domain Names

ICANN, the organization that regulates global domain name policy, and Verisign, the abusive monopolist that operates the .COM and .NET top-level domains, have quietly proposed enormous changes to global domain name policy in their recently published “Proposed Renewal of the Registry Agreement for .NET”, which is now open for public comment.

Either by design, or unintentionally, they’ve proposed allowing any government in the world to cancel, redirect, or transfer to their control applicable domain names! This is an outrageous and dangerous proposal that must be stopped. While this proposal is currently only for .NET domain names, presumably they would want to also apply it to other extensions like .COM as those contracts come up for renewal.

Continue reading “Red Alert: ICANN and Verisign Proposal Would Allow Any Government In The World To Seize Domain Names”

Meditations on Domain Name Transfers: Final Call for Comments To ICANN

Today I submitted comments on behalf of my company (Leap of Faith Financial Services Inc.) to ICANN regarding proposed changes to domain name transfer policy. You can read those comments in this PDF, or at ICANN’s public comment forum along with those of others such as the Internet Commerce Association. If you’d like to submit your own comments, the deadline is Tuesday August 16, 2022 at 23:59 UTC.

I’ve written multiple blog posts in the past few weeks, warning about the negative ramifications should their recommendations be adopted. See here, here, here, here and here for those past articles on the topic.

The comment submission reiterates and expands on those past articles. I also took a deep dive into each of the recommendations. It was a considerable effort (at least 40 hours, if not more) in a compressed time frame. It was truly stressful given the deadline would not be extended to mid-September (or beyond) as requested, to be a more reasonable schedule for the amount of work involved. As I note on page 5 of the submission, I could have used more time to reorganize, restructure and condense the material (which amounts to 60 pages!). Consider this a “draft” that wasn’t intended for publication, but is as good as it’s going to get in the time that was provided.

As I note in the conclusion, the most important section is Section E (generate a transaction ID at the gaining registrar, to input at the losing registrar; this way, we can eliminate the TAC). Also, retaining the “Losing FOA” (Section F), at least on an opt-in basis, to preserve the ability to ACK/NACK a pending transfer is critical. Those are the two big counterproposals, although lots of other stuff was important and needed to be said.

The unbalanced nature of the working group composition (registrars dominating) should concern everyone, as registrants’ interests are not being protected.

XPRIZE-style Competition To Improve Domain Name Transfer Security

I’ve written extensively in the past couple of weeks regarding the ICANN transfer policy review’s initial report.   You can read these past articles here, here, here and here. There has also been discussion at the NamePros forum. ICANN has been obstinate in their refusal to extend the comments deadline to mid-September (or beyond) as requested (comments are due August 16, 2022, less than a week from now). [Please do keep trying to get it extended, though! Many folks I’ve talked to are only now beginning to understand the negative ramifications of the report, and need more time to compose a thoughtful response.]

Domain name security, including security of the transfer process, is important enough that it calls for fresh ideas. I propose that ICANN issue a widely publicized and open “Call For Papers” or a competition of some sort, like the “XPRIZE” but for domain name transfer and security procedures. This would encourage academics, security researchers, security practitioners, “white hats” and others to take a deeper dive into the domain name transfer system. They would be encouraged and invited to come up with new ideas that would improve security of hundreds of millions of domain names, which are at the foundation of the multi-trillion dollar online economy.

ICANN agreed to receive a controversial $20 million from Verisign upon renewal of the dot-com contract. It was intended to improve security.

I suggest that a portion of it, perhaps $250,000 to $500,000, be used to fund the total prizes and/or honoraria for an XPRIZE-style competition or call for papers. This is a small fraction of the $20 million.

Such funding would provide an economic incentive to draw new ideas and new eyeballs into the ICANN ecosystem, particularly from academia, rather than from “the usual suspects” who’ve dominated ICANN for the past 2 decades. Transfer security, and overall domain name security, is too important an issue to leave to those ‘usual suspects’.

[To make it clear that I personally would not financially benefit from such a competition, folks should be able to have any prizes/honoraria be directed to charities, rather than to themselves, as I would do to eliminate any conflicts of interest that might be seen from making this proposal.]

Paul Keating Was Right: IGOs Have Undermined The Legitimacy Of The ICANN Model

As I noted in a blog post yesterday, ICANN’s GNSO Council is scheduled to vote next week on the final report of the new IGO working group. Their one-sided recommendations, especially the removal of the “mutual jurisdiction clause” for IGOs, would substantially prejudice the rights of domain name owners to due process in the courts.

In a letter to ICANN in 2018, prominent attorney Paul Keating, who was a member of the original IGO working group that invested 4 years on the topic and which came to very different recommendations (that actually balanced the rights of registrants and IGO), told ICANN that:

To claim that the group was captured is simply nonsense.

He also noted that:

The Mathias letter makes clear that the objective of the IGOs is to discredit the many years work of the Working Group and to undermine the bottom up policy-development process that is fundamental to the legitimacy of the ICANN model. As a diligent and fair-minded member of the Working Group who actually invested the time to examine the issues in incredible detail and reach sound recommendations, I simply cannot accept his attempt to circumvent the Policy Development Process.

Unfortunately, Paul Keating was right: IGOs have undermined the legitimacy of the ICANN model, by relitigating the issue excessively, and ignoring public input until they succumbed to the IGOs demand for removal of the “mutual jurisdiction” clause. As I’ve noted repeatedly, IGOs have been after this unreasonable policy change for two decades!

Why did this happen? One reason is that the new IGO Working Group prevented me and others from participating, and instead was overwhelmingly dominated by those who have no interest in protecting registrants’ rights. This unbalanced representation led to this extremist outcome. I documented the unbalanced participation in an innovative review of the actual number of words spoken during calls, and posted on the mailing list, with the help of Kevin Ohashi. Those charts and the analysis were submitted to the working group via the public comment period (see pp. 27-30 here). This concern was also raised by the Registrar Stakeholder Group, who stated:

Second, the RrSG notes that the EPDP does not appear to contain any representatives from the RrSG, the Registry Stakeholder Group (RySG), and the Not-for-Profit Operational Concerns Constituency (NPOC), and some of the recommendations appear to have significant impact on those constituencies or domain name registrants. The absence of certain constituencies in the EPDP should not be rationale for drafting recommendations that could impact those constituencies. The RrSG strongly recommends that for the Final Report, the EPDP must consider and incorporate the feedback from constituencies not represented on the EPDP.

Let’s take a look at the original IGO working group’s mailing list archives. The “consensus call” process took place in May 2018 and June 2018. There was vigorous and active participation by numerous members of the working group. May 2018 had 75 posts, and June 2018 had 127 posts, for example. Members were active and engaged in the working group. Phil Corwin of Verisign falsely claimed “captured”, as discussed yesterday, but look at the actual activity on the mailing list. Phil Corwin was a member of the registry constituency, but so were David Maher (of PIR) and Crystal Ondo (of Donuts, at the time). Both rejected Phil Corwin’s preferred option (arbitration), and were part of the group’s consensus (which the new working group is trying to relitigate). David Maher explained:

I support Option 1. I understand staff’s concern “that resolving a procedural question (immunity from jurisdiction) can automatically reverse a substantive panel finding, where the court has not had (and will not have) the opportunity to hear the case on its merits.” This problem will only arise if an IGO takes advantage of a UDRP or URS proceeding and then hides behind immunity. It appears from this group’s discussions that IGOs have had few or no problems in supporting their names and acronyms in court and administrative proceedings. For future proceedings, I believe it is justifiable to bar IGOs from invoking an intrinsically unfair legal maneuver.

Reg Levy of Tucows (representing herself, but obviously familiar with Registrar views) was also a participant, and was part of the consensus.

Similarly, Mike Rodenbaugh, former counsel at Yahoo! and a member of the Intellectual Property Constituency, was part of the consensus (and opposed to the arbitration proposal that Phil Corwin desired). I created an unofficial spreadsheet which summarized the input. You can see that it closely aligns with the results by ICANN Staff which were produced later, and the final report (pp. 4-6, and pp. 18-22 which showed the designations of the alternative options which were rejected).

Contrast the original working group with the sham nature of the new IGO working group. Their mailing list archives can be found here, and their phony “consensus call” took place in March 2022. As was noted by the Registrars Stakeholder Group above, there were no representatives from the registrars or registries who even participated in this working group! Contrast that with the original working group (which was open to anyone), which had wide and engaged membership. Their phony “consensus call” amounted to a single email from the chair (Chris Disspain, who dominated the discussions throughout the working group, as noted previously) claiming “full consensus”. Take a look at the mailing list — was there widespread actual public support for that designation? Of course not — they simply manipulate the working group’s processes, to consider “silence” as being “acceptance.”

Contrast this silence with the vigorous debate in the original working group, where members had to affirmatively post their positions, and many did so with their reasoning. This new working group with already unbalanced and limited participation didn’t even bother to do so, as they knew that their unengaged members couldn’t actually justify their positions. They simply “went along with whatever the chair decided”, and sat in silence. The original working group was a model for how all sides had an opportunity to participate, and all views were considered.

The new working group’s final recommendations are an insult to the intelligence of the ICANN community and to those who took the time to respond. Rather than considering the serious deleterious impact of their proposals on registrants’ rights to have the merits of their dispute decided by the courts, the new working group instead decided to double-down on their intellectual dishonesty.

On page 9, they assert that:

The inclusion of an arbitration option in the UDRP and URS does not replace, limit, or otherwise affect the availability of court proceedings to either party, or, in respect of the URS, the ability to file an appeal within the URS framework. Either party continues to have the right to file proceedings in a court, up to the point in time when an arbitration proceeding is commenced (if any).

The working group seeks to pull a fast one on the public, by making this assertion, which did not alter the actual recommendation (which eliminated the mutual jurisdiction clause for IGOs). I called this out explicitly on pages 40-41 of my own comments. I quoted their own words! For example, Jay Chapman said:

So really what the problem is as I see it, the current proposal as written today, it doesn’t provide for due process. It’s a forced process. And at best, it seems to me to be somewhat intellectually dishonest. And I think everyone kind of knows it on the call.

With the mutual jurisdiction requirement also currently sought to be disposed of, it seems to be kind of a wink-wink on the registrant being able to find relief or at least a decision on the merits I suppose by going to court. It’s kind of like the group wants to say, well, good luck with that, Mrs./Mr. Business Registrant. There won’t be any jurisdiction in the court and thus no remedy for you.

Without giving every example (I encourage folks to read my full comment submission), Paul McGrady noted:

Thanks, Chris. It was just the nerdy thing that I put into the chat that a waiver of the right to go to court, those rights that are being given up could really never fully be captured in an arbitration mechanism because the rights in Poland are different than the rights in South Africa, which are different than the rights in the U.S. or whatever. So what we would be doing is creating some sort of amalgam of protections for registrants in the arbitration process that we, I guess, think best blend all the various rights around the world. Then we would be offering that to registrants in lieu of their local protections. And as I said before, I think in the chat, the optics of that, they’re hard to get your arms around that. We don’t want ICANN be accused of overreach, for what it’s worth. Thanks.

Instead, the new working group buries the truth in a word salad of obfuscatory text.

The truth is this — the new working group was chartered to look at a very specific and limited scenario, namely:

      1. An IGO wins a UDRP.
      2. The domain name registrant decides to challenge the UDRP outcome, by going to court, as per the mutual jurisdiction clause.
      3. Instead of deciding the case on the merits, the court decides that it cannot proceed due to the claimed immunity of the IGO.

As explained in my comments, which reviewed the entire history of the UDRP, this scenario has never actually happened. The “expected outcome” was that a court should find that the “mutual jurisdiction” clause amounts to a waiver of immunity, and thus the court can proceed. To attach some numbers, I would argue that if left unchanged, the current policy would result in 95%+ of such court cases to find that the IGO has waived immunity, and the court can decide the dispute on the merits. Our work was focused on deciding what to do about the “other 5%” of cases, that would theoretically fall through the cracks, and the original working group came up with a solution to that problem (i.e. vitiate the UDRP, and put both sides in the same position as they would be had the UDRP not taken place, so that the case can then proceed in the courts, mirroring the actual legal rights of the IGOs and respondents had ICANN never created the UDRP policy in the first place; as I noted in my comments, a “Notice of Objection” system would be an even better solution, see page 15+).

But, what did the new IGO working group do instead? Rather than focus on their limited mandate, they went far beyond the scope of their charter to relitigate already decided issues. I documented this on pages 31-35 of my comments. By removing the “mutual jurisdiction” requirement for IGOs, the working group completely changes the likelihood of the scenario above. Instead of focusing on a rare scenario, and what to do about it, they actually transformed the rare scenario into the expected scenario! Without the mutual jurisdiction clause for IGOs, instead of say 95% of courts deciding the case on the merits (leaving 5% of such cases undecided on the merits), the reverse would happen! Courts would overwhelmingly find that domain owners could not proceed to a decision on the merits in a dispute with the IGOs, as there was no waiver of immunity. So, 95% of cases (instead of 5%) would (under the new working group’s proposed elimination of mutual jurisdiction) now be in a state where the court could not proceed to a decision on the merits — i.e. the cases would be thrown out on a technicality, rather than be decided on the merits.

Instead of recognizing this perversion of justice, the new working group attempts to obfuscate things by claiming that nothing prevents a domain owner from filing a case in court. This is a ridiculous and misguided statement — it’s obvious ICANN can’t control anyone’s right to take anyone to court, but what it can do (and will do, if these recommendations are adopted) is prejudice the actual outcome of what happens at that court! This working group turned an unlikely scenario into the most probable scenario, thereby harming registrants’ rights to have their disputes decided by the courts.

This is exactly like the scenario with UK and Australian registrants/registrars that ICANN created due to bad policymaking, whereby there’s no cause of action to challenge a UDRP. I warned about this in March 2022. By the logic of the new working group, there’s “no problem here”, because registrants can still file a court case (even though they will overwhelmingly have their case refused and not be decided on the merits!).

In conclusion, this new working group’s work must be rejected. It was the product of a group with unbalanced and unengaged representation (in contrast with the original working group that spent 4 years on the topic). Furthermore, their recommendations do not stand up to even the most basic scrutiny, as noted in the original comment submissions. Simply pretending that registrants can still go to court, when they’ve knowingly tilted the probabilities of what would take place at those courts, insults the intelligence of the community.



ICANN GNSO Council Was Misled Regarding Alleged Capture Of The Original IGO Working Group

Next week, the newly-created IGO Working Group’s Final Report is due to be voted upon by the ICANN GNSO Council, according to agenda item #5. As previously discussed, that working group’s report is an utter sham, and doesn’t reflect the public comments that were opposed to the recommendations.

It’s important to note that this isn’t the first working group that reviewed this issue. The prior working group (that I was a member of; the new working group would not permit me or others with similar views to join) came to very different conclusions. That report was attacked by Phil Corwin of Verisign, in a minority statement that falsely alleged “capture”. How do we know that this was a false claim? We need only look at Phil Corwin’s own statements in November 2017 (prior to the consensus call, when the results were not yet known as to the final recommendations), where he stated:

So far as the values of openness, transparency and inclusion, this working group has been completely open and inclusive. We have – we did extensive outreach to encourage participation by GAC members and IGO representatives. They chose not to become members. That’s not on us; that’s on them. Everything we’ve done is transparent. There’s transcripts, there’s documents.

So far as representativeness, if there is any attempt to besmirch the work of this working group when we issue our final report with allegations that have been captured by any particular group or did not represent enough the different components of the ICANN community, we’ve already – the cochairs have already reviewed that with staff. And while this is a small working group, there’s no requirement that every working group have dozens and dozens or even hundreds of members, but we have had sufficient participation from different parts of the ICANN community, I think, to refute any such allegations if they should arise. [pp.14-15 of transcript]

So, prior to the final results of the working group’s efforts being known, Phil Corwin was happy to defend the output of the working group. In fact, Phil Corwin expected that his preferred option (which involved arbitration) was a shoe-in to be adopted.

He even openly invited me to go on the record with my claims that he (as a co-chair) had abused his authority (in attempting to use an anonymous poll, in violation of ICANN’s transparency requirements), see:

Number one, and, you know, I don’t want to make a big deal out of this but George has stated several times in writing and now just orally that he believes the cochairs have abused their authority. I reject that categorically. The cochairs have been very careful to not cross any bright line in abusing their authority to be administrative and not push toward a particular sharing information about internal ICANN developments is not the same as pushing a particular policy goal. We had a full discussion and the vote could have gone the other way and then we – that wasn’t the will of the working group.

But if anyone who is a member of this working group feels that the chairs have abused their authority, please go ahead and – that they’ve been treated unfairly, go ahead and file a complaint with the ombudsman and have it investigated. But I reject any suggestion of that. [pp.11-12 of transcript]

Why should he be upset, then, when I did successfully file a Section 3.7 appeal, one that was entirely meritorious, as documented on the mailing list archives (see Dec 2017 and beyond)? After that successful appeal resulted in transparent processes to determine consensus, it turns out that Phil Corwin’s preferred outcome of arbitration was completely rejected, with consensus against, as noted in the final report (pp. 19-20, with Option #3 [arbitration] showing “Consensus Call Outcome: MINORITY VIEW (WITH CONSENSUS AGAINST THIS OPTION“).

So, there you have it. When the results of the working group didn’t go his way, like a hypocrite Phil Corwin changed his tune completely and attacked the working group at GNSO Council (a working group that he had great control over, given his role as co-chair). Phil Corwin ignored the fact that he himself openly claimed that working group was representative and shouldn’t be “besmirched” before the results of its processes were determined. He only claimed those processes were “captured” after they resulted in recommendations that differed from his preferred outcome.

GNSO Council was completely misled. On that basis alone, the foundation for creating the new working group was built on a lie.

Why is this important? This led to the creation of a new working group that doesn’t reflect the views of impacted parties (particularly registrants). Indeed, this new working group has ignored fundamental criticisms that were made in the public comments. For example, the Registrar Stakeholder Group’s comment noted that it “has serious concerns about a number of the recommendations in the Interim Report that are contrary to the EPDP’s charter, the position of the ICANN Board, and could prejudice the rights of domain name registrants.” (page 1)

My own detailed submission explained how this new working group’s recommendations are untenable, and the entire history of the issue (including the comments from 2019, which documented the first working group and how its efforts were sabotaged when its recommendations went before the ICANN Board). I encourage anyone who is open-minded to review those thorough submissions, and contrast them with the haphazard recommendations produced by this new sham working group.

In conclusion, the new working group’s final report must be rejected, if ICANN and the GNSO Council value integrity of their processes. In the event they accept this report, they will further delegitimize themselves, and openly declare that their processes are open to manipulation by insiders who wish to promulgate extremist policy views that have been rejected for two decades. “Backchannel sabotage” (see page 45) should not be rewarded.


Red Alert: Get your domain names out of the UK and Australia now!

If you are a domain name owner using a UK-based or Australian-based registrar, you should seriously consider moving your domains elsewhere, as you apparently have no legal rights to judicial review in their courts after an adverse UDRP or other domain dispute procedure. In other words, you are a second-class citizen if you’re exposed to registrars in those jurisdictions, compared to other jurisdictions in the world. I would strongly recommend that you move your domain names out, or at least get your own independent legal advice.

Continue reading “Red Alert: Get your domain names out of the UK and Australia now!”

I Solemnly Swear That I Am Up To No Good

ICANN has a public comment period that ends today for “Proposed Revisions to the ICANN Documentary Information Disclosure Policy.” Below is a PDF of my full submission, which begins as follows:

Dear ICANN org,

In the Harry Potter series of books and films, access to the Marauder’s Map was granted by saying the phrase “I solemnly swear that I am up to no good” after tapping the map. I imagine that the ICANN staff who crafted these proposed changes to the Documentary Information Disclosure Policy (DIDP) had that quote in mind, either explicitly or implicitly, when they sat down to edit the existing version of the DIDP.

[read the rest in the following PDF]

Submission of Leap of Faith Financial Services Inc. to ICANN Regarding Proposed Revisions to the ICANN Documentary Information Disclosure Policy

ICANN Incompetence On Full Display With the RPM PDP Phase 1 Final Report

ICANN holds themselves out as an organization that is highly competent, but that could not be further from the truth. More evidence of their utter incompetence can be seen in the ICANN RPM PDP Phase 1 final report, which has a deadline for public comments of May 21, 2021 (this coming Friday). [Originally the deadline was going to be April 30, 2021, but I demonstrated how that was unacceptable, and they changed it.] I scanned through the document quickly this afternoon, and was appalled that it is replete with glaring and obvious errors. ICANN staff, GNSO Council, and anyone associated with this report should be ashamed that their names are attached to it. Of course, I’m unfairly banished from all ICANN working groups, so I have no responsibility for their obvious errors.

Continue reading “ICANN Incompetence On Full Display With the RPM PDP Phase 1 Final Report”