The historical operator of the .UK Nominet in troubled waters

The historical operator of the .UK Nominet in troubled waters
credit image: www_slon_pics

This Monday, March 22nd, at 5:15 pm CET, Nominet, the historical registry in charge of the extension of the United Kingdom, the .UK, announced that the motion aiming to dismiss five members of its board of directors, including the current CEO Russel Haworth and Chair Mark Wood, was approved by 52,74% of the members who expressed themselves in this consultation.

According to its statutes, when a motion is supported by a majority of its members, Nominet must organize a consultation of all its members. Thus, this Monday, March 22, an Extraordinary General Meeting (EGM) was convened to rule on the motion carried under the banner PublicBenefit.uk pushed by Simon Blackler, CEO of the hosting company Krystal, who asked to organize a vote to remove five members of the Nominet board. Among those targeted by the motion were the CEO Russel Haworth and the Chair Mark Wood. A motion with serious consequences for the organization.

At the roots, decisions and actions that have displeased

At 17:15 CET the results of the consultation were announced. 740 members of the registry operator tipped the balance toward this motion, leading to the immediate departure of the board members.

At the roots of the protests was a growing dissatisfaction among some members that crystallized around decisions and communications of the dismissed Board that could give the impression that the registry operator was increasingly turning away from its original foundation as a non-profit organization with public interest commitments to an overly commercial orientation.

Among these decisions, commercial efforts to diversify the activity of Nominet financed by the increase of the prices of the .UK and the reduction of the charitable contributions. Another thorn pointed out by those opposed are the salary increases for members of the board of directors while the operating profits of the organization have fallen over the same period. But without a doubt, the spark that set off the whole campaign came from the brutal closure of Nominet’s online members’ forum at the last annual meeting when CEO Haworth used, in his words, “the wrong tone”.

The management in place had presented a roadmap in the form of a mea culpa a few days before the vote. It consisted of seven major commitments: a freeze on the price of the .UK extension, a freeze on board members’ salaries until the end of 2022, a £20 million investment plan in the operator’s infrastructure, a public interest program focused on young people’s digital problems with £4 million dedicated within three months, the implementation of a new exchange tool for its members, the launch of a Registry Advisory Council (RAC) of elected members who will be able to give their opinion on the policies conducted and greater transparency on the organization’s finances. However, this has not been enough.

What consequences for the operator

Nominet is a major player in the Internet address ecosystem. Their market share of 8.07% of all web addresses in country codes testifies to this. Nominet claims 17,568,576 registered addresses in its extension, which places it in fourth place after .CN, .TK and .DE. The difficult situation faced by the operator is anything but insignificant.

Today, Nominet finds itself with an interim board with an interim chairman, one of the remaining non-executive directors and no CEO. Six unseated board members have chosen not to resign and stated that they will “work on a change of strategic direction”. Nevertheless, they could be blamed for their participation in the decisions taken over the past several years that have led to this situation. A difficult situation for the organization. The former management suggested that this motion could destabilize the organization permanently and perhaps even lead to a split in its activities.

For now, two statements indicate the direction Nominet is likely to take. The first comes from interim president Rob Binns, who sent an email to Nominet members late Monday, shortly after the results were made public:

“I am writing to inform you that the EGM motion passed,” he said before promising that the board had “heard the clear message from the membership and that Nominet will change.”

“The board’s immediate priority is stability, starting with Nominet’s governance and leadership while continuing with the seven-point plan and beginning to address the issues raised over the past few weeks.”

The coming weeks will be crucial for the future of the organization. It will be necessary to renew the vacant positions at the head of the organization and to find the levers to ease the internal and external tensions and worries. It is legitimate to question whether the roadmap left by the former management is the right one, especially since Publicbenefit.UK had other proposals and also had the ambition to push a second motion that was not validated, which consisted in appointing two interim directors – the former chairman of the BBC Trust, Sir Michael, and industry veteran Alex Pawlik, director of RIPE, a historical regional IP address registry. From the perspective of replacing vacancies these people may come forward and when you look closely the proposals from Publicbenefit.UK are not far from the above. Let’s hope that reason will prevail in a compromise. There is no doubt that this is the best thing we can wish for this historical central player in the ecosystem of Internet addresses whose missions and stability are central to the DNS as a whole.

A much awaited first report on DNS abuse in the new extensions

A much awaited first report on DNS abuse in the new extensions

While the fate of 25 not yet delegated new extensions remains to seal, which represents approximately 2 % of all the accepted extensions during the current opening round, ICANN has just published a study on the proportion of DNS abuse in the new extensions launched after 2012.

The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team ( CCTRT), which is mandated by ICANN to examine the extent to which the introduction or expansion of generic extensions has promoted competition, consumer trust and consumer choice. By defining the parameters of the study, the CCTRT tried to measure the rates of the common forms of unfair activities in the system of domain names, such as spamming, phishing and distribution of malware.

As a reminder, phishing is a technique used by swindlers to obtain personal information with the aim of committing identity thefts.

What is the report based on?

The study was led by SIDN, the registry of the extension of the Netherlands, as well as the University of Technology of Delft also located in the Netherlands. It was realized over a period going from 2014 to 2016, thanks to an access to the zone files granted by ICANN to these two entities.

More than 40 million names were analyzed, among which 24 million names registered in the new extensions and 16 million in the historic generic extensions: .com, .net, .org, .biz and .info. For the new extensions, it targeted the extensions which proposed a Sunrise phase for brand owners. Thus, this study ultimately concerned few .BRAND registries, since they are not required to make Sunrise phases.

Both entities made their own measures to detect abuse and the data were cross-checked with eleven heterogeneous lists referencing domains and URLS identified as hostile, which were supplied by five specialized organizations.

What are the study’s conclusions?

Regarding phishing and malware distribution, the study shows a convergence of the proportions observed within the new extensions and those in the historic generic extensions. However, in the historic generic extensions, the rates tend to remain stable while those of the new extensions increase.

On the other hand, a strong disparity appears on the spamming. At the end of 2016, the proportions of affected domains are almost ten times higher on the new generic extensions: 526 on 10000 names against 56 on 10000 names. Trends show a shift of the cybercriminals towards the new extensions.

The analysis also shows that near half of the deposits identified in activities of spamming on the three most concerned new extensions, come from known cybercriminals and from blacklisted users by Spamhaus. Spamhaus is a non-governmental international organization, its purpose is to trace spammers.

However, these phenomena do not concern all the new extensions because 36% did not encounter any abuses during the last quarter of 2016.

The study also shows that the operators which compete by lowering their prices in order to sell volume, are the ones which are the most used by the cybercriminals. Besides competitive registration prices, not restrictive registration requirements, a variety of other registration options such as the wide range of the available methods of payment, inclusive services such as DNS hosting or services of WHOIS masks, are so many other factors looked for by the cybercriminals.

What is the impact of the DNSSEC on abuses?

While the DNSSEC protocol is rapidly expanding, the entities appointed by ICANN to conduct this study also analyzed how the structural properties and the security measures implemented by the operators of new extensions influence domain abuses. As expected, the DNSSEC plays a statistically significant role and thus incites to deploy more widely the protocol on more extensions. The extensions supporting DNSSEC are indeed less of a target of such practices.

What’s happening next?

The study is now open to public comments until September the 19th. The entities which led it, also intend to analyze more in detail the possible correlations between the registration policies and abuses.

The CCTRT is then going to make recommendations to ICANN to stem the increase of DNS abuse that ICANN can then transform into new obligations for the registry operators. This time, however, all the registry operators may be concerned, thus also the .BRAND registries. NAMESHIELD is going to follow this subject closely.