ICANN: Domain names aren’t property

ICANN is embroiled in an ongoing civil court case between victims of terrorism and the government’s of three countries, in the case of Rubin & ors v Iran and other actionswhich are in federal court in the District of Columbia. (Michele Neylon reporting).

Essentially the form of the current Claim is that ICANN are seeking to quash a court order that requires them to transfer the management of three Top Level Domain names to the successful Claimants in a number of separate actions against the Governments of Iran, Syria and North Korea.

ICANN’s full Application to Quash has been published here.

When analysis ICANN’s argument it appears to be that

(a) domain names, at the top level which consist of two letters only (i.e country-code domain names, or “ccTLDs) cannot be regarded as property;

(b) that even they are property they aren’t the sort of property that can be seized in law;

(c) that even if they are seizable property, they aren’t owned by the countries concerned;

(d) even if they are owned by the countries concerned, they aren’t inside the court’s jurisdiction;

(e) even if they are in the jurisdiction, a US Federal law giving immunity to foreign governments prohibits the seizure;

(f) even if that law doesn’t prohibit seizure, ICANN acting along cannot transfer ownership

(g) forced transfer would destroy the inherent value in the property.

The property question is particularly interesting and relevant, since many ccTLDs have invested major resources in developing their registries, and at least at first blush, ICANN appears to be saying they have no rights whatsoever to the delegation.

Even to raise such an argument appears that it might destabilise the smooth functioning of the Internet’s unique naming system . . .




An Open Letter to the Foreign Secretary and the Minister of Justice

Dear Messrs Hague and Grayling

The recent developments in Brunei where the Sultan is introducing a harsh Islamic judicial code have been widely reported, by the BBC among others, and have produced protests world-wide.

It is little known by the general public that the highest Court in the Brunei court system actually sits in London, and is part of the UK judiciary.

It is noteworthy that, originating in Britain’s Imperial past, the jurisdiction of the Judicial Committee of the Privy Council to hear appeals from Brunei has been continuous since then. Brunei-originating cases, once addressed to Her Majesty-in-Council, are now heard by the Privy Council in the name of the Sultan of Brunei.

I feel that the UK must respect European international norms regarding fundamental rights.

The death penalty is inappropriate in all circumstances. To prescribe a penalty of death simply for being gay or for adultery is, in my opinion, (and, I am sure, in the minds of the overwhelming majority of British people) disproportionate in the ultimate extreme.

It  seem very strange for the Privy Council to continue to hear cases from a country that has now developed in a manner that is so far removed from our own 21st Century standards of fair treatment.

I think this needs to change. I therefore call upon the British Government to take action, and to abrogate the agreement whereby a British Court continues its role the highest court in the land of Brunei.


Nigel Roberts LLB, FBCS, 6th May 2014

For further information: telephone Nigel Roberts on 020 7100 4319


Can Data Subject Access rights ever apply to spies?

Data privacy and data protection is something that — on paper — European countries take seriously.

Google has found itself in hot water from time to time. There’s a widely publicised complaint to the Irish Data Protection Commissioner about Facebook.

In the wake of the Snowden revelations, it seems everyone is talking about who knows what about whom!

European Data Protection law also provides for something called Data Subject Access. This may differ slightly from country to country. But it essentially means that you can write to someone who is storing and/or processing personal data about you, and they must send you everything they hold on you in a form that is easily understandable.

In the UK it is implemented by Section 7 of the Data Protection Act.

A small fee is allowed to be charged. It is currently £10 in the UK

The controller must

  • tell you whether any personal data is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and
  • given details of the source of the data (where this is available).

This right is not absolute, of course. There are a number of exceptions (known as exemptions).

It’s very obvious that some data should not be disclosed, particularly where it is about several people, and disclosing it to you will disclose information about someone else.
Medical confidentiality has an impact. So does national security.

Specifically data held for the purposes o the prevention or detection of crime; the capture or prosecution of offenders; and the assessment or collection of tax or duty is exempt from Subject Access.

Data is also exempt from Subject Access for reasons that involve national security or the armed forces.

So on the face of it, GCHQ, MI5, MI6 and “the port office” would appear to be able to do what they like, and store information about you, whether it was obtained by them directly, or was given to them by the NSA.

However, I submit that the true construction carries with it an important implied qualifier: the word “lawfully”.

The right to private and family life guarantee by the constitutions of most European states (with the exception of the UK) and throughout Europe by the EU Charter and the Convention on Rights and Fundamental Freedoms permits privacy to be infringed by the State in certain circumstances.

They are that the infringement is

  • necessary in a democratic society
  • in accordance with law
  • proportionate to the aim to be achieved.

The joint test of necessity, lawfulness and proportionality.

Even if something is necessary, it has to be lawful.

Even if necessary and lawful, it has to be proportionate. (No sledghammers for cracking nuts.)

So, if, theoretically, the State collected all sorts of data about you unlawfully, but that data was sitting there in Government owned computers, I would suggest the national security exemption would not apply, and therefore that data is susceptible to s.7 Subject Access.

Wouldn’t it be something if the courts agreed?






Spats and show tunes

spat  (spt) n. 
(1)  An oyster or similar bivalve mollusk in the larval stage, especially when it settles to the bottom and begins to develop a shell. (2) A cloth or leather gaiter covering the shoe upper and the ankle and fastening under the shoe with a strap: The waiter wore spats as part of his uniform.. (3) A brief quarrel. (4) [Informal] A slap or smack. (5) A spattering sound, as of raindrops.


There’s a spat between MarkMonitor and the Non Commercials.

You can read about it here. To be honest, even after reading this twice, I’ve no idea what the issue might have been.But whatever it was, I hadn’t heard of it before the refutation was publicised.

There’s something called the Streisand Effect, after Barbara Streisand.

And sometimes that’s worth bearing in mind, no matter how much one may feel or want to respond by yelling back.



Reflections on ICANN turning 46 in China

I’ve just returned from Beijing, China where ICANN held its 46th International Meeting.

As many of you know, ICANN is a strange and interesting organisation. Part United Nations of the Internet, part International Olympic Committee, part knockabout yah-boo-sucks debating chamber (like the British House of Commons, perhaps with Marilyn Cade in the part of the late Margaret Thatcher), part charitable good cause, part travel club, and a few other things I’ve no doubt overlooked.

But I’m getting the feeling that somehow, in all of this, something fundamental is starting to be overlooked.

When ICANN was founded (and I was — as one of the participants in the US Government’s International Forum on the White Paper — one of ICANN’s founding “members”¹), it was designed, by Ira Magaziner and the rest of us to be a multi-stakeholder, agile, organisation that “co-ordinated” internet naming matters.

That sort of organisation was needed because “internet time” moves at a much quicker pace than normal intergovernmental regulation could hope to keep up with technological development.

But — it seems — ICANN is beginning to do what it should not, and stray into matters of content.  Although some of the more authoritarian governments are attempting to use ICANN as a lever to control content (such objections to .GAY and .HIV), it’s not only from such quarters that the challenges to fundmental rights are coming.

ICANN will have to find a path through this thicket.

It appears to me that new CEO Fadi Chehadé may (and at this point I only say ‘may’) be the right person to do it.

Certainly, it seems to me the celebrity Hollywood style of his predecessor, although highly entertaining would — if allowed to continue — have probably sunk the boat.

Now back from China, I am reminded of an ancient chinese curse:

‘May you live in interesting times’



(¹ I put ‘members’ in quotes becuase, peculiarly, for a non-profit org, it HAS no members).


Stop the Dangerous Blogs Bill

In England, a number of journalists and media industry figures broke the law.

They hacked cellphones and computers. They bribed police officers for stories.

Their behaviour was so egregious that a number of people have already been convicted and jailed, and there are charges still pending against others.

That was wrong. But that conduct was always illegal.

The British Government asked Lord Leveson for a solution to the excesses of journalists.

He said he wanted to regulate print media.He proposed that judges  be allowed to award exemplary damages and full costs against unregulated publishers.

Regulation of the press takes us some way back towards the Star Chamber. What is are proposed are stringent and controversial measures, but even their architecht only envisaged them applying to large and powerful publishers. Not websites (unless they belonged to print publishers).

Last weekend, the proposals were agreed in a rush, without public consultation, and with scant attention to detail.

The result is that they apply to any size of publication.

If there’s more than one author, the content is edited and there’s a business involved, then you must join up to be regulated. Even trade commentators such as DOMAININCITE.COM, for example, would appear to fall under this.

Most blogs aren’t powerful publishing houses. But the would need to be regulated, or face punitive measures if it ended up in court.

The threat of websites being regulated like this was never the purpose of Lord Leveson’s recommendations.

Websites weren’t involved in phone hacking.

There is no evidence that they need to be forced into self-regulation like this.

It is a serious infringement of the right of free-expression that fails the test of necessity and proportionality to make it legal.

If this is not corrected now, some English or Scottish blogger will find him or herself in the middle of an expensive and messy court proceeding that has the likelihood of going all the way to Strasbourg.

Take a few minutes and email Nick Clegg, Harriet Harman, and David Cameron to ask them to back off and leave the Internet out of Leveson.



Why do developers use outdated country lists?

Something’s puzzling me.

The ISO-3166-1 country code list is not a static thing. New countries and territories appear on the list. Others disappear.

In the 20 or so years I’ve been dealing with these things professionally there are many examples. The Aaland Islands (AX) for example, and South Sudan (SS) have appeared. Yugoslavia (YU) and the German Democratic Republic (DD) have disappeared. Guernsey and Jersey (GG and JE) were added to the list in 2006.

Yet many e-commerce websites I see have drop-down lists for “Country” in their address entry fields are missing many of the recent additions to the list.

Leaving aside the fact, that in some circumstances the list is just the wrong thing to use (for example airlines using the list to classify passport details — the ISO list is NOT the same as a list of nationalities), why would any website developer intentionally choose to use a seriously outdated list, when the current list, and announcements as to changes is easily accessible these days from ISO itself who even publish a change-tracking page.

This has real serious economic effects on individuals. Guernsey and Jersey residents often end up paying a surcharge of 20% on goods ordered over the web as a direct result of this

Now, maybe I’m being picky, but I think if you advertise yourselves as specialists in search engineering you ought to know what the correct ISO list contains.

After all, a website’s location and target audience does form part of the myriad inputs to Google’s magical PageRank algorithm, don’t they?

I was on the point of ordering a particular SEO firms service (I won’t mention them to spare their blushes, but I can see their name as I write this).

But when I got to the address form, guess what — the drop down list didn’t include an option for the particular country/territory the organisation I was planning to order the service for. So guess what — that particular SEO firm lost a sale.

Is YOUR site up-t0-date?


PS: By the way, although I just checked that everything that should be there on our own webforms, is,  to prove it,  here’s a little challenge, which will help us in our own quality control.

Now there’ve been some fairly recent changes to the ISO list — and the first person who identifies an instance of a missing country code in any of the webforms on WWW.CHANNELISLES.NET will win a CHANNELISLES.NET USB key (Note: this is a great little device — it’s got masses of storage, it’s in the shape of a real key, and fits on your keyring with your house keys so you always have it with you).

We’ll also offer another USB key for the person who submits the website (any website, anywhere in the world) that has the a drop-down list with the most missing entries.

In both cases we’ll use the latest version of ISO-3166-1 to compare.


Welcome to DomainPulp!

Since about half of my articles are about the Internet Domain Name industry, I was challenged to come up with a clever brandname for that side of my writing the other day.

You know, one that might be even half as clever as the paronomasiac  DOMAININCITE.COM

Sadly, I was unable to match Mr Murphy’s cleverness.

But I did find something that expresses what is a wide sweep of the domain name industry that I cover. So welcome to Domain Pulp!

For the time being we’ll still be carrying on as normal on WordPress, kindly hosted by BLACKNIGHT.COM.

But we manage to get more material, including guest contributors (HINT), I will move it to its own platform.




How I learned to stop worrying and love the insecurity

A ‘source close to’ ICANN, the International Organisation responsbile for the co-ordination of the internet’s naming system, tells me that they are :

“assuming that every inbound/outbound IP packet over the course of the ICANN conference will be thoroughly inspected and dissected” and that “it’s likely that it will be  impossible or extremely difficult for anyone attending to establish a VPN.”

First of all, I doubt things will be as blatant as this. Beijing is not Pyongyang.

China is the worlds largest nation, Its prosperity depends on its relationships with the rest of the world. No matter what it does with its own population’s access to information, it seems to me that it is not likely to jeopardise its standing in the world by excessively locking down normal standard internet access for some of the most important people in the internet world while they meet in its capital to decide the future shape of the ‘net.

Of course that doesn’t mean that things will be quite as straightforward as they are in, say, Canada or Germany. China hosted a similar (but smaller) international meeting in Shanghai somewhat over ten years ago. Most things worked. I did find BBC news to be inaccessible — which was a bit of a black mark — but that was just a duhka, easily overcome with the right kind of meditation.

Now I have no doubt that Unit 61398 will also have a plan to to safeguard the economic well-being [of the People's Republic]‘.  After all, it’s only reasonable to expect that China would avail itself of opportunities that the UK and USA would not fail to pass up, would you?

Unit 61398


So what could attendees do? I mean that’s proportionate and sensible.

First of all, as Douglas Adams would say: ‘DON’T PANIC’.

I mean, really, you are probably not as important as you think you are.

But, if you work for a corporation, you do have a duty of care to your employers and shareholders so you should not be blind to the possibilities.

The easiest thing is, that unless you have skills in data destruction (DBAN is your friend),  it would be quite sensible to take a brand new laptop to Beijing. Data can’t be stolen from it if it was never there in the first place.

And, unless you are going to keep your electronics close to your breast 24 hours a day, even when sleeping, it seems to me that, rather than interception of your emails,  the biggest threat is that of the ‘evil maid attack’.

If you leave a laptop unattended for even a short time, mirroring your harddisk is a trivial task for someone who has physical access to it.

You can buy a cheap netbook at Tesco (UK) or BestBuy (US) for not much more than two or three hundred dollars.  Cheap at twice the price. There are slightly more sophisticated techniques you can use, too.

Secondly, don’t forget that you might have sensitive information etc on your tablets and iPhones. Leave them at home and take a new GSM only device if there’s a possibility of commercially sensitive data being on them.

Finally, if my sources worst fears are confirmed, and you find that after all you cant ‘call home’ securely (i.e. using your corporate VPN) over the internet, then just sit back and enjoy the holiday away from the routine rush of work emails.

You’ll probably realise that 90% of them you didn’t need to see.

Consider the time you will gain as sesshin.


ICANN LA to be broken up; begging letters to stop.

Fadi Chehadé’s new broom at ICANN continues to sweep the house, according to reports just in from Singapore.

Apparently  his X-wing fighter has scored a direct hit on the ICANN LA office (affectionately known to some as ‘the Death Star’, after ICANN’s logo) and it is to be broken up. This is in an aim to make ICANN less US-centric.  Fadi Chehade portrait[1]_2

A new term: ‘service hubs’ are to be established in Singapore, Istanbul, and LA. A number of people in LA office will be asked to relocate move to the other hubs. This should prove a real career opportunity for the right people, while, inevitably, I expect this means some familiar faces among the staff will take the opportunity to move on

Not content, with that, ICANN is to cease asking ccTLD registries to contribute to ICANN’s chest — which currently bloated with doubloons and pieces of eight from newTLD application fees.

What effect this will have on ccNSO funding mechanisms or gTLD perceptions is yet unclear but should be interesting to watch.


Powered by WordPress. Designed by Woo Themes